Latest news of the domain name industry

Recent Posts

Google adds censorship workaround to Android devices

Kevin Murphy, October 5, 2018, Domain Tech

Google is using experimental DNS to help people in censorious regimes access blocked web sites.

Alphabet sister company Jigsaw this week released an Android app called Intra, which enables users to tunnel their DNS queries over HTTPS to compatible servers, avoiding common types of on-the-wire manipulation.

The company reportedly says it has been testing the app with Venezuelan dissidents recently.

The feature will also be built in to the next version of Android — known as Android 9 or Android Pie — where it will be called Private DNS.

The app is designed for people who for one reason or another are unable to update their device’s OS.

Intra and Private DNS use “DNS over HTTPS”, an emerging protocol Google and others have been working on for a while.

As it’s non-standard, end users will have to configure their devices or Intra apps to use a DoH-compatible DNS server. The public DNS services operated by Google (8.8.8.8) and Cloudflare (1.1.1.1) are both currently compatible.

The release comes even as Google faces controversy for allegedly kowtowing to the Chinese government’s demands for censored search and news results.

You may notice that the new app is being marketed via a .org web site, rather than Google’s own .app gTLD, but intra.app takes visitors directly to the Intra page on the Google Play store.

KSK vote was NOT unanimous

Kevin Murphy, September 18, 2018, Domain Policy

ICANN’s board of directors on Sunday voted to approve the forthcoming security key change at the DNS root, but there was some dissent.

Director Avri Doria, a Nominating Committee appointee, said today that she provided the lone vote against the DNSSEC KSK rollover, which is expected to cause temporary internet access problems for potentially a couple million people next month.

I understand there was also a single abstention to Sunday’s vote.

Doria has released a dissenting statement, in which she said the absence of an external, peer-reviewed study of the risks could prove a problem.

The greatest risk is that out of the millions that will fail after the roll over, some that are serious and may even be critical, may occur; if this happens the lack of peer reviewed studies may be a liability for ICANN, perhaps not legal, but in terms of our reputation as protectors of the stability & security of internet system of names.

She added that she was concerned about the extent that the public has been notified of the rollover plan, and questioned whether the current risk mitigation plan is sufficient.

Doria said she found comments filed by Verisign (pdf) particularly informative to her eventual vote, as well as comments from the At-Large Advisory Committee (pdf), Business Constituency (pdf) and Registries Stakeholder Group (pdf).

These groups had called for more study and data, better outreach, more clearly defined success/failure benchmarks, and more delay.

Doria noted in her dissenting statement that the ICANN board did not have a chance to quiz any of the minority of the members of the Security and Stability Advisory Committee who had called for further delay.

The board’s resolution, apparently arrived at after two hours of formal in-person discussions in Brussels at the weekend, is expected to be published shortly.

The rollover, which has already been delayed a year, is now scheduled to go ahead October 11.

Any impact is expected to be felt within a couple of days, as the change ripples out across the DNS.

ICANN says that any network operator impacted by the change has a simple fix: turn off DNSSEC. Then, if they want, they can update their keys and turn it back on again.

ICANN to host DNS event in Madrid

Kevin Murphy, February 6, 2017, Domain Tech

ICANN is to hold a “DNS Symposium” in Madrid this May.

The event will “explore ICANN’s current initiatives and projects relating to DNS research, operations, threats and countermeasures and technology evolution”, according to ICANN.

It’s a one-day event, focused specifically on DNS, rather than the domain name registration business.

The Symposium immediately follows the GDD Summit, the annual ICANN industry-focused intersessional event designed for registrars, registries and the like.

The Summit runs from May 9 to 11 and the Symposium is on May 13.

Both events will be held at the Hotel NH Collection Madrid Eurobuilding in Madrid and will be webcast.

ICANN is currently looking for corporate sponsors for the Symposium.

TLD to be removed from the DNS next week

The DNS has been growing by, on average 1.1 top-level domains per day for the last 18 months or so, but that trajectory is set to change briefly next week when a TLD is removed.

The ccTLD .an, which represented the former Netherlands Antilles territories, is expected to be retired on July 31, according to published correspondence between ICANN and the Dutch government.

Three territories making up the former Dutch colony — Sint Maarten, CuraƧao, and Bonaire, Sint Eustatius and Saba — gained autonomy in 2010, qualifying them for their own ccTLDs.

They were granted .sx, .cw and .bq respectively. While the first two are live, .bq has not yet been delegated, though the Dutch government says it is close to a deal with a registry.

The Dutch had asked ICANN/IANA for a second extension to the removal deadline, to October 31, but this request was either turned down or retracted after talks at the ICANN Buenos Aires meeting.

Only about 20 registrants are still using .an, according to ICANN.

The large majority of .an names still showing up in Google redirect to other sites in .nl, .com, .sx or .cw.

.an is the second ccTLD to face removal this year after .tp, which represented Portuguese Timor, the nation now known as East Timor or Timor Leste (.tl).

Turkey blocks Google DNS in Twitter crackdown

Kevin Murphy, March 23, 2014, Domain Policy

The Turkish government has reportedly blocked access to Google’s public DNS service from with its borders, as part of its recently instituted censorship of Twitter.

According to local reports, the IP addresses 8.8.8.8 and 8.8.4.4 — Google’s public DNS servers — were banned after they became widely used to circumnavigate blocks on Twitter’s domain names.

Turkish prime minister Recep Tayyip Erdogan last week vowed to “wipe out” Twitter, after the company refused to take down tweets criticizing his government over corruption allegations ahead of an election next week.

Twitter is encouraging Turkish users to use SMS to send tweets instead. Many Turks are also turning to VPNs to evade this bizarre piece of Draconian censorship.