Recent Posts
- Did GMO flunk evaluation on 27 gTLDs? CentralNic takes over the whole lot
- Fly9 offers services to simplify new gTLD sales
- Two failures among latest 44 new gTLD results
- Donuts puts 63 new gTLDs to private auction, but at least 17 are dead on arrival
- ‘Whistleblower’ claims cronyism and fear at ICANN
- Donuts hires the face of the new gTLD program
- Ombudsman probing “late” new gTLD objections
- Healthcare dot-brand drops out of gTLD race
- Afilias dumps .mail bid, and three other new gTLD withdrawals
- Global standards group highlights silliness of GAC’s IGO demands
- Massive internet policy database planned in Europe
- URS providers to get contracts
- Kiss-of-death gTLD applicant asks ICANN to reject “untimely” GAC advice
- TLDH weighs in on “terrifying” GAC advice
- Second .online gTLD bid and third ‘guardian’ dot-brand withdrawn
- New gTLDs applicants should brace for GAC delays
- 56 more new gTLDs pass evaluation
- Will you be too sexy for .sexy?
- This is how stupid the GAC’s new gTLDs advice is
- Demand Media slates GAC’s new gTLDs demands
ARI expands its DNS business
ARI Registry Services officially announced its aggressive targeting of the DNS services market at an event in Toronto last week.
The company says it is the named DNS provider in over 450 new gTLD applications, giving it a substantial foot in the door should they be approved by ICANN.
That’s almost three times as many applications as ARI is involved with as registry provider.
“To our competitors, we are coming for you,” a tired and emotional ARI CEO Adrian Kinderis said during the launch event at a club in Toronto last Tuesday, which DI attended.
“Bring it on,” equally tired and emotional executives from larger competitors were heard to mutter in the audience.
ARI seems to be targeting just TLD operators to begin with, while competitors such as Verisign, Neustar and Afilias also offer managed DNS to enterprises.
ARI already runs the DNS for Australia’s .au.
ZoneEdit offline for five days
The Dotster-owned DNS service provider ZoneEdit this morning returned from an unexplained five-day outage that has left many users extremely miffed.
The interruption affected only ZoneEdit’s management interface, not its DNS resolution, so it only affected customers who needed to make changes to their zones.
Users first started reporting they couldn’t access their accounts on Friday.
I’ve reported the story for The Register here.
Go Daddy bans DNS harvesting
Go Daddy is blocking companies from harvesting its DNS records, the company has confirmed.
CTO Dave Koopman denied that Go Daddy has a “DNS Blackouts” policy, but confirmed that it has banned certain IP addresses from doing DNS queries for its customers’ domains. He wrote:
The rumor about “DNS Blackouts” was started by someone using Go Daddy servers to cache all Go Daddy DNS records on his personal servers for financial gain.
Back to our previous example of 100 queries a day. Instead of one person accessing 100 domain names, this individual was attempting to download tens of millions of Go Daddy DNS records – twice daily. While his behavior did not cause any system issues, we felt it best to revoke access to the offending IPs.
If Go Daddy finds unwanted activity in our network, Go Daddy takes actions to stop it.
That appears to be a reference to a blog post from DNSstuff.com founder R Scott Perry, who complained in early September about what he called a “Selective DNS Blackouts” policy.
Perry suggested that Go Daddy was trying to drum up interest in its Premium DNS service by providing poor DNS service to regular customers.
Blocking DNS queries from selected IP addresses draws to mind Go Daddy’s policy of banning DomainTools and other companies from harvesting Whois records in bulk.
In January, the company confirmed, that it was blocking commercial Whois aggregators including DomainTools. The ban appears to still be in affect for non-paying DomainTools users.
Like DomainTools, DNSstuff.com offers DNS monitoring and alerts for premium fees.
Bit-squatting – the latest risk to domain name owners
Forget phishing, forget cybersquatting, forget typosquatting, high-value domain name owners may have a whole new threat to worry about – “bit-squatting”.
This appears to be the conclusion of fascinating new research to be presented by Artem Dinaburg at the Black Hat and DEF CON hacker conferences in Las Vegas next week.
Defective internet hardware, it turns out, may be enabling a whole new category of typosquatting that could prove worrying for companies already prone to domain name abuse.
According to a summary of Dinaburg’s research, RAM chips can sometimes malfunction due to heat or radiation, resulting in “flipped bits”, where a 1 turns into a 0 or vice-versa.
Because the DNS uses ASCII encoding, a query containing a single flipped bit could actually send the user to a completely different domain name to the one they intended to visit.
To test the theory, Dinaburg appears to have registered the typo domain name mic2osoft.com. While it’s not visually confusing or a likely typo, in binary it is only one bit different to microsoft.com.
The ASCII binary code for the digit 2 is 00110010, which is only one bit different to the lower-case letter r, 01110010.
The binary for the string “microsoft” is:
011011010110100101100011011100100110111101110011011011110110011001110100
and the binary encoding for “mic2osoft” is (with the single changed bit highlighted):
011011010110100101100011001100100110111101110011011011110110011001110100
Therefore, if that one bit were to be accidentally flipped by a dodgy chip, the user could find themselves sending data to the bit-squatter’s domain rather than Microsoft’s official home.
I would assume that this is statistically only a concern for very high-traffic domains, and only if the bit-flipping malfunction is quite widespread.
But Dinaburg, who works for the defense contractor Raytheon, seems to think that it’s serious enough to pay attention to. He wrote:
To verify the seriousness of the issue, I bit-squatted several popular domains, and logged all HTTP and DNS traffic. The results were shocking and surprising, ranging from misdirected DNS queries to requests for Windows updates.
…
I hope to convince the audience that bit-squatting and other attacks enabled by bit-flip errors are practical, serious, and should be addressed by software and hardware vendors.
His conference presentations will also discuss possible hardware and software solutions.
For large companies particularly at risk of typosquatting, the research may also present a good reason to conduct a review of their trademark enforcement strategies.
I’m not going to be in Vegas this year, but I’m looking forward to reading more about Dinaburg’s findings.
The annual Black Hat and DEF CON conferences are frequently the venues where some of the most beautifully creative DNS hacks are first revealed, usually by Dan Kaminsky.
Kaminsky is not discussing DNS this year, judging by the agendas.
The conferences were founded by Jeff Moss, aka The Dark Tangent, who joined ICANN as its chief security officer earlier this year.
How Protect IP will get you hacked
The collection of DNS experts opposing the Protect IP Act today held a press conference to outline exactly why the proposed US piracy protection legislation is dangerous.
Protect IP, currently making its may through Congress, would force ISPs to intercept and redirect domain name look-ups for proscribed piracy sites.
It’s the latest in a series of attempts by the IP lobby to push through legislation aimed at curbing the widespread bootlegging of digital content such as music and movies.
But ICANN chair Steve Crocker, DNS uber-hacker Dan Kaminsky, David Dagon of Georgia Tech, VeriSign’s Danny McPherson and BIND supremo Paul Vixie all think the Act will have unintended and dangerous consequences.
They published a white paper explaining their concerns in May, which I wrote about here, and today ramped up the campaign by talking to reporters in Washington, DC.
Here’s the problem as they see it:
Today, the vast majority of internet users take the default DNS service from their ISP. Usually, the servers are configured automatically when you’re installing the ISP’s software.
Many users are also aware of alternative DNS providers such as Google and OpenDNS. Whatever you think of these services, you can be pretty confident they’re not out to steal your identity.
What Crocker et al are worried about is that content pirates will set up services similar to OpenDNS in order to enable users to visit domains that are blocked by Protect IP in their country.
Users can configure such a service in just 30 seconds, with a single click, the experts said. If they want access to the latest movies and music, they may do so without considering the consequences.
But if you sign up to use a DNS server provided by a bunch of movie pirates, you don’t necessarily have the same reassurances you have with OpenDNS or Google.
You’re basically signing up to pass all your domain name look-up data to proven rogues, what Kaminsky referred to during the press conference as “unambiguously bad guys”.
These bad guys may well direct you to the correct server for the Pirate Bay, but they may also hand you over to a spoof web site when you try to visit your bank.
You’ll think you’re looking at your bank’s site, and your computer will think it got a genuine IP address in response to its DNS query, but you’re really handing your login credentials to a crook.
DNS blocking already takes place with respect to content such as child pornography, of course, but it has not to date created a huge reaction with millions of users taking their DNS overseas.
“The scale of the reaction is what we fear,” Kaminsky said. Vixie added: “To the extent that the content is extremely popular the bypass mechanisms will also be popular.”
The measures proposed by Protect IP would also break DNSSEC, but that’s still pretty much pie-in-the-sky stuff, so the press conference did not spend much time focusing on that.
Recent Comments
To my knowledge, Fly9 is the only provider that enables multiple registrars, resellers and affiliates for a given TLD on... read more
GMO Registry probably got their CQS for .Tokyo (priority number 199) circa January 31, which would make their deadline e... read more
@Hiro Tsukahara: Please email me your direct email contact to marekgubala[at]email.cz, as I would like to send you so... read more
Hi Kevin, Let me clarify this -- GMO Registry hasn’t flunked any of its applications. Our IE results have simply been... read more
Tucows, Hexonet and TLD Registrar Solutions goes pretty much in the same direction as well.... read more
Anonymous, above, is correct that I cannot look at staff issues as these are excluded under my bylaw. It says, "the Ombu... read more
According to ICANN's Bylaws: "... the Ombudsman shall have no authority to act in any way with respect to internal admin... read more
I agree something the ombudsman should look into. However I will say sometimes leaders come into new companies and ne... read more
Then they should have withdrawn from the process as soon the risk of failing the evaluation was clear, like when they re... read more
If I were McKinsey I wouldn't want to disclose those financials, either. It's one of the places where the process wasn't... read more