dns

  • another domainextension to block and forget about .su

    Since the desintegration of the Soviet Union in 1992 this domainextension has been through all the steps of the process of termination and transfer, but nobody has deared to pull the plug effectively as they did with the .yu for Yougoslavia and several others.

    There is some talk about community and other historical stuff but a local domainextension is linked to a country or region with a political authority the community can call upon if things get out of hand with their domainextension.

    The .su domainextension is for the moment being sold by Americans

    and if you Google some terms like cialis, porn, hacking, for the site:.su  than you will find enough reasons to just forget about it

    You will find such sites on any domainextension, but this one is without any doubt one of the domainextensions for which No government is responsable.

    Or they should apply in the new generic tld system and pay like all the others.

  • .name domainextension hijacked by criminals

    The .name domainextension was agreed to by ICANN because it would give individuals the possibility to have their own domainname, something personal and some hype was given around it (personal networks, social media and all that crap).

    It seems that now the domainextension has been overly used by criminals to sell illicit drugs (pharmacies)

    http://www.google.be/search 

    and look at this one (directnic)

    http://www.robtex.com/dns/buy-cialis.name.html#graph

    but there is worse - which is the reason that the whole .name domainextension is becoming something to worry about  or just to blacklist as such untill it dies naturally.

    * there is no real WHOIS

    * the sites are being also used as nameservers for others sites with other domainextension and are as such shielding such illegal sites from public view

    an example is this site

    www.bestbrand.name/bestbuyq.html

    and when you click it, you arrive here  http://www.bmpharmacy.com

    And if you really want some other stuff after you have taken all that fake viagra and didn't get sick afterwards, you type this in for .name

    http://www.google.be/search

    so blocking .name seems like a good idea, who needs it anyway, would you have a .name domain in that kind of neighborhood ?

  • Tucows steals expired domainnames before anyone else

    While there is no evidence that Tucows engages in front running, they do own Yummy Names, a portfolio of "tens of thousands of names." Many of these domains were originally registered by Tucows customers, but were not renewed.

    Go Daddy is the world's largest domain name registrar, yet maintains one of the lowest ratios of refunded domain names of any large registrar. Unlike some of its competitors, Go Daddy does not participate in domain name investing nor does it "own" domain names, apart from those legitimately needed for online commerce.
    http://community.godaddy.com/

    this means you shouldn't keep your domainnames with such a service because if you have an administrative failure for renewal, than you not only lost it, but you can't get it back at a normal price.

  • Somalia will have a domainextension

    How does this failed country get a domainextension and who will control it - or change conrol ?

    The official government who is only holding out in a few blocks in the capital or the Al Quaida linked gangs and pirates holding on to the rest of the country - with maybe some local warlord keeping control of some routes or villages for some time ?

    How can a totally failed state be an official domainextension on the internet ? You never know who you are dealing with and for how long and under what circumstances.

  • ICANN Brussels : .be domainextension has real phishing problem

    The presentation of the numbers that the international working group against Phishing has presented and which is only a presentation of a study we have already published here was a real eyeopener for the brandmanager and dns people walking around here.

    A very small .be domainextension has in proportion a real phishing problem and so a real image problem that is growing every month they don't change the way they are doing business right now.

    Even if one says that it isn't the only domainextension some other domainextensions have already changed some fundamental things in their attribution process and are cleaning up shop.

    THe problem is that dns.be is still too focused on the quantitative (number of .be domains) and doesn't focus enough on the quality and security of its reputation. THis can be a real danger in the future for its businessmodels and is even irresponsable to the thousands of businesses and individuals who have invested their online reputation and businesses on a .be domainname.

    The article in Datanews dutch

    Our analysis from the study as published before

     

     

  • Brussels ICANN : .fr domainorganisation includes ISOC France

    ISOC France the organization that is responsable to organise the input from the stakeholders about the security, privacy and openness of the internet in France has become a full member of the organisation that manages the .Fr national domainextension.

    It seems for them the best way to be sure that the input and experience from these specialists and activists is included in the full management and decisionprocess.

    ISOC Belgium is for the moment still not part of .be Belgium management even if it tries to get their attention about the importance of security and quaility in the management of a national domainextension.

  • DNS.BE will implement dnssec in 2010

    To stop the rumors about the "sinking ship" dns.be, the captain has spoken and has given his vision to datanews, always ready to give a free advertorial to every wise CIO or something with such a name

    So aside from the peptalk and the visionthing and the personal career stuff that I couldn't care less about, the only really interesting thing is that he says that in 2010 .be domain will use dnssec.

    Google it and you will see that this is an enormous evolution and the government should afterwards make it an obligation for the other big ISP's for Belgium because our dns operations are somewhat ..... interesting  :)

    But we are looking forward for dnssec in 2010. If it really comes, than all is forgiven (and I hope this post also...:) )  This is this year, right. Still 10 months left with two months of holidays and december you can also forget. In reality there are only 6 months left to implement this.

    Len

  • which cities are actively preparing their own domainextension

    A number of them can  be found here where they propose a step by step implementation of this new framework.

    The biggest fear is that so much is to do and to be decided and if one waits untill all has been decided nothing will come of it.

    That aside one should have at the least all the security and piracy and responsability issues totally worked out and cleared. We already had malicious ISP's, hosters and domains. We don't need malicious TLD's also.

    Flanders is for the moment still studying the issue. But as the Belgian .be domain has been securing its operations and is responding quite fast to some infractions it will have to be at the least as secure as the .Be domainspace. This will ask an investment that will have to be accounted for.

  • why do cybercriminals like the .eu and .be domain - here is why

    According to the WHOIS policy for .EU domains, I am not allowed to share with you in my blog the patently false registration information for the domain 1il1il1.eu.

    You would have to WHOIS the information yourself from: www.eurid.eu, which is probably part of why criminals like .eu domains so much.

    .be domains, like .eu domains, require you to visit the Registrar's website to reveal WHOIS details. According to www.dns.be, its not allowed for me to post information from their WHOIS database about hftiili.be here, so you would have to look that information up yourself:

    Lookup WHOIS for hftiili.be.

    http://garwarner.blogspot.com/2009/06/swine-flu-pandemic-h1n1-influenza-leads.html

    Time to change that I think.

    Why not do like most of the other domainextension - except for those that promote the privacy and protection of that information even to the police

  • what is .eu waiting for ? It is still in fast flux botnets

    The .be domain has taken the necessary steps to block the domains that were being used in the fast flux botnets and is closely monitoring the situation.

    The .eu domain is today being found with 17 domainnames in the same fastflux botnet.

    The problem is that they didn't foresee this, they thought they were like .com but they should be like .us and fall under an european federal law - that doesn't exist.

    "Any conventional court of law within the European Union can also be used to challenge a .eu domain name registration, but an ADR procedure is intended to be easier, faster, less expensive and more convenient. The .eu ADR procedure is conducted online and is handled by the independent Czech Arbitration Court, which is based in Prague, in the Czech Republic "

    They are based in Brussels so they can try to act as if by their location they are applying Belgian law. Except that it will be difficult for the Belgian police to file an order without a complaint. But to complain you have to be a victim and that victim will have to be found and with a fast flux botnet your victims are moving as fast as the evidence.

    Another way out for them is to change their general use conditions and put in it that when the domainname is used for illegal practices it can be put immediately into quarantaine and mention phishing and botnet activity as examples.

    Otherwise the .eu domain will become as relevant as the .us domain.....

    And people will return to their national domains that will meanwhile have started cleaning their domains from typosquatters and domainsquatters and so on.....

    The Wild Wild West on the WWW will this way just become a little bit smaller one step at a time.

    Personally I don't care about the .eu domain. THere are enough people over there who are paid to do this. They are informed, they can call their Belgian friends and ask for information and help and than do the right thing or just watch their problem getting bigger each time.

  • ALERT : important belgian DNS servers need to be secured NOW

    It has been around since a week but now it is getting serious.

    People are using machines to send DNS queries to their DNS serves. The queries (questions like where is fantasy.com) are written so that they go to the root servers f the internet and in fact are used as an attack-proxy.

    We have done some tests and some VERY IMPORTANT BELGIAN DNS servers are still vulnerable and could be used in such a way.

    Test if for yourself here

    http://isc1.sans.org/dnstest.html  (by the way the captcha is also interesting...)

    This page will test a DNS server to make sure that it does not respond to the standard NS requests for the root zone. It will run "dig . NS @yournameserver".

    So secure yourself before that you become an attack tool and get a bad name.

  • 2008 Rogue domainregistrars, ISP's and boycots

    2008 showed us that once in a while the security community could have big wins, for a while, by blocking or ending any connection with rogue ISP's or registrars. It seems to be an important step forwards as it can be used to pressure others to clean up their act before the same would happen to them.

    08/11/08 16:25 domainregistrars that have dubious addresses 
    30/10/08 11:46 Estdomain is still a .eu domain registrar 
    30/10/08 10:42 privacyprotect in Whois is cleaning up its act
    30/10/08 10:35 Estdomains will lose it rights to sell .eu domains now ICANN has thrown them out ?
    12/08/08 14:02 let the chaos of domain extensions begin 
    14/07/08 13:03 Council of Europe will meet in October to meet next international conference on Internet Governance 
    14/07/08 15:08 Does anyone know these spook registrars ? Not registered with ICANN 
    14/07/08 15:30 better than privacyprotect for spooky domain owners 
    18/06/08 16:53 privacyprotect.org protects the identity of malware 
  • 2008 dns attacks and patches

    DNS is just a bunch of code like any other code and so it has to be upgraded and patched from time to time, especially if one finds a bug that let any crook change the IP of any domainname in 9 second without being noticed.

    It is just remarkable that in Belgium the DNS servers of the ISP's were only patched after being pushed to do it by a Belgian webforum that listed the Belgian non-patched DNS servers.

    27/11/08 13:02 after DNS flux to protect botnets, here comes domainflux 
    27/11/08 12:55 rogue dns servers for typos are in the Ukraine
    09/10/08 14:13 Tool to poison non-patched DNS servers for any other messy upgrade process 
    11/08/08 13:52 DNS reminder if you don't patch your BIND DNS server, you are very vulnerable 
    10/08/08 20:27 DNS OUT OF CONTROL AGAIN
    10/08/08 20:16 Even patched DNS servers can now be poisoned in one night by one machine
    10/08/08 10:45 BelsecTV Dan Kaminsky on the DNS bug
    08/08/08 17:44 Dns servers from many Belgian Cities are hackable
    07/08/08 14:54 You have to patch your DNS servers now if you didn't do it and secure them
    06/06/08 15:33 is Networksolutions vulnerable for domain impersonation attacks ?
    02/08/08 02:40 Belgacom DNS servers are hackable ?
    06/06/08 15:16 Comcast and hackers fighting for hours to get control over their domains
    28/05/08 13:08 Search the database of fastflux DNS networks 
  • THese domainextensions use wildcards and make battling fastflux botnets harder

    THis means that any domainnam, even if it doesn't exist will get an answer and so will be for some securitycontrols in the network, a normal connection.

    According to wikipedia  "A wildcard DNS record is a record in a DNS zone that will match requests for non-existent domain names. A wildcard DNS record is specified by using a "*" as the left most label (part) of a domain name, e.g. *.example.com. The exact rules about when a wild card will match is specified in RFC 1034, but the rules are neither intuitive nor clearly specified. This has resulted in incompatible implementations and unexpected results when they are used."

    They are used by the following

    • .CG (CONGO), at the IP address(es) '64.18.138.88'
    • .CM (CAMEROON), at the IP address(es) '72.51.27.58'
    • .KR (KOREA, REPUBLIC OF), at the IP address(es) '222.231.8.226'
    • .MP (NORTHERN MARIANA ISLANDS), at the IP address(es) '75.101.130.205'
    • .NU (NIUE), at the IP address(es) '212.181.91.6', '62.4.64.119', '69.25.75.72'
    • .PH (PHILIPPINES), at the IP address(es) '203.119.4.28'
    • .RW (RWANDA), at the IP address(es) '64.18.138.88'
    • .ST (SAO TOME AND PRINCIPE), at the IP address(es) '195.178.186.40'
    • .TK (TOKELAU), at the IP address(es) '193.33.61.2', '195.20.32.103', '209.172.59.196', '217.119.57.22'
    • .VG (VIRGIN ISLANDS, BRITISH), at the IP address(es) '208.87.149.250'
    • .WS (SAMOA), at the IP address(es) '64.70.19.33'

    source

    The only one that we are seeing now is .ws and .tk, but other domainextensions providers in this list should be aware that they maybe next, although I presume it would be too easy for networks to blacklist the domainextension and whitelist the exceptional domains needed. As the wildcards are being used for commercial purposes, they should study if this wildcard is worth that risk. How can you sell domainnames if you are blacklisted all over the world in networks and hosters and ISP's ?

  • something useful to know for your external DNS server

    From the Internet Storm Center

    If you have queries for "." in your DNS log, best verify by use of a sniffer whether your DNS server actually responds and contributes to the DOS.  Normally, an internet-facing authoritative DNS server should not respond to recursive 3rd party queries, but we have received reports that some servers apparently respond to these "." queries even when recursion is disabled

  • Manifest for a better Flemish domainextension

    We don't care which is the domainextension and we don't care who handles it. These are not essential discussions. THe only discussion that is important is HOW it will be handled and if the new flemish domeinextension wants to make a difference it will have to manage it otherwise than our national .be domainextension is handled. 

    1. A public domainextension is a public good

    THis is to say that is reflects the society and the interests of the region/country as a whole and that as such there has to be public oversight, control and guidance. A small private club as dns.be that is controlled by no public institution and does whatever it wants to do without any real public oversight should not be the way a public domainextension should be managed. 

    Therefore it should report to parliament, it should be guided by law and it should be controlled and audited by external auditors. It should have an open democratic and transparant decision process and several organisations and events that include the different stakeholders. 

    2. A public domainextension should be used for the public good

    A domainextension is only worth something if it is trustworthy. Domainextensions that aren't trustworthy will be blacklisted and blocked all over the world and will be worthless. For this reason a new domainextension should include the following rules

    A. Important financial and economic trademarks and their variants can only be used in a domainname if the owner agrees to it. 

    B. Domainnames which include specific names of organisations, schools and enterprises should have a logical link to its owner. Buying forgotten domainnames of organisations and schools to place advertising, spam and porno should be out of the question. 

    C. Generic domainnames should also have a generic purpose. This means that the names of cities, some generic words and professions should be available to those institutions and organisations that are responsable for them. 

    D. Fraud and abuse should be blocked immediately. Domains that are only bought to speculate or abuse should be taken out. Setting up a process which includes expensive mediation and trials makes only sense if the object of the dispute can be blocked if it is clear that this is necessary for the 'public good' and the 'good name' of the domainextension.

    3. There is nothing more important than DNS

    DNS is everything and without DNS there is nothing left of the internet as we know it. So as attacks against DNS infrastructure and the DNS protocol are increasing and becoming more complex, it is necessary that the organisation that is responsable for the management of the new domainname extension is also responsable for the security and quality of it. 

    This does not only mean that they have to support and manage their own DNS infrastructure but that part of their mission would be to educate and train ITpeople in DNS management and analyse and monitor the situation of the DNS servers in the region. 

     

    Because in the end. Nobody will care anymore how many domainnames you have in a world where every month new domainextensions will be launched. The difference will be in the security and the quality of your domainextension. It is like the discussion in the financial world between the risktakers that wanted each time to go higher and the traditional bankers that just wanted a good solvable bank on which you can trust. Better a strong fort in the sand than an enormous castle in the clouds.