The Domain Name System was originally used as the Internet’s naming service—that much isn’t contentious.  Over the years, though, clever people have found all sorts of new applications for DNS.  DNS’s ubiquity, distributed management and (relatively) easy extensibility made it an obvious target for new uses, including blacklists of various types, storage of email authentication and authorization data, and more.  Much more.

One of these novel applications of DNS is its use to enhance client security.  David Ulevitch and his gang at OpenDNS are pioneers in this area:  Their service can restrict access to content by domain name, so that if one of your employees or students tries to visit http://www.hotmamas.com/, they’re directed to a page that says, in effect, tsk, tsk, no you don’t.  (Note to Infoblox IT:  I loaded that URL solely to make sure I wasn’t leading users somewhere unsavory—please don’t have me fired.)  Or if malware on your computer tries to surreptitiously resolve the domain name of its command-and-control channel to an IP address to ask SMERSH headquarters for orders, OpenDNS can prevent it and alert you or the administrator of your network that your computer has been infected.  Very handy.

Read more...

Matt and I are fortunate to have an august group of listeners to our Ask Mr. DNS Podcast.  More often than not, when we don’t know the answer to a tough DNS question—and if you listen, you know that happens alarmingly frequently—a listener will send us an email lifeline.  Or sometimes a listener will provide insider knowledge about an issue we’ve commented on.  Matt and I feel both flattered by and enormously grateful for the attention of so many smart, accomplished people.

I bring this up because we recently received a message from kc claffy, who falls squarely into that “smart, accomplished” demographic.  kc works at SDSC, the San Diego Supercomputing Center, which means a) she’s wicked smart and 2) she has the good sense to live in the lovely San Diego area. She’s done a lot of work with CAIDA, the Cooperative Association for Internet Data Analysis—and whose acronym I imagine she pronounces very carefully when explaining what she does to a TSA agent—including a fascinating study of the crazy mix of useless query traffic received by a root name server.

kc asked Matt and me for our opinion on an issue related to the expansion of the top-level namespace.  As I’ve written, ICANN has begun adding more top-level domains.  We recently saw the addition of TLDs that use IDNA to encode non-ASCII characters, and ICANN’s also planning to allow folks to register lots of the plain-Jane, ASCII variety of TLDs, too.

Read more...