News: BlueLock Introduces New Suite of Cloud Computing Services
News: ShareFile Opens its First EU Data Center in Ireland
News: AtlantaNAP Completes SAS 70 Type II Audit
News: Answers.com Signs Colo Deal with C7 Data Centers
News: NTT Com Boosts Japan-US Backbone Speed to 300Gbps
(WEB HOST INDUSTRY REVIEW) -- A report from the Internet Corporation for Assigned Names and Numbers (www.icann.org) outlines the harms and concerns posed by NXDOMAIN substitution, commonly implemented by the use of DNS wildcard, at the registry level.
ICANN strongly discourages the use of DNS redirection, wildcards, synthesized responses and any other form of NXDOMAIN substitution in new and existing generic and country-specific top-level domains, as well as any other level in the DNS tree for registry-class domain names. In its report published Tuesday, ICANN staff reported the harms and concerns posed by the use of redirection and synthesizing of DNS responses, and ultimately the need to ensure the integrity of error responses and name resolution.
In accordance with its core value number one "Preserving and enhancing the operational stability, reliability, security, and global interoperability of the Internet," the report released Tuesday found that DNS redirection, wildcards, synthesized responses and any other form of NXDOMAIN substitution should not, under normal circumstance, be used in the DNS tree for registry-class domain names.
If a gTLD, ccTLD or registry-class domain manager intends to offer a service that depends on NXDOMAIN substitution, ICANN recommends it consult technical experts (such as the Internet Architecture Board, or the Security and Stability Advisory Committee) on the possible effects of such implementation, and submit the proposal for global public scrutiny before implementation.
Over the past year, ICANN has been taking measures to inform stakeholders about the use of redirection and synthesizing of DNS responses collectively known as NXDOMAIN substitution.
In June, the SSAC published an advisory, stating that the redirection and synthesizing of DNS responses (such as DNS wildcard) by TLDs poses a clear and significant danger to the security and stability of the Domain Name System. Also, at its public meeting in Sydney in June 2009, the ICANN Board of Directors resolved that new top-level domains should not use DNS redirection and synthesizing of DNS responses.
A longtime opponent of the redirection and synthesizing of DNS responses, the SSAC summarized its findings as follows in a 2004 report:
"Synthesized responses should not be introduced into top-level domains (TLDs) or zones that serve the public, whose contents are primarily delegations and glue, and where delegations cross organizational boundaries over which the operator may have little control or influence. Although the wildcard mechanism for providing a default answer in response to DNS queries for uninstantiated names is documented in the defining RFCs (Requests for Comment), it was generally intended to be used only in narrow contexts (for example, MX records for e-mail applications), generally within a single enterprise..."
Today's report will lend more weight to SSAC's claims, which will, in turn, make the Internet more secure.
 |
PREVIOUS: UK Web Host Namesco Buys Poundhost | | | NEXT: Node4 Announces Plans to Build Fourth Data Center in UK |  |
Read Back Issues of WHIR Magazine
October 2009 - Web Hosting's All Star Team
This has been, for us, one of the most interesting, exciting and challenging build-ups to an issue of the magazine yet, Web Hosting's All Star Team. The balloting process was our first experiment with a kind of user participation we're planning to do a lot more with in the months to come. We had thousands of ballots submitted, with hundreds of write-in suggestions and a demonstration of user engagement that has us feeling super positive about the project.
About This Issue | Read Digital Edition
July 2009 - What am I Worth?
One of the interesting luxuries of working on a project like the printed WHIR magazine is that it allows us to play with things like our point of view from one issue to the next. In recent months we've been giving added attention to the kind of practical and applicable advice aimed at smaller hosts and resellers. This issue carries on with that point of view, asking, in our cover story, "what am I worth?" It's a complicated question without a clear-cut answer.
About This Issue | Read Digital Edition
May 2009 - The Blueprint for a Small Web Host
I was a little surprised by how difficult it became to see this idea through. We set out to assemble a blueprint for a small hosting business, but butted up pretty quickly against the general impossibility of covering all the territory that was out there to be covered. The basic constraints of a printed magazine, and the less-than-infinite amount of time we had available forced us to face the fact that we could never produce an exhaustive guide to starting a hosting company.
About This Issue | Read Digital Edition
Comment anonymously or log into your WHIR account
Logging in allows enhanced commenting features (such as external linking) in news, features, blogs and more.
Comment by Anonymous on Thursday, November 26, 2009
This claim by ICANN is nonsense. I personally don't like NXDOMAIN substitution so I run my own DNS on my laptop. But it's a great service for ISP users.
Joe Baptistahttp://baptista.cynikal.net/
Comment by Anonymous on Friday, November 27, 2009
Your article is amazing, I will forward it to my friends...Custom Essay | Buy Research Paper | Freelance Writing