News

Effective 19 April 2012, German TLD .de operator DENIC and the Swedish-based Internet infrastructure organisation Netnod have entered into a strategic partnership to further strengthen the .de Name Service. By making use of Netnod’s extensive infrastructure to complement DENIC’s own worldwide DNS network, DENIC’s operation of the domain name system for .de, in its role as a crucial resource of the Internet, will be additionally secured. 

The new second foothold will further minimise potential risks for the .de zone by integrating Netnod’s additional 35+ locations worldwide, this way allowing for rapid response in the case of a malicious intent. As a surplus benefit, Netnod’s services will provide a significant capacity upgrade. 

“We have chosen Netnod for their outstanding technical expertise and fully trust their competence to meet the high level demands associated with the operation of our supplementary name service for .de, which is by far the biggest ccTLD worldwide. Also, both Netnod and DENIC are not-for-profit, neutral, and independent basic infrastructure-providing organisations and share similar strategic positions and views. Therefore, this partnership ideally matches with DENIC’s commitment to provide services of utmost reliability, on a self-regulatory basis,” said Dr. Jörg Schweiger, Member of the Board and CTO of DENIC. 

“Netnod is happy to assist DENIC in enlarging their footprint by offering them the shared use of our widespread multi-site anycast infrastructure for full backup support of .de, and thus for the common good of all Internet users. Of course, we are very proud that after having supported a large variety of European ccTLDs for quite some time now, .de as the No. 1 ccTLD has chosen us to be their strategic DNS partner,” said Kurt Erik Lindqvist, CEO of Netnod. 

---------------------------------------------------------------------------------- 

About DENIC

DENIC is responsible for managing .de, Germany’s top-level Internet domain and the world’s second largest Internet registry with 15,000,000+ domain names. Next to running a 17-site worldwide name server network, DENIC provides all domain database and registration system resources for .de and also operates the German ENUM domain (.9.4.e164.arpa), along with all .de and ENUM related whois lookup services. Since its inception in 1996, as a private, not-for-profit cooperative, DENIC’s mission is to fulfil a public purpose by supporting a fast, secure and reliable access to German Internet pages and e-mail addresses, through the excellence of its extensive name server infrastructure and services, on a 24/7 basis. Today, 280+ registrars from the IT and telecommunications industry in Germany and abroad offer .de registration services and support the independent, self-regulatory approach of the cooperative as active members. DENIC is also committed to be a leading force in shaping the continued development of the open, decentralized and secure Internet, in a close collaborative effort with international Internet bodies including ICANN, RIPE, IETF, and CENTR. Based in Frankfurt am Main, Germany, DENIC employs 120 staff and has an annual turnover of EUR15m. 

Website:         http://www.denic.de 
Contact:        Stefanie Welters, Public Relations Officer, DENIC eG 
                This email address is being protected from spambots. You need JavaScript enabled to view it. 
                +49 69 27235-274 

About Netnod

Netnod is a not-for-profit, neutral and independent Internet infrastructure organisation, based in Sweden and owned by the TU foundation. Netnod provides DNS anycast and unicast slave services to TLDs worldwide through its highly respected and robust DNSNODE product. Netnod is also the proud operator of i.root-servers.net, one of the thirteen logical DNS root name servers in the world – a critical part of the Internet underlying infrastructure. This service is provided as a public service to the Internet community at-large, as part of Netnod’s goal to work for the “Good of the Internet”. Finally, Netnod operates six exchanges in five different cities in Sweden where Internet operators exchange traffic. The Netnod IX has among the highest amount of traffic per peer in Europe and is fully IPv6 enabled. 

Website:         http://www.netnod.se 
Contact:        Kurt-Erik Lindqvist, CEO, Netnod 
                This email address is being protected from spambots. You need JavaScript enabled to view it. 
                +46 8 56286000

Kyiv, April 13. Hostmaster, the technical administrator of the .UA domain, completed DNSSEC implementation activities and started using the technology commercially. Today, the international organization ICANN satisfied Hostmaster’s request to make an entry about DNSSEC key for .UA in the root zone of the domain names system (DNS).

This allowed Ukrainian companies to protect their sites from scammers who redirect users to scam sites using loopholes in the DNS. The DNSSEC technology applies digital signatures and guarantees authenticity of domain names.

So far, the technology has been adopted by three companies to protect their sites: RIFT Ltd (Rivne), Netassist (Kyiv), and NIC.UA (Dnipropetrovsk) to ensure safety of the domains rovno.ua, netassist.ua, and nic.ua, respectively.

At the moment, DNSSEC is being used worldwide by more than 70 top level domains (approximately 26% of the total amount), of which 60 are country domains (24%).   

In February nic.at introduced the security standard DNSSEC for the .at zone - that's why the latest .at report is dedicated to this topic. Although DNSSEC deals with encryption, NIC.at tried to treat the topic as 'unencrypted' as possible!

Find out yourself and explore the DNSSEC world map, take a look behind the scenes of our DNSSEC deployment and meet international DNSSEC pioneers! Furthermore you will get to know how registrars think about DNSSEC and which results the first .at barometer has delivered.

 Find the report here:

http://www.nic.at/en/uebernic/current_issues/at_report/

Paris saw one of the largest IETF meetings in recent years with over 1400 engineers - and also a few lawyers and policy people – gathered in a busy week. With meeting slots completely filled and additional launch and site meetings added on top, issues discussed between several working groups were the push for authentication and identification on the ever more resourceful web, World v6 Launch day (and the many life-saving efforts or Ipv4) and yet another attempt to use the Domain Name System (DNS) for another new alternative technology, this time for securing BGP routes.

Securing routing with the DNS as an alternative to the „oldie“ Routing PKI (RPKI) was presented as another approach to to make use of the DNS, in fact after challenging Transport Layer Security and its not beloved anymore system of certification authorities with DANE (DNS-based Authentication of Named Entities), it is now RPKI who seems to get competition from the DNSSEC-secured name space. Joe Gersch from the DNSSEC-provider Secure64 and Dan Massey from the University of Colorado, who is an author of some DNSSEC RFCs, presented ROVER – Route Origin Verification. Instead of implementing new infrastructure for the verification of BGP routes, the in-addr.arpa tree could be checked for announcements of IP address blocks.

Once a CIDR-block was announced administrators could query the DNS to see if it it was an authoritative announcment. The only trick necessary according to Gersch and Massey was to marry the eight-bit structure of the DNS with blocks unfitting in that structure. Gersch and Massey presented a proposal for „reverse DNS naming convention for CIDR address blocks“. Currently only complete IP addresses, but not address ranges may be registered under in-addr.arpa. Practically speaking the block 129.82.0.0/16 will be registered as 82.129.in-addr.arpa, the block      129.82.64.0/18 will be registered as 129.82.m.0.1 ( 129.82.m.0.1.0.0.0.0.0.0). In both the DNS and, much more in the RPKI WG of the IETF there were a lot of critical comments, but the DNS WG agreed to allow work to continue on the reverse naming draft despite some experts warning against pursuing ROVER, as it would introduce circular arguments and a bootstrapping problem in case of attacks. (For an evaluation of ROVER by Stephane Bortzmeyer, see his blogpost) 

Another topic discussed feverishly is the development of a new IETF standard for Whois in the WEIRDS working group. Beside the number registries that started the discussion, not only a large registry like VeriSign, but also a coming TLD-registry like Google declared its committment to a new Whois.

Web Identity

More and easier to use security options for the ever growing net of web platforms were a topic discussed not only during the Oauth working group of the IETF, but also in the technical plenary, a panel by the ISOC and an additional lunch panel chaired by representatives of the World Wide Web Consortium. The W3C is just about the start its own new WG on Web Cryptography and was very much interested in not add to the growing fragmentation of the Web Identity Space – with the more well-known OpenID and OpenID Connect suite (Google, Yahoo, Microsoft, Facebook),   BrowserID (mainly Mozilla), the not widely implemented OASIS SAML suite and smaller initiatives like WebID already competing. Instead the W3C wanted to offer building blocks, with a focus on strong cryptographic tools, Harry Halpin from the W3C said. The differences between Mozilla's Browser ID, that was presented several times by TLS-coauthor Eric Rescorla, and the OpenID Connect approach (which marries Oauth features and classical single sign-on solutions) are blurred, but experts from different sites agree, that BrowserID is somehow optimized to not allow the identity provider to see what the user is doing on the web.

If „the market“ will decide the tussle? At least, US lawyer Wendy Seltzer, representing the W3C, said, standards were desparately needed to avoid that users were compelled by content providers to authenticate via their prefered identity provider. In the US there were newspapers for example that were only available for online subscription if the user came from a Facebook account.

IPv6 – This time it's for real

The IETF leadership is prepared to finally clear the IPv6 related WGs from work that is targeted to extend the lifetime of Ipv4 with an „Ipv4Exit“ WG. In Paris the Ipv6Op WG once more saw a long list of drafts talking Ipv4, and not IPv6. At the same time the Internet Society has announced that the second WorldIPv6 Day (on June, 6th 2012) will be no other test flight, but instead should mark the take off. Several large network providers including Comcast and Time Warner Cable, content providers including Google and Yahoo and hardware companies like Cisco and Dlink announced they would launch IPv6. Network providers participating have to offer IPv6 to every new customer and have to push their IPv6 traffic to at least one percent by June, 6. An observation made by non-US participants at the meeting was that ISOC had not rallied as much support outside of the US.

Precisely 20 years ago today Estonia established its first Internet connection with the outside world. Previously people in Estonia could only send and receive e-mails via slow modem connections by making international calls to Finland. Such a solution was both complicated and inadequate because it excluded a wide range of Internet possibilities.
Click for Full Article

Following the publication of the calls for applications to manage the 11 top-level extensions in the Official Journal of the French Republic on March 20, 2012, AFNIC has announced his candidacy for the extensions in question and has launched its campaign of calls for support.

AFNIC has successfully acted as the Registry for the .fr (France), .re (Reunion Island),.pm (St. Pierre and Miquelon), .tf (French Southern and Antarctic Territories), .wf (Wallis and Futuna) and .yt (Mayotte) TLDs since 1998.

"The association is particularly committed to extending this unbiased approach, giving each category of stakeholder (registrars, users, private and public sectors) a fair place, while promoting sharing and openness in a non-profit environment," said Jean-Pierre Dardayrol, Chairman of AFNIC. "AFNIC therefore wishes to re-assert its commitment to the French Internet community by applying for the management of the 11 French Internet extensions included in the calls for applications," he added.

Click for full article

The Swedish company OpenDNSSEC AB (svb), which is operated by .SE (The Internet Infrastructure Foundation), will receive a capital injection of

The .uk registry has now hit over 10 million domains – maintaining its position as the world’s second largest country code registry.

The 10 millionth registration follows on from two years of strong growth in .uk domains. 

Nominet is marking this occasion by announcing a major investment in the .uk brand – a particularly important step given the backdrop of a changing landscape of domain names. This work is focused on growing the market and driving growth in .uk by delivering and building a compelling .uk brand story for businesses and consumers. A marketing campaign, set to roll out from May this year, will include a dedicated .uk website.

Click to read full article 

DIFO and DK Hostmaster A/S have decided to change the management structure of the companies. Currently, DIFO and DK Hostmaster A/S each have their own director, Lise Fuhr for DIFO and Per Kølle for DK Hostmaster. From now on, DIFO and DK Hostmaster will have one management group consisting of a CEO and a Vice CEO who will function as management for both DIFO and DK Hostmaster.

The change to the management structure will be implemented as part of a planned generational handover on the occasion of Per Kølle’s imminent retirement. Per has given an enormous contribution and, not least, it is Per’s achievement that DIFO and DK Hostmaster are currently extremely well-run administrators of the .dk domain. Per’s knowledge will not be easy to replace and, consequently, the organisation is pleased that Per has agreed to continue his association with DK Hostmaster.

The Boards have now commenced recruiting Per’s replacement, who will be the new CEO for DIFO  and DK Hostmaster.

Lise Fuhr will continue as Vice CEO in the new management structure. Over the past three years, Lise has given DIFO a voice in the national and international domain policy and has attended to relations to DIFO’s many stakeholders. DIFO and DK Hostmaster are pleased that Lise has agreed to remain a part of the new management.

The changes in the management structure will become effective from 1 March. Until a new CEO is found, Lise Fuhr will be temporarily appointed as CEO.

The CENTR Guide to ICANN43 is now available. 
The guide contains key topics in the ccNSO, GAC and gNSO spheres as well as relevant sessions to attend.  

Click for the Guide to ICANN43