Introducing getdns: a Modern, Extensible, Open Source API for the DNS

Allison Mankin | Apr 23, 2014

I am very pleased to announce the public introduction of getdns at The Next Web in Amsterdam (TNWEurope) April 23-24, 2014. Verisign Labs and NLNet Labs in collaboration have developed getdns, an open source implementation of the getdns-api application programming interface (api) specification.

At The Next Web, getdns is one of the challenge APIs in a 36-hour Hack Battle. Multiple teams of application coding experts are using getdns to develop innovative applications that leverage the global security infrastructure available through DNS Security Extensions (DNSSEC).

Several years of community and researcher effort have led up to this introduction.  The modernized, extensible DNS API specification was developed by a volunteer team of Web applications developers – the contributors included people specializing in instant messaging programs, Web browsers, and social networking systems.  Its novel goal was to offer DNS programming calls adapted to the use of application developers, allowing full access to the power of the DNS ecosystem without requiring the applications developers to be deep experts in the DNS protocol.  

Paul Hoffman, an application security consultant, edited the API and Verisign Labs joined in the fun over a year ago, several months before the first publication. Once it was published, we invited NLNet Labs to join us in creating an open source implementation for widespread public distribution, getdns. Hoffman and the community then updated the specification to address discoveries we made during implementation. In February 2014, we unveiled early beta code for review and in the months since we have also released an early port of getdns to iOS, and beta versions of node.js and Python language bindings. Source repositories are publicly available on github.

At its heart, getdns makes use of the DNS protocol processing of the NLNet Labs Unbound open source – Unbound is a widely used, DNS Security Extensions (DNSSEC)-centric implementation of the DNS standards.  We reflect this in the phrase “Unbound Security” in the getdns logo.  The double meaning: removal of the bounds that have kept applications from easy access to a global security infrastructure in the DNS. 

Read more

Verisign’s Preliminary Comments on ICANN’s Name Collisions Phase One Report

Burt Kaliski | Apr 16, 2014

Verisign posted preliminary public comments on the "Mitigating the Risk of DNS Namespace Collisions" Phase One Report released by ICANN earlier this month. JAS Global Advisors, authors of the report contracted by ICANN, have done solid work putting together a set of recommendations to address the name collisions problem, which is not an easy one, given the uncertainty for how installed systems actually interact with the global DNS.  However, there is still much work to be done.

Below, I have outlined the four main observations from ICANN’s "Mitigating the Risk of DNS Namespace Collisions" Phase One Report discussed in Verisign’s public comment along with recommendations:

Read more

DNS Outages: The Challenges of Operating Critical Infrastructure

Danny McPherson | Apr 15, 2014

Recent attacks targeting enterprise websites have created greater awareness around how critical DNS is for the reliability of Internet services and the potentially catastrophic impact of a DNS outage. The DNS, made up of a complex system of root and lower level name servers, translates user-friendly domain names to numerical IP addresses. With few exceptions, DNS lives in a grey area between IT and network operations. With the increasing occurrences of distributed denial of service (DDoS) attacks, advanced persistent threats (APTs) and exploitation of user errors through techniques such as typosquatting and phishing, enterprises can no longer take a passive role in managing their DNS Internet infrastructure.

Implications of DNS Outages

With an average daily DNS query load of 82 billion at Verisign during the fourth quarter – and a fourth quarter 2013 peak of 100 billion – it is vital that Internet services be operational continuously. Without a doubt, the cost and requirements of running critical Internet infrastructure at these performance levels are high. However, if DNS operations were significantly interrupted for an extended time period, potential devastating results to businesses on the Internet could include any of the following:

  • Revenue losses
  • Impact to cash flow
  • Productivity losses
  • Damage to reputation and goodwill
  • Compliance and/or reporting penalties
  • Penalties and loss of discounts
  • Impact to customers and strategic partners
  • Diminished competitive advantage
  • Employee morale and employee confidence in IT
Read more

Internet Grows to 271 Million Domain Names in the Fourth Quarter of 2013

Blog Moderator | Apr 09, 2014

Today Verisign announced five million domain names were added to the Internet in the fourth quarter of 2013, bringing the total number of registered domain names to 271 million worldwide across all top-level domains (TLDs) as of Dec. 31, 2013, according to the latest Domain Name Industry Brief. The increase of five million domain names globally equates to a growth rate of 1.9 percent over the third quarter of 2013. Worldwide registrations have grown by 18.5 million, or 7.3 percent, year over year.

Is it likely that we will run out of domain names? No, the number of possible second-level domain names in any TLD is an extremely large number. Refer to page 4 of the report for further explanation.

The increase of five million domain names globally equates to a growth rate of 1.9 percent over the third quarter of 2013. Worldwide registrations have grown by 18.5 million, or 7.3 percent, year over year.

The .com and .net TLDs experienced aggregate growth in the fourth quarter of 2013, reaching a combined total of approximately 127.2 million domain names in the adjusted zone for .com and .net. This represents a 5 percent increase year over year. As of Dec. 31, 2013, the base of registered names in .com equaled 112 million names, while .net equaled 15.2 million names.

New .com and .net registrations totaled 8.2 million during the fourth quarter of 2013. In the fourth quarter of 2012, new .com and .net registrations totaled 8.0 million.

During the fourth quarter of 2013, Verisign's average daily Domain Name System (DNS) query load was 82 billion across all TLDs operated by Verisign, with a peak of 100 billion. Compared to the previous quarter, the daily average increased 0.9 percent and the peak decreased 5.5 percent. Year over year, the daily average increased 6.4 percent and the peak decreased 19.2 percent.

As the Internet continues to evolve, it is crucial for enterprises to have a powerful and resilient infrastructure that maintains 24/7 availability. “DNS Outages: The Challenges of Operating Critical Infrastructure,” provides a high-level overview of the implications of DNS outages and the importance of staying ahead of threats.

Verisign published the Domain Name Industry Brief to provide the Internet users throughout the world with statistical and analytical research and data on the domain name industry. For more information, download the latest Domain Name Industry Brief.


Is Your Organization Prepared For a Cyber Attack?

Sean Leach | Apr 09, 2014

Infamous heavyweight boxer Mike Tyson once said “everyone has a plan until they get punched in the face.”  As any organization that has faced a cyber attack will tell you, it is a lot like getting punched in the face, and if you’re not ready, you might get knocked out.  

You’ve likely read recent headlines of major retailers, financial institutions, and now even universities, being hit with data breaches.  As some of them have learned the hard way, it’s not a question of if your organization will be attacked; it’s a question of when.  That’s why cyber threat intelligence is essential to any organization, large or small. 

Launching a cyber attack has never been easier and these types of attacks are increasing in frequency, size and sophistication, making them more difficult to mitigate. These attacks are becoming so pervasive and complex that the White House recently announced new cybersecurity policies to improve efforts to protect critical U.S. infrastructures against the growing cyber threat.  President Obama even commented on the cyber threat issue saying, “[it] is one of the most serious economic and national security challenges we face as a nation.”  It’s clear that network security hardware and software alone cannot fully address the issue.  In order to properly defend against these threats, you need cyber security intelligence to provide actionable and relevant decision support to IT and business operations by enabling them to:

Read more