[dns-wg] NRDelegationAttack: Complexity DDoS attack on DNS Recursive Resolvers
https://www.usenix.org/conference/usenixsecurity23/presentation/afek https://www.usenix.org/system/files/sec23fall-prepub-309-afek.pdf -Hank -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/dns-wg
[dns-wg] OECD: Security of the Domain Name System (DNS)
https://www.oecd.org/sti/security-of-the-domain-name-system-dns-285d7875-en.htm 53 page booklet. -Hank -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/dns-wg
[dns-wg] EU: DNS abuse study
The EU has published is 173 page opus on DNS abuse: https://op.europa.eu/en/publication-detail/-/publication/7d16c267-7f1f-11ec-8c40-01aa75ed71a1/language-en/ -Hank -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/dns-wg
Re: [dns-wg] DNS4EU?
On 19/01/2022 13:33, Hank Nussbacher wrote: How the media sees DNS4EU: https://therecord.media/eu-wants-to-build-its-own-dns-infrastructure-with-built-in-filtering-capabilities/ -Hank On 18/01/2022 12:51, Ana Sen wrote: I left the webinar more confused than before it started. In the actual call it states "Costs for operating the infrastructure during its lifetime will be excluded under the call." and later "Proposals should also define the post-project ownership of the infrastructure". This call is for 36 months with only 50% co-funding. So based on my reading of the 1st sentence, any servers placed at various colo sites (hosting costs), routing costs, etc are excluded?! Does this mean that whoever wins this call will be spending a couple million Euro of their own money on manpower and equipment to implement DNS4EU? What am I missing? Thanks, Hank just an update that tomorrow the EU Commission will organise an Info Day (like a stakeholder workshop) to cover all the open CEF2 calls for proposals to respond to any questions interested parties might have. Cloud federation and DNS will be third on the agenda. The info day will run from 9 AM to 4 PM CEST. Link: https://hadea.ec.europa.eu/events/1st-connecting-europe-facility-digital-calls-info-day_en On Wed, Jan 12, 2022 at 10:27 PM Randy Bush wrote: since no one else has said it this time around the tree tracking the woozle, ... how does this avoid creating a nice well-defined target for: IP shutdowns, censorship, saving children from abuse, terrorism, ...? randy --- ra...@psg.com `gpg --locate-external-keys --auto-key-locate wkd ra...@psg.com` signatures are back, thanks to dmarc header butchery -- Sincerely, Anastasia Șendrea (Анастасия Шендря) -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/dns-wg
Re: [dns-wg] DNS4EU?
On 18/01/2022 12:51, Ana Sen wrote: I left the webinar more confused than before it started. In the actual call it states "Costs for operating the infrastructure during its lifetime will be excluded under the call." and later "Proposals should also define the post-project ownership of the infrastructure". This call is for 36 months with only 50% co-funding. So based on my reading of the 1st sentence, any servers placed at various colo sites (hosting costs), routing costs, etc are excluded?! Does this mean that whoever wins this call will be spending a couple million Euro of their own money on manpower and equipment to implement DNS4EU? What am I missing? Thanks, Hank just an update that tomorrow the EU Commission will organise an Info Day (like a stakeholder workshop) to cover all the open CEF2 calls for proposals to respond to any questions interested parties might have. Cloud federation and DNS will be third on the agenda. The info day will run from 9 AM to 4 PM CEST. Link: https://hadea.ec.europa.eu/events/1st-connecting-europe-facility-digital-calls-info-day_en On Wed, Jan 12, 2022 at 10:27 PM Randy Bush wrote: since no one else has said it this time around the tree tracking the woozle, ... how does this avoid creating a nice well-defined target for: IP shutdowns, censorship, saving children from abuse, terrorism, ...? randy --- ra...@psg.com `gpg --locate-external-keys --auto-key-locate wkd ra...@psg.com` signatures are back, thanks to dmarc header butchery -- Sincerely, Anastasia Șendrea (Анастасия Шендря) -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/dns-wg
Re: [dns-wg] DNS4EU?
On 16/12/2021 10:07, Stephane Bortzmeyer wrote: On Thu, Dec 16, 2021 at 08:59:42AM +0100, Moritz Müller via dns-wg wrote a message of 179 lines which said: I was wondering: Why does the EC believe that the resolvers users currently rely on (e.g. provided by their ISP) provide “low-quality”? Are there any studies about this? One possible response is that the people who write these statements don't know what they are talking about. But of course, I cannot believe that. So, another possible response: in Brussels, they see that some users move away from the IAP resolver to a public resolver, so there is probably a reason for that. (Unfortunately, DNS4EU may not address this reason.) Or simply some politician traveled to Canada and said to his aide "Why can't we do that as well?" https://www.cira.ca/cybersecurity-services/canadian-shield -Hank -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/dns-wg
Re: [dns-wg] DNS4EU?
On 08/11/2021 15:54, Chris Buckridge wrote: Anyone here attend yesterday's HLIG meeting and can share a presentation or meeting notes? Thanks, Hank Hi Hank, all, I don’t have a lot that I can add to what Nick and Stephane have already posted. But I will note that the European Commission has scheduled one of the regular meetings of its High Level Group on Internet Governance (HLIG) for this Wednesday; portions of those meeting agendas are generally open to industry stakeholders, and Wednesday’s agenda includes an update on DNS4EU. The information page for the HLIG is here: https://ec.europa.eu/transparency/expert-groups-register/screen/expert-groups/consult?lang=en=2450=true=23922 It’s not clear whether registration for the meeting is still open at this point, but minutes are published publicly, and the RIPE NCC can report back to this working group if there are any updates of note. Best regards, Chris On 8 Nov 2021, at 14:15, Stephane Bortzmeyer wrote: On Mon, Nov 08, 2021 at 07:12:38AM +0200, Hank Nussbacher wrote a message of 34 lines which said: Does anyone have further insight into the European initiative known as DNS4EU? There is very little actual information published on this project. According to some rumors, it would be a public DNS resolver, with built-in censorship (for the laws of 27 countries). dns4eu.eu has been registered by DG Connect
[dns-wg] DNS4EU?
Does anyone have further insight into the European initiative known as DNS4EU? Quoting CENTR: https://www.centr.org/news/eu-updates/june2021.html "On 10 June, the European Parliament adopted a resolution on the EU Cybersecurity Strategy, calling for inter alia “a new robust security framework for EU critical infrastructures in order to safeguard EU security interests”. The resolution calls on the European Commission to “prepare provisions to ensure the accessibility, availability and integrity of the public core of the internet and, therefore, the stability of cyber-space, particularly as regards the EU’s access to the global DNS root system”. The Resolution also “welcomes the proposal for a European Domain Name System (DNS4EU) as a tool for a more resilient internet core” and “asks the Commission to evaluate how this DNS4EU could use the latest technologies, security protocols and cyber-threats expertise in order to offer a fast, secure and resilient DNS for all Europeans”. " Thanks, Hank
Re: [dns-wg] Verisign to provide secondary DNS services for the RIPE NCC’s zones
On 25/10/2016 19:49, Carsten Schiefner wrote: > Hi Romeo - > > On 25.10.2016 09:11, Romeo Zwart wrote: >> Dear colleagues, >> >> There were some questions on the list in response to my earlier message >> (see below). Therefore, I'd like to add some clarification. >> >> [...] >> >> I hope this addresses the questions raised and clarifies the situation. >> We're happy to hear more questions and feedback from the working group. > thanks for the follow-up here on the list. Tangential: In case you missed it. Move over 8.8.8.8: http://www.verisign.com/en_US/security-services/public-dns/index.xhtml -Hank > > Best, > > -C. >
