Industry Watch

Entries from July 2008

Quicksearch

easyDNS Main Links

» easyDNS Home
» Create Member Account
» Register A Domain Name
» Transfer Domain to Us
» Get DNS Service
» easyDNS Support


Categories



All categories

Syndicate This Blog

Staff Weblogs

» Under The Radar (Mark Jeftovic's personal weblog)
» HookerBlog (The Parkdale Hookers band)

easyDNS Member Blogs

» SelfEmployment.ca
» Jim Carroll
» Efficient Market Canada
» CEO Blog - Time Leadership by Jim Estill
» Caught In Between by Lawrence Greene

Archives

March 2010
February 2010
January 2010
Recent...
Older...

Wednesday, July 23. 2008

DNS cache poisoning exploit released

Hi There,

There is a new DNS Cache poisoning disclosure that has been inadvertently leaked before it was scheduled to be released by Dan
Kaminsky (IOActive). This is a very serious flaw in the DNS protocol that impacts caching resolvers, like the resolvers hosted at your
service provider that help your workstation resolve IP addresses to domain names.

This bug does not directly impact authoritative name servers like the ones used to host your domain names at EasyDNS. Our name servers do not
request answers from external sources, and rely entirely on internal cache files to offer answers. So for example, nobody will be able to change your IP information on our end. That part of the bug is unfortunately located at the caching end.

That being said; this is still a serious flaw, and we are taking this opportunity to upgrade the DNS software on our authoritative name servers to ensure that we are 100% compatible across the board with the newly upgraded caching name servers located at your Internet Service Provider. These upgrades should not impact name resolution if you are using more than one of our name servers to serve answers for your domain name (actually, please ensure that you are).

To make sure your Internet Service Provider is up to speed, you can use Dan Kaminsky's test script at DoxPora Research. If your Internet Service Provider is not yet up to speed, you may want to give them a nudge and/or change your DNS resolver configuration to a more trusted service.

Update It is now making news that an exploit to this attack has been released., please see our post about our newly launched DNSresolvers.com if you are looking for safe resolvers.
Posted by Simon Carr in Industry Watch at 20:52 | Comment (1) | Trackback (1)
Bookmark DNS cache poisoning exploit released at del.icio.us Digg DNS cache poisoning exploit released Bloglines DNS cache poisoning exploit released Technorati DNS cache poisoning exploit released Fark this: DNS cache poisoning exploit released Bookmark DNS cache poisoning exploit released at YahooMyWeb Bookmark DNS cache poisoning exploit released at Furl.net Bookmark DNS cache poisoning exploit released at reddit.com Bookmark DNS cache poisoning exploit released at blinklist.com Bookmark DNS cache poisoning exploit released at Spurl.net Bookmark DNS cache poisoning exploit released at NewsVine Bookmark DNS cache poisoning exploit released at Simpy.com Bookmark DNS cache poisoning exploit released at blogmarks Bookmark DNS cache poisoning exploit released with wists Bookmark DNS cache poisoning exploit released at Ma.gnolia.com wong it! Bookmark using any bookmark manager!

Thursday, July 17. 2008

.ME Top Level Domain launch indicative of new TLD rollouts

We've gotten a few invitations to apply to be a .ME top-level domain registrar, to which we assigned no urgency after we took a straw poll internally and found that pretty well zero of our customers were asking for it. Today, Techcrunch reports that the .ME landrush, at least through one large operator, had degraded into a fracas. We have an unwritten policy here: new Top Level Domain roll outs are to be avoided until they i) get past sunrise without erupting into a malestrom of lawsuits and ii) get past "go-live" without imploding.

It runs contrary to industry standards where registrars whip their customer base into a frenzy over an exaggerated need to protect one's trademarks and claim one's stake in the latest "must have" TLD. The fact is, all you really need to care about are .COM, .NET and .ORG plus the ccTLD of the country you live in or do a lot of business in. (I will probably catch flack for saying .BIZ and .INFO are not crucial must-haves to your domain portfolio - we grabbed ours, at considerable expense in the case of .INFO and it was our experience in the roll out of these two that largely formed our policy.)

That most of these new TLDs roll out with initial 2-year registration period minimums are just an outright cash grab from the registry that most participating registrars are happy to join in on. They know that the sunrise and landrush frenzies they hope to whip up are the single greatest revenue events these TLDs ever experience. After the hoopla dies off and organizations realize how unimportant owning say ".ZX" is in their overall domain strategy and the domainers who piled in find out the aftermarket for the TLD is lackluster at best, the renewal rates predictably fall off a cliff.

So when the next "must have" TLD comes along and participating registrars start lovebombing their customers with reasons why they absolutely must "protect their name" in the new TLD, we often commit the egregious sin among investment bankers, VC's and pundits - that of "leaving money on the table" and we just don't rush in and push the new TLD. If it prevents us from leading our members off a ciff in to a major debacle, we consider ourselves as having done our job. (This was a similar rationale to why we never entered the IDN space, as long as you need a browser plug-in to make internationalized domain names even borderline usable they are, in our opinion, of marginal utility - we stayed out of it)

This is in line with our lifelong strategy of cultivating members who actually use their domains rather than pushing the "get your name before its gone" angle for every TLD under the sun on anybody who can fog a mirror. When we launched back in '98, we couldn't even register domains at all, so our member base was exclusively people who were actively using their domains and wanted outsourced DNS and/or forwarding. That set the tone for our positioning and culture ever since, and while now we do have a lot of customers using us "as registrar", our core is always the active domain users.

We have almost zero "domainers" with large portfolios of parked domains and speculative registrations because our model simply doesn't work for those types of users. It's not a judgement against domainers, it's just not where we came from.


All that said, you would probably think we are opposed to the new "free-for-all" TLD expansion policy hinted to in the recent ICANN meeting in Paris. We are not. We would welcome this new tlds policy (if it ever actually happens) because it removes the artifical scarcity and counteracts that "cashgrab" mentality we sniff at the root of many a new TLD. If new TLDs are coming out all over the place, two things happen:

1) Organizations realize that it is no longer practical to attempt to "protect their name" in every TLD space, so they stop trying. This removes a lot of the "easy money" underwriting new TLDs, some of which would otherwise launch for the thinly disguised reason of trying to milk the Sunrise for all its worth.

2) The above impetus gone, new TLDs will have to compete in a much more open market. Registries, while having de facto localized monopolies within their own TLDs will have to provide actual value to compete with other TLDs.

That appeals to our sense of market freedom: less artificial barriers compelling a drive toward providing more value and benefits. The winners in the end should be the domain registrants, who are, let's not forget, our customers.
Posted by Mark Jeftovic in Industry Watch at 07:52 | Comments (0) | Trackbacks (0)
Bookmark .ME Top Level Domain launch indicative of new TLD rollouts at del.icio.us Digg .ME Top Level Domain launch indicative of new TLD rollouts Bloglines .ME Top Level Domain launch indicative of new TLD rollouts Technorati .ME Top Level Domain launch indicative of new TLD rollouts Fark this: .ME Top Level Domain launch indicative of new TLD rollouts Bookmark .ME Top Level Domain launch indicative of new TLD rollouts at YahooMyWeb Bookmark .ME Top Level Domain launch indicative of new TLD rollouts at Furl.net Bookmark .ME Top Level Domain launch indicative of new TLD rollouts at reddit.com Bookmark .ME Top Level Domain launch indicative of new TLD rollouts at blinklist.com Bookmark .ME Top Level Domain launch indicative of new TLD rollouts at Spurl.net Bookmark .ME Top Level Domain launch indicative of new TLD rollouts at NewsVine Bookmark .ME Top Level Domain launch indicative of new TLD rollouts at Simpy.com Bookmark .ME Top Level Domain launch indicative of new TLD rollouts at blogmarks Bookmark .ME Top Level Domain launch indicative of new TLD rollouts with wists Bookmark .ME Top Level Domain launch indicative of new TLD rollouts at Ma.gnolia.com wong it! Bookmark using any bookmark manager!
(Page 1 of 1, totaling 2 entries)