Whenever seismic activity picks up somewhere in the world, our local press here in California like to point out that we’re overdue for The Big One.  They cite how frequently, on average, large earthquakes occur on the various faults that we cross on our daily commutes and note that it’s been many times that long since those faults have experienced a major tremor.  Then they cut to footage of the aftermath of the Northridge or Loma Prieta earthquake or the movie “2012” and remind you to stock up on canned food, drinking water and ammunition.  Sensationalist, sure, but relatively tame when compared with most of the fear mongering they use to try to boost ratings.

I’m waiting for The Big One to strike the Internet.

Over the past several years, we’ve seen some large Distributed Denial of Service attacks against Internet infrastructure, including DNS.  In fact, as recently as August 6^th, the DNS hosting provider DNS Made Easy was hit with a DDoS attack that they estimated at “over 50 Gbps.”

Read more...

A system administrator I knew at HP Labs, Mike Rodriquez, named his personal workstation "walstib."  Mike explained that it was an acronym for "What A Long, Strange Trip It's Been," which, he said, was a kind of motto among Deadheads.  (I gather it's a line from one of the many indistinguishable Grateful Dead songs.  Sorry, Mike.)

So "WALSYIB" is my acronym for "What A Long, Strange Year It's Been."  (And yes, I realize that I used a similar title for a previous blog post.)  2009 was a productive year:  We made more progress in deploying DNSSEC in the last 12 months than in the previous 10 years.  But we saw more attacks on DNS infrastructure, including cache poisoning attacks in the wild.  And we saw the discovery (and subsequent patching) of more vulnerabilities in BIND.

Read more...

Most of the results of our recent DNS Survey were pretty scary, especially the news that nearly 80% of the name servers we found in our sweep of 5% of the Internet's address space were open to recursion.  But the results contained some good news, too, and for that we should be thankful.

Read more...

Together with our partner The Measurement Factory, Infoblox has just competed our fifth annual DNS Survey.  We're still poring over the results, but one number that stands out to me is our latest estimate of the total population of name servers on the Internet, which has jumped to 16.3 million name servers this year from 11.7 million in 2007.  (2008's results were a little suspect.)

Read more...