At our last meeting in ICANN (Paris), there was a special session for upcoming gTLD bidders on the various registry players in the market today.

This sessions was held by Jothan Frakes and Antony Van Couvering (names@work)

Read here for the introduction and the full list of registry players that was interviewed in the session.

Here is a write up from Antony that was posted on his blog recently

Registry ASP are the smart guys who operate the registries for .HK, .SG, and .CD. They did a lot of the development for .MY as well. The RegistryASP site has thorough documentation, with different sections for new TLDs, existing ccTLD registries, and registrar solutions. Want to know how they’ve managed other registry projects? Check out their handy case studies.

Represented by	TK Tan
TLDs currently supported	HK SG CD (and, since our contest, they have added GW)
Provides marketing support	Yes
Hosts registry on their system	Yes
Open-source software all or in part	No
Subscription, per-unit, flat-fee pricing	Any
Invest money in TLD?	Yes
Can accommodate complicated business rules	Yes
DNS resolution services?	Yes
WhoIs services	Yes
Customer profile (registration volume)	Any
IDN support	Yes
DNSSEC support	Yes
IPv6 support	Yes
Help with application, lobbying	Yes
Registrar system included	Yes
Differentiating factors	Has registrar service, flexible with diverse business logic and policy

Quoted from Antony’s post.

Thanks Antony!

Read ICANN press release on addressing DNS recent vulnerabilities.

This tool, http://recursive.iana.org/ is to check whether that particular zone is vulnerable.

Read here to understand how it works. It is a presentation slide in it presented by Dan Kaminsky at Blackhat 2008 conference.

Check out Dan Kaminsky’s slides that he presented at Blackhat Conference 2008.

Unfortunately, for individuals such myself couldn’t attend such events.

You could download his slides here and here.

Check out the videos at Clarified Networks as well. It shows DNS being patched all over the world.

Read here, Work, Wine and Wheels

Hope this is gives us a lesson, something has to be done with DNS.

Patching DNS servers is like a sailor patching holes on a sinking vessel, nevertheless it’s still a sinking vessel

Read it at zdnet

Head over to Kamisky’s blog to see if your nameserver is vulnerable.

ICANN recently released a paper talking about their initiatives towards operational readiness for DNSSEC root signing. This is great reading material for any TLD operator who intends sign their DNS and this also gives a bird a eye view over the whole DNSSEC issue.

It talks about what DNSSEC is all about without being too technical and numerous issues that will be faced during deployment.

There is also a DNSSEC survey results among ccTLD registries. Although quite a large number of ccTLD registry haven’t deployed DNSSEC yet but they’re either planning deploy it in the future or waiting for DNSSEC to be matured which could easily means, they’re waiting for the root zone to be sign first.

Here are some other useful reading materials regarding DNSSEC,

• DNSSEC
• DNSSEC (wiki)

I agree there is a lot of more work to be done but will you allow such vulnerability exist?

ps : We will be responsible for deploying DNSSEC for SgNIC. So stay tune, we’ll share our experience with you

If your not aware of the recent DNS exploit, US-CERT is aware of publicily available code to exploit the vulnerable DNS servers.

It’s basically a form DNS cache poisoning that was accidentally found by Kaminsky.

Part 1 of the exploit (Click here for the original resource)

This exploit attacks a fairly ubiquitous flaw in DNS implementations which Dan Kaminsky found and disclosed ~Jul 2008. This exploit caches a single malicious host entry into the target nameserver by sending random sub-domain queries to the target DNS server coupled with spoofed replies to those queries from the authoritative nameservers for the domain which contain a malicious host entry for the hostname to be poisoned in the authority and additional records sections. Eventually, a guessed ID will match and the spoofed packet will get accepted, and due to the additional hostname entry being within bailiwick constraints of the original request the malicious host entry will get cached.

Part 2 of the exploit (Click here for the original resource)

This exploit attacks a fairly ubiquitous flaw in DNS implementations which Dan Kaminsky found and disclosed ~Jul 2008. This exploit replaces the target domains nameserver entries in a vulnerable DNS cache server. This attack works by sending random hostname queries to the target DNS server coupled with spoofed replies to those queries from the authoritative nameservers for that domain. Eventually, a guessed ID will match, the spoofed packet will get accepted, and the nameserver entries for the target domain will be replaced by the server specified in the NEWDNS option of this exploit.

WIRED wrote don’t shoot the messenger but look at DNS insecure protocol.

So are we really gonna look at DNSSEC seriously now?

In the recent ICANN meeting in Paris, Jothan Frakes and Antony Van Couvering organized a “Birds Of a Feather” session for new TLD applicants to sit in and get to know who are the registry providers in the industry and who can offer niche services.

Everyone was asked to give a short introduction about themselves/organization followed by a short debate over several new gTLD application issues.

After that, registry providers were ask to leave the room and re-enter the room one by one. This time they had 5 minutes to answer a very simple “yes no” question in relation to the service they provide.

It was a bang , bang , bang and your done. KISS style.

After one month from this session, Antony has begins to publish the results.

Great work guys.

The recent landrush of .ME had a few people disappointed and pissed at GoDaddy

Read it here.

And it seems that some of the domains (e.g hug.me) which was awarded to several people by mistake of course is now up on the auction list.

Good luck guys/girls, you’re gonna need it

Found this material at Circle ID site which was posted by John Levine(original posting).

Thought i should share it.

After a short research,

Found this posting at ICANN’s site.

Pay as you proceed through the evaluation process?

1st Stage.
1a) provide an INITIAL APPLICATION FEE ($<5000)
1b) application acceptance and initial evaluation
1c) change the initial evaluation on the Business and Technical portions by limiting these to critical elements only with intense evaluation delayed to occur should the application move to stage.2 below).
1d) Post IE Results and allow for objections etc.
1e) Deal with objections

2nd Stage, - you’ve made it through the objections stage.
2a) Full Evaluation, Comparative analysis etc.
2b) An “APPLICATION ACCEPTANCE FEE” applies.
2c) ICANN performs a rigourous look at the ability to proceed including full business and technical evaluation, comparative evaluations for auction etc…
2d) Application acceptance or denial.

3rd Stage….
3a) root zone acceptance
3b) any applicable fees.

Found from here

Now wouldn’t that benefit the applicants more without paying a bomb?

Imagine IF playboy tendered for their very own tld. dotPlayboy .

Now wouldn’t that cause a rackus.

Because they have turn down .xxx previously because of it’s heavy content related to pornography.

ICANN has just approved vanity TLDs (here) where organization , communities and even individuals can tender for their very own TLDs if they have a good justification and uniqueness.

Yes, anything you can think of but of course, it has to have a sound business plan.

Now of course, dot-sex would be a popular TLD but what about corporate companies especially those who relies on their Internet presence.

About a month ago, EBay has tendered for dotEbay . One could see why they should try to get their very own TLDs. It could be used internally such as automobile.ebay or jewellery.ebay and maybe choose not to sell it.

But i highly doubt it. Look at number of stores eBay currently have worldwide including regional sites. I don’t have the figure on that but you know and i know, it’s a large number.

They can easily convert those store names to domain names to resolve something like motorworks.ebay or surf-wear-tshirt.ebay.

Now imagine, the cash cow behind it.

It’s un-tap pool of $$$.

If i’m a store owner, of course i would be delighted and rush in to get my very own store name as a domain name. Especially if the domain name has already taken up in .com.

If eBay is still feeling hungry , good names could be auction at a lucrative price. At a very lucrative price. Look at dotAsia, now they have broken the public mental barrier of registry based auction and .me followed suit.

What’s even cooler, is , eBay as an online marketplace can merge with a registry system and come out with a collaborated system all together.

Purchase a domain name from eBay, without having to purchase hosting space and eBay will provide a backend tool to operate the store/domain name.

It will be an interesting to see what happens next if eBay gets their TLD.

And what about social networking sites such as Facebook, Friendster, MySpace?

Imagine Facebook + domain registry operator which operates .facebook vTLD?

Yeah, some might say, come on , .name was a flop.

Yes it was, but who knows, it’s a new approach. Bringing social networking sites to a different stage all together.

Hit on claytonnarcis.facebook, you’ll land on my facebook profile.

Look at what TelNic is doing. That’s a very unorthodox method but i got a strange feeling it’ll work out pretty well.

On a separate topic,
Looks like browsers have to be patched if vTLD is out by 2009. Tested with my Firefox 3 , and it automatically appends a .com behind.

When u key in ,
automobile.ebay

It will be converted into,
automobile.ebay.com

Will today’s browsers automatically fill in .com ignite a sudden burst of domain cybersquatters? Or even being directed to the wrong site. Now that’s damaging.

And what about typo extensions.

.cmm
.cim
.cpm
,etc

I’m sure domainers will be happy to know if they are able to get their hands of such TLD. Read here

That’s all for now.