Tag Archives: .de

DENIC Name Server Checks Now Featuring DNSSEC Functions

DENIC logo[news release] On its website, a specific interface exists which provides any user access to a tool for independently checking domain delegations in the way they are automatically verified by default by the DENIC registration system. This tool facilitates the delegation of second level domains under the German TLD .de. Moreover, it helps to avoid errors during the initial setup which may result in failures in case of domain deletions or even disturbances of entire network sections. The so-called Nameserver Predelegation Check is freely accessible to the public at www.denic.de/en/background/nast.html.

At the end of August, DENIC’s web surface for name server checks was extended by DNSSEC-specific checks. Users can deliberately activate this additional tool to test the technical parameters of DNSKEY records and to verify if the related signatures can be applied for validation. The checks have been active in the production environment for quite some time already. They are described in detail in the documentation DENIC-23, which also lists the system requirements. You will find the documentation under the aforementioned URL.

DNSSEC-specific tests can be executed with both domains already participating in the running testbed for .de and domains waiting to be registered in the testbed.

To enable users to carry out the relevant checks in their local systems, DENIC also provides an open source version of the related Name Server Test software (NAST) for download at the same URL. The software supplies detailed debugging information for individual search runs, if required.

This DENIC news release was sourced from:
www.denic.de/en/denic-in-dialogue/news/2913.html?cHash=4acc297130

Europe Registry logoTo register your .DE domain name in full, check out Europe Registry here.

CN Domain Registrations Slip Even Further

CNNIC logoThe number of .CN domain name registrations have slipped by over one million in the two months to 30 June according to statistics published on the China Internet Network Information Center’s (CNNIC) website this week.

The latest figure is 7,246,686 compared to 8,254,681 at the end of April. CNNIC, unlike many registries, often posts registration figures several months late. Others such as DENIC (.DE) and Nominet (.UK) have real time statistics.

The dramatic reductions are the result of the end of promotions that lasted for much of 2008 and 2009 where domain names could be registered for a few cents and the introduction of restrictions on registrants.

The latest figures mean .CN is still is the third highest ranked ccTLD behind .DE with 13,765,490 registrations as of 7 August and 8,654,260 for .UK (United Kingdom). .NL (Netherlands) is fourth with 3,981,555 registrations while .EU (European Union) is fifth with 3,227,644 registrations.

Europe Registry logoTo register your domain name for any of the above ccTLDs, or any other, check out Europe Registry here.

Third DENIC DNSSEC Testbed Meeting Another Great Success

DENIC logo[news release] A whole kaleidoscope of hot topics and questions all around the protocol extension DNSSEC and the persistent great interest of the Internet community made the third .de DNSSEC testbed meeting at the premises of DENIC another success.

With roughly 60 attendants from the Internet industry and Internet associations a diversified forum of users and providers of services and hard- and software tools supporting DNSSEC met in the offices of DENIC to be informed about the latest developments for combating DNS spoofing, cache poisoning and zone walking and to use the opportunity for networking.

By now, the test infrastructure set up by DENIC has achieved most of the milestones of its roadmap: Already at the beginning of March, the critical phase was entered with the initial publication of DS-Key records in the signed test version of the .de zone. Logically, also the focus of the accompanying four-meeting series is shifting more and more to practical aspects. Besides information about the current status of the testbed provided by the persons responsible for the project at DENIC, the central issues of the technical presentations of yesterday’s second-to-last DNSSEC meeting thus were the experience made and progress achieved by the DNSSEC users of the most different fields of the IT environment.

Elementary aspects and administrative processes still posing big questions for numerous TLDs also were central topics of vivid discussions: the security of NSEC3 resource records, the handling of domains that cannot be validated in error-prone zones, and, last but not least, the requirements to be defined for an appropriate policy for provider and/or DNS-operator changes under DNSSEC – all of them factors which are highly relevant to the praxis with regard to the global launch of the cryptographic protocol extension.

For reasons such as those mentioned above DENIC deliberately calculated the testbed for the generous period of 18 months from the very beginning. The declared aim of the project is to thoroughly analyze any potential operative and administrative risk and to develop substantial procedures on this basis which can be used as best practices within the scope of DNSSEC. Only long-term experience – so the credo – will provide valid results of secured practical suitability prior to launching the protocol extension in the productive environment at the start of 2011.

On 24 November 2010, the fourth and last DNSSEC testbed meeting will take place to report about the additional experience made and progress achieved with the .de zone by then. DENIC would be happy to welcome a large number of new interested parties who actively participate by operating their own domain(s) in the provided testbed, in order to have as broad as possible a basis for the final assessment of the testbed under cost-benefit aspects. By integrating the testbed in the production environment DENIC deliberately created very user-friendly conditions that make it easy to decide in favour of active participation.

Detailed information about DENIC’s latest DNSSEC testbed meeting and for all original papers, speaker profiles and live recordings of the presentations and discussions, are availlable online on the DENIC website.

Europe Registry logoTo register your .DE domain name, check out Europe Registry here.

DENIC Upgrades .DE Public-Whois in Test Environment

DENIC logoAfter a comprehensive revision, DENIC have unveiled a new version of their public-whois information query service. The new version has been available for public testing in the test environment since 2 June 2010 and is available at whois.test.denic.de. According to current planning, the new whois is scheduled to replace the current whois server on 29 June 2010.

The new version not only includes a revision of the whois architecture but also an optimisation of its functions such as a systematic elimination of inconsistencies and simultaneous standardisation of the parameter and output syntax. The aim is to make the new whois much more user-friendly.

An initial impression of the amendments and innovations is available from a special information page at www.denic.de/en/background/whois-service/changes-within-public-whois.html. Also accessible via this page is the new public-whois documentation with detailed explanations of all important information.

For testing purposes, a series of test domains is available that mirror all the potential domain statuses.

The test whois server can be accessed via whois.test.denic.de.

Europe Registry logoTo register your .DE domain name, check out Europe Registry here.

German Internet Temporarily Down Last Week

Many internet users could have found German (.DE) websites and email addresses inaccessible for a short period last week following problems with faulty servers.On Wednesday (May 12) from around 13:30 to 15:45 servers went down causing the problems meaning some domains were inaccessible with website error messages being given saying the “domain does not exist”.According to DENIC, “the reason why this situation occurred was an incomplete copying process during the regular name service data update, which is performed at 2-hour intervals. Due to this, an incomplete update of the name service data (a so-called zone file) was triggered at 12 of the 16 service locations.”The problem would not have been noticed by many internet users around the world as not all servers were affected. And the problems might have persisted for up to two hours longer than the official down time due to caching of servers’ data.This article was originally written for eBrand Services.

DENIC Enables Registration of DNSSEC Key Material as from 2 March

DENIC logo[news release] The “DNSSEC Testbed for Germany” enters the decisive phase: As from 2 March 2010 DENIC gives also second level domains under .de the opportunity to participate in the DNSSEC testbed and to record the related key material. In this process, DENIC initially registers the Key Signing Keys used as Trust Anchor, and then publishes the corresponding DS records in the .de zone accessible in the testbed. Thus, for the first time, the participants in the testbed will receive DNSSEC-secured responses for the second level domains involved. This is a considerable improvement compared with the previous status.

After having successfully implemented the signed version of the .de zone in the testbed environment in January, DENIC now makes available in the second phase of the project interfaces for registering and administering the key material of the delegated .de domains. These new features are also supported by the information services “whois” and “domain query”.

To be able to participate in the testbed, domain holders must use a DNSSEC-capable name server software for their domain. This is an essential prerequisite. At the present moment, the implementation is primarily suited for domain holders who operate their own name servers. As in domain registration and administration, the Key Signing Key is registered by the Internet service provider or domain registrar who administers the domain. Thus, interested domain holders are requested to contact their providers directly and to consult them about their personal options for using DNSSEC.

Within the next months, DENIC will clarify technical and operational questions in detail together with the testbed participants. The goal is to gain additional important knowledge with the support of a large number of participants – also new ones – and to design workflows and procedures in terms of practical suitability.

You will find more detailed information about the DNSSEC testbed and how to actively participate in it on DENIC’s special webpages. Additionally, DENIC has established a testbed mailing list to which you can subscribe via the link mailinglists.denic.de/mailman/listinfo/dnssec-testbed-l. This list serves as a platform for mutual technical support and for exchanging experience.

This DENIC news release was sourced from:
www.denic.de/en/denic-in-dialog/news/2575.html?cHash=e46eb73fde

Europe Registry logoTo register your .DE domain name, check out Europe Registry here.

DNSSEC Edges Closer for .DE

DENIC logoThe “DNSSEC Testbed for Germany” has entered a decisive phase: as of 2 March 2010 DENIC has given all second level domains under .DE the opportunity to participate in the DNSSEC testbed and to record their experiences.

In this process, DENIC initially registers the Key Signing Keys used as Trust Anchor, and then publishes the corresponding DS records in the .de zone accessible in the testbed. Thus, for the first time, the participants in the testbed will receive DNSSEC-secured responses for the second level domains involved. This is a considerable improvement compared with the previous status.

After having successfully implemented the signed version of the .DE zone in the testbed environment in January, DENIC now makes available in the second phase of the project interfaces for registering and administering the key material of the delegated .DE domains. These new features are also supported by the information services “whois” and “domain query”.

To be able to participate in the testbed, domain holders must use a DNSSEC-capable name server software for their domain. This is an essential prerequisite. At the present moment, the implementation is primarily suited for domain holders who operate their own name servers. As in domain registration and administration, the Key Signing Key is registered by the Internet service provider or domain registrar who administers the domain. Thus, interested domain holders are requested to contact their providers directly and to consult them about their personal options for using DNSSEC.

Within the next months, DENIC will clarify technical and operational questions in detail together with the testbed participants. The goal is to gain additional important knowledge with the support of a large number of participants – also new ones – and to design workflows and procedures in terms of practical suitability.

You will find more detailed information about the DNSSEC testbed and how to actively participate in it on DENIC’s special webpages. Additionally, DENIC has established a testbed mailing list to which you can subscribe via the link mailinglists.denic.de/mailman/listinfo/dnssec-testbed-l. This list serves as a platform for mutual technical support and for exchanging experience.

Europe Registry logoTo register your .DE domain name, check out Europe Registry here.

DENIC Releases BR.DE Domain Name

DENIC logoDENIC have allowed the registration of the two-letter domain name BR.DE. The domain was excluded from the release of two-character domains affected in autumn 2009. Upon DENIC’s objection, this temporary injunction was now rescinded. The domain name was subsequently registered at 15:00 on 18 February.

Everybody who was interested in the domain name was able to register it as of the above timeas long as the applicant did not infringe on any rights of others.

Due to the special nature of the release of the domain name, DENIC applied a special procedure for its release with registration requests only being allowed to be submitted by means of a special request form issued by DENIC.

For more information on the release of the domain name BR.DE and the process involved, see the DENIC announcements at:
www.denic.de/en/denic-in-dialog/news/2530.html?cHash=cb30518676
www.denic.de/en/denic-in-dialog/news/2532.html?cHash=bfed236ee6

Europe Registry logoTo register your .DE domain name, check out Europe Registry here.

Swiss Among World Leaders in Enabling DNSSEC

SWITCH, the registry for .CH and .LI domain names, enabled DNSSEC on day two of the annual Domain Pulse conference in Luzern yesterday. SWITCH became the third ccTLD registry to enable DNSSEC giving registrants of .CH domain names added security following .SE (Sweden) and .CZ (Czech Republic).The added security for internet users allows for a more secure internet, especially important for banks and other financial services providers, for example.At the Domain Pulse conference, Urs Eppenberger of SWITCH and Marc Furrer of the Swiss Federal Communications Commission (ComCom) enabled DNSSEC.Furrer said he was very pleased with the efforts of SWITCH to be playing a leading role in the implementation of more secure internet communications and commerce.”I am particularly proud of the fact that Switzerland is one of the first countries in Europe to introduce DNSSEC. This now guarantees security in the internet” said a delighted Marc Furrer, President of ComCom, in a statement.Meanwhile DENIC is on schedule to prepare a test bed for registrars and this phase will run until 2011, said Sabine Dolderer, the company’s CEO.However nic.at will not be introducing DNSSEC in 2010, said Richard Wein, CEO of nic.at. Wein believes there is not yet the demand or the market for it in Austria (.AT) at the moment, but like DENIC, nic.at will be watching developments closely in the .CH ccTLD closely. Nic.at will be preparing for DNSSEC internally to have it ready for deployment when there is a demand.Nic.at is also preparing an innovative business model to allow internet companies from registries, and in particular those planning to apply for new generic Top Level Domains (gTLDs), registrars, banks and others demanding a high level of security, to use their infrastructure. It is planned to have this finalised in the summer of 2010.Among other presentations included Steve Gobin from ICANN who spoke of the new Registrar Accreditation Agreement while Simon Kopp of Kantonspolizei Luzern spoke about Fit4Chat , an initiative of the Luzern canton’s police department to help parents and children deal with unwanted contact from strangers, and in particular older adults, online.There was also a presentation on internationalised domain names (IDNs) from Leonid Todorov from the Coordination Centre for TLD RU who explained the difficulties for Russian users in having to use only Latin characters for domain names. With a very small number of English speakers, especially in the more remote regions, and n o adequate Latin/Cyrllic script translation, particularly relating to international trademarks, the introduction of IDNs will be of huge benefit to internet users in the country.The 2011 Domain Pulse conference will be held in Vienna, Austria, from 17 to 18 February which will more or less coincide with the predicted one millionth .AT domain registration milestone.Videos and slides of all presentations, mostly in German, are available on the Domain Pulse website at domainpulse.ch although without simultaneous translations as occurred during the meeting.

Domain Name Security Gains Prominence in German-Speaking World

The 2010 Domain Pulse, hosted by SWITCH (the .CH registry) was held in the snowy Swiss city of Luzern. Domain Name Security (DNS) was of particular importance in this year’s meeting with DNSSEC being implemented in the root zone in 2010 by ICANN, and by many registries in the next few years.ICANN plan to have all root servers signed with DNSSEC by mid-2010 Kim Davies, Manager, Root Zone Services at ICANN told the meeting on Monday, starting with the L root server, then A root server with the last being the J root server as all are gradually signed.ICANN has taken a conservative approach to deploying DNSSEC to ensure there are no mistakes in its implementation, said Davies.Meanwhile a discussion on the registration of domain names that are responsible for illegal content, such as phishing or child pornography, was hotly discussed.A discussion with lawyers from Germany, Austria and Switzerland said in varying degrees that when it is difficult to contact the domain registrant, that using the registrar as a means of deleting the domain name was justified.All three lawyers, Clara-Ann Gordon (Switzerland), Dr. Boris Uphoff (Germany) and Michael Pilz (Austria) said that when it is difficult to contact the domain registrant, that using the registrar as a means of deleting the domain name.Difficulties can often occur in the event of such a domain name registration when the registrant includes false registration information.The registries, represented by their legal counsel Stephan Welzel (DENIC), Barbara Schlossbauer (nic.at) and Nicole Beranek Zanon (SWITCH) took this discussion further and explained what happens when there are difficulties in contacting registrants such as when there is illegal use of the domain name, such as illegal content.In the case of phishing, in Austria if the registry is certain the content is legal the domain name is deleted, in Germany the domain name is not deleted as they believe the domain name is not the problem but the content is while in Switzerland they temporarily block the domain until the legal situation is sorted out.Videos of all presentations, mostly in German, are available on the Domain Pulse website at domainpulse.ch although without simultaneous translations as occurred during the meeting.