Tag Archives: .de

Third DENIC DNSSEC Testbed Meeting Another Great Success

DENIC logo[news release] A whole kaleidoscope of hot topics and questions all around the protocol extension DNSSEC and the persistent great interest of the Internet community made the third .de DNSSEC testbed meeting at the premises of DENIC another success.

With roughly 60 attendants from the Internet industry and Internet associations a diversified forum of users and providers of services and hard- and software tools supporting DNSSEC met in the offices of DENIC to be informed about the latest developments for combating DNS spoofing, cache poisoning and zone walking and to use the opportunity for networking.

By now, the test infrastructure set up by DENIC has achieved most of the milestones of its roadmap: Already at the beginning of March, the critical phase was entered with the initial publication of DS-Key records in the signed test version of the .de zone. Logically, also the focus of the accompanying four-meeting series is shifting more and more to practical aspects. Besides information about the current status of the testbed provided by the persons responsible for the project at DENIC, the central issues of the technical presentations of yesterday’s second-to-last DNSSEC meeting thus were the experience made and progress achieved by the DNSSEC users of the most different fields of the IT environment.

Elementary aspects and administrative processes still posing big questions for numerous TLDs also were central topics of vivid discussions: the security of NSEC3 resource records, the handling of domains that cannot be validated in error-prone zones, and, last but not least, the requirements to be defined for an appropriate policy for provider and/or DNS-operator changes under DNSSEC – all of them factors which are highly relevant to the praxis with regard to the global launch of the cryptographic protocol extension.

For reasons such as those mentioned above DENIC deliberately calculated the testbed for the generous period of 18 months from the very beginning. The declared aim of the project is to thoroughly analyze any potential operative and administrative risk and to develop substantial procedures on this basis which can be used as best practices within the scope of DNSSEC. Only long-term experience – so the credo – will provide valid results of secured practical suitability prior to launching the protocol extension in the productive environment at the start of 2011.

On 24 November 2010, the fourth and last DNSSEC testbed meeting will take place to report about the additional experience made and progress achieved with the .de zone by then. DENIC would be happy to welcome a large number of new interested parties who actively participate by operating their own domain(s) in the provided testbed, in order to have as broad as possible a basis for the final assessment of the testbed under cost-benefit aspects. By integrating the testbed in the production environment DENIC deliberately created very user-friendly conditions that make it easy to decide in favour of active participation.

Detailed information about DENIC’s latest DNSSEC testbed meeting and for all original papers, speaker profiles and live recordings of the presentations and discussions, are availlable online on the DENIC website.

Europe Registry logoTo register your .DE domain name, check out Europe Registry here.

DENIC Upgrades .DE Public-Whois in Test Environment

DENIC logoAfter a comprehensive revision, DENIC have unveiled a new version of their public-whois information query service. The new version has been available for public testing in the test environment since 2 June 2010 and is available at whois.test.denic.de. According to current planning, the new whois is scheduled to replace the current whois server on 29 June 2010.

The new version not only includes a revision of the whois architecture but also an optimisation of its functions such as a systematic elimination of inconsistencies and simultaneous standardisation of the parameter and output syntax. The aim is to make the new whois much more user-friendly.

An initial impression of the amendments and innovations is available from a special information page at www.denic.de/en/background/whois-service/changes-within-public-whois.html. Also accessible via this page is the new public-whois documentation with detailed explanations of all important information.

For testing purposes, a series of test domains is available that mirror all the potential domain statuses.

The test whois server can be accessed via whois.test.denic.de.

Europe Registry logoTo register your .DE domain name, check out Europe Registry here.

German Internet Temporarily Down Last Week

Many internet users could have found German (.DE) websites and email addresses inaccessible for a short period last week following problems with faulty servers.On Wednesday (May 12) from around 13:30 to 15:45 servers went down causing the problems meaning some domains were inaccessible with website error messages being given saying the “domain does not exist”.According to DENIC, “the reason why this situation occurred was an incomplete copying process during the regular name service data update, which is performed at 2-hour intervals. Due to this, an incomplete update of the name service data (a so-called zone file) was triggered at 12 of the 16 service locations.”The problem would not have been noticed by many internet users around the world as not all servers were affected. And the problems might have persisted for up to two hours longer than the official down time due to caching of servers’ data.This article was originally written for eBrand Services.

DENIC Enables Registration of DNSSEC Key Material as from 2 March

DENIC logo[news release] The “DNSSEC Testbed for Germany” enters the decisive phase: As from 2 March 2010 DENIC gives also second level domains under .de the opportunity to participate in the DNSSEC testbed and to record the related key material. In this process, DENIC initially registers the Key Signing Keys used as Trust Anchor, and then publishes the corresponding DS records in the .de zone accessible in the testbed. Thus, for the first time, the participants in the testbed will receive DNSSEC-secured responses for the second level domains involved. This is a considerable improvement compared with the previous status.

After having successfully implemented the signed version of the .de zone in the testbed environment in January, DENIC now makes available in the second phase of the project interfaces for registering and administering the key material of the delegated .de domains. These new features are also supported by the information services “whois” and “domain query”.

To be able to participate in the testbed, domain holders must use a DNSSEC-capable name server software for their domain. This is an essential prerequisite. At the present moment, the implementation is primarily suited for domain holders who operate their own name servers. As in domain registration and administration, the Key Signing Key is registered by the Internet service provider or domain registrar who administers the domain. Thus, interested domain holders are requested to contact their providers directly and to consult them about their personal options for using DNSSEC.

Within the next months, DENIC will clarify technical and operational questions in detail together with the testbed participants. The goal is to gain additional important knowledge with the support of a large number of participants – also new ones – and to design workflows and procedures in terms of practical suitability.

You will find more detailed information about the DNSSEC testbed and how to actively participate in it on DENIC’s special webpages. Additionally, DENIC has established a testbed mailing list to which you can subscribe via the link mailinglists.denic.de/mailman/listinfo/dnssec-testbed-l. This list serves as a platform for mutual technical support and for exchanging experience.

This DENIC news release was sourced from:
www.denic.de/en/denic-in-dialog/news/2575.html?cHash=e46eb73fde

Europe Registry logoTo register your .DE domain name, check out Europe Registry here.

DNSSEC Edges Closer for .DE

DENIC logoThe “DNSSEC Testbed for Germany” has entered a decisive phase: as of 2 March 2010 DENIC has given all second level domains under .DE the opportunity to participate in the DNSSEC testbed and to record their experiences.

In this process, DENIC initially registers the Key Signing Keys used as Trust Anchor, and then publishes the corresponding DS records in the .de zone accessible in the testbed. Thus, for the first time, the participants in the testbed will receive DNSSEC-secured responses for the second level domains involved. This is a considerable improvement compared with the previous status.

After having successfully implemented the signed version of the .DE zone in the testbed environment in January, DENIC now makes available in the second phase of the project interfaces for registering and administering the key material of the delegated .DE domains. These new features are also supported by the information services “whois” and “domain query”.

To be able to participate in the testbed, domain holders must use a DNSSEC-capable name server software for their domain. This is an essential prerequisite. At the present moment, the implementation is primarily suited for domain holders who operate their own name servers. As in domain registration and administration, the Key Signing Key is registered by the Internet service provider or domain registrar who administers the domain. Thus, interested domain holders are requested to contact their providers directly and to consult them about their personal options for using DNSSEC.

Within the next months, DENIC will clarify technical and operational questions in detail together with the testbed participants. The goal is to gain additional important knowledge with the support of a large number of participants – also new ones – and to design workflows and procedures in terms of practical suitability.

You will find more detailed information about the DNSSEC testbed and how to actively participate in it on DENIC’s special webpages. Additionally, DENIC has established a testbed mailing list to which you can subscribe via the link mailinglists.denic.de/mailman/listinfo/dnssec-testbed-l. This list serves as a platform for mutual technical support and for exchanging experience.

Europe Registry logoTo register your .DE domain name, check out Europe Registry here.

DENIC Releases BR.DE Domain Name

DENIC logoDENIC have allowed the registration of the two-letter domain name BR.DE. The domain was excluded from the release of two-character domains affected in autumn 2009. Upon DENIC’s objection, this temporary injunction was now rescinded. The domain name was subsequently registered at 15:00 on 18 February.

Everybody who was interested in the domain name was able to register it as of the above timeas long as the applicant did not infringe on any rights of others.

Due to the special nature of the release of the domain name, DENIC applied a special procedure for its release with registration requests only being allowed to be submitted by means of a special request form issued by DENIC.

For more information on the release of the domain name BR.DE and the process involved, see the DENIC announcements at:
www.denic.de/en/denic-in-dialog/news/2530.html?cHash=cb30518676
www.denic.de/en/denic-in-dialog/news/2532.html?cHash=bfed236ee6

Europe Registry logoTo register your .DE domain name, check out Europe Registry here.

Swiss Among World Leaders in Enabling DNSSEC

SWITCH, the registry for .CH and .LI domain names, enabled DNSSEC on day two of the annual Domain Pulse conference in Luzern yesterday. SWITCH became the third ccTLD registry to enable DNSSEC giving registrants of .CH domain names added security following .SE (Sweden) and .CZ (Czech Republic).The added security for internet users allows for a more secure internet, especially important for banks and other financial services providers, for example.At the Domain Pulse conference, Urs Eppenberger of SWITCH and Marc Furrer of the Swiss Federal Communications Commission (ComCom) enabled DNSSEC.Furrer said he was very pleased with the efforts of SWITCH to be playing a leading role in the implementation of more secure internet communications and commerce.”I am particularly proud of the fact that Switzerland is one of the first countries in Europe to introduce DNSSEC. This now guarantees security in the internet” said a delighted Marc Furrer, President of ComCom, in a statement.Meanwhile DENIC is on schedule to prepare a test bed for registrars and this phase will run until 2011, said Sabine Dolderer, the company’s CEO.However nic.at will not be introducing DNSSEC in 2010, said Richard Wein, CEO of nic.at. Wein believes there is not yet the demand or the market for it in Austria (.AT) at the moment, but like DENIC, nic.at will be watching developments closely in the .CH ccTLD closely. Nic.at will be preparing for DNSSEC internally to have it ready for deployment when there is a demand.Nic.at is also preparing an innovative business model to allow internet companies from registries, and in particular those planning to apply for new generic Top Level Domains (gTLDs), registrars, banks and others demanding a high level of security, to use their infrastructure. It is planned to have this finalised in the summer of 2010.Among other presentations included Steve Gobin from ICANN who spoke of the new Registrar Accreditation Agreement while Simon Kopp of Kantonspolizei Luzern spoke about Fit4Chat , an initiative of the Luzern canton’s police department to help parents and children deal with unwanted contact from strangers, and in particular older adults, online.There was also a presentation on internationalised domain names (IDNs) from Leonid Todorov from the Coordination Centre for TLD RU who explained the difficulties for Russian users in having to use only Latin characters for domain names. With a very small number of English speakers, especially in the more remote regions, and n o adequate Latin/Cyrllic script translation, particularly relating to international trademarks, the introduction of IDNs will be of huge benefit to internet users in the country.The 2011 Domain Pulse conference will be held in Vienna, Austria, from 17 to 18 February which will more or less coincide with the predicted one millionth .AT domain registration milestone.Videos and slides of all presentations, mostly in German, are available on the Domain Pulse website at domainpulse.ch although without simultaneous translations as occurred during the meeting.

Domain Name Security Gains Prominence in German-Speaking World

The 2010 Domain Pulse, hosted by SWITCH (the .CH registry) was held in the snowy Swiss city of Luzern. Domain Name Security (DNS) was of particular importance in this year’s meeting with DNSSEC being implemented in the root zone in 2010 by ICANN, and by many registries in the next few years.ICANN plan to have all root servers signed with DNSSEC by mid-2010 Kim Davies, Manager, Root Zone Services at ICANN told the meeting on Monday, starting with the L root server, then A root server with the last being the J root server as all are gradually signed.ICANN has taken a conservative approach to deploying DNSSEC to ensure there are no mistakes in its implementation, said Davies.Meanwhile a discussion on the registration of domain names that are responsible for illegal content, such as phishing or child pornography, was hotly discussed.A discussion with lawyers from Germany, Austria and Switzerland said in varying degrees that when it is difficult to contact the domain registrant, that using the registrar as a means of deleting the domain name was justified.All three lawyers, Clara-Ann Gordon (Switzerland), Dr. Boris Uphoff (Germany) and Michael Pilz (Austria) said that when it is difficult to contact the domain registrant, that using the registrar as a means of deleting the domain name.Difficulties can often occur in the event of such a domain name registration when the registrant includes false registration information.The registries, represented by their legal counsel Stephan Welzel (DENIC), Barbara Schlossbauer (nic.at) and Nicole Beranek Zanon (SWITCH) took this discussion further and explained what happens when there are difficulties in contacting registrants such as when there is illegal use of the domain name, such as illegal content.In the case of phishing, in Austria if the registry is certain the content is legal the domain name is deleted, in Germany the domain name is not deleted as they believe the domain name is not the problem but the content is while in Switzerland they temporarily block the domain until the legal situation is sorted out.Videos of all presentations, mostly in German, are available on the Domain Pulse website at domainpulse.ch although without simultaneous translations as occurred during the meeting.

Has .CN Regained Number One ccTLD Ranking from .DE?

After not having posted registration figures for at least four months, CNNIC, the China Internet Network Information Center, has finally updated its figures to show they have regained the number one ccTLD ranking from .DE (Germany).According to the latest figures, there were 13,680,727 domain name registrations as of 30 November compared to 13,325,300 .DE registrations as of 13 December according to the DENIC website.Registration figures for CNNIC were dropping significantly, likely to be as a result of the ending of a promotion CNNIC were running in 2008. However it appears they are once again on an upward trend.Both though are way ahead of the third placed ccTLD, .UK (United Kingdom) who in November passed the eight millionth registration milestone.To register your .CN, .DE, .UK or any other domain name, check out Europe Registry or Asia Registry.

One & two letter .DE domains available soon as DENIC abolishes many restrictions

DENIC will allow the registration of one- and two-letter domain names as part of a reform of registration rules as of 23 October that will see most of the restrictions that currently exist abolished.Other restrictions to be abolished will see it possible to register domain names composed exclusively of numerals as well registrants being able to register domains identical to combinations of letters that are used for German motor vehicle number plates and for Top Level Domains such as “com” or “org”.Some rules that will remain in force include the maximum length of a domain will still be 63 characters (not including the .DE part) and that a domain must neither begin nor end with a hyphen nor have hyphens as both its third and fourth characters.”The amendments will reduce the restrictions imposed on domain registrations to a minimum,” says DENIC’s Executive Board member Sabine Dolderer (CEO).The changes come about following a German court order where Volkswagen wished to register the VW.DE domain name. The car manufacturer from Wolfsburg complained they were unable to register the domain name and took DENIC to court and was eventually successful.The changes are likely to see firms such as H&M and C&A desperately attempting to obtain domain names such as HM.DE and CA.DE respectively.To register a domain name under the new rules, DENIC advises to apply for desired domains with a registrar such as Europe Registry now. The release of domain names under the new rules will occur at 09.00 on 23 October 2009.To ensure a quick, secure, transparent and above all fair assignment procedure, DENIC will register the new domains applying the “first come, first served” principle. Registrars will collect all customer requests until the launch phase starts and hand them in to DENIC electronically on the first day of registration. DENIC will assign a domain to the first request it receives for it. Assignment in correct order will be guaranteed by an electronic time stamp operating in milliseconds.
As from 23 October 2009 the following rules will apply for domains under the TLD .DE:

  • one- and two-digit domains as well as domain names composed exclusively of numerals can now be registered.
  • domains identical with combinations of letters that are used for motorvehicle number plates or for TLDs are released for registration.
  • a domain may be comprised of the digits 0-9, hyphens, the letters a-z of the Latin alphabet and the other letters listed in the currently valid annex to the Domain Guidelines.
  • a domain must neither begin nor end with a hyphen. Neither must it have hyphens as both its third and fourth characters.
  • the minimum length of a domain is one character.
  • the maximum length of a domain is 63 characters (referred to the ACE-encoded form of the domain) – without .de respectively

For more information on the changes to registration guidelines for .DE domain names, see www.denic.de.To register your .DE domain name, check out Europe Registry here.