Tag Archives: Paul Vixie

Farsight Security Webinar: Playing Offense with the Domain Name System

Dr. Paul Mockapetris created the Domain Name System (DNS) in 1983 with an initial goal of replacing the centralized host table of names with a decentralized database, but it was always intended to be extensible to new problems and applications.  Today, DNS is the backbone of the Internet, enabling all online transactions, good or bad, around the world.

In a rare conversation, ThreatSTOP Chief Scientist Dr. Paul Mockapetris, the inventor of DNS, and Farsight Security CEO Dr. Paul Vixie, who designed, implemented and deployed several DNS protocol extensions and applications that are used throughout the Internet today, will discuss a number of topics including:

  •   The evolution of DNS and how it has been weaponized by cybercriminals to commit fraud, espionage and other cybercrime
  •   Specific DNS-based techniques used by the bad guys to infiltrate today’s enterprises
  •   How organizations can play offense against these attacks, including utilizing the DNS to better secure their infrastructure, intellectual property and customers.
  •   The future of DNS – and its pivotal role in security moving forward

Information shared during this webinar will be valuable across every vertical industry — don’t miss this special event.

A Conversation with Dr. Paul Mockapetris and Farsight Security CEO Dr. Paul Vixie

Live Interactive Webinar: Tuesday, February 27th 1:00 pm Eastern, 10:00 am Pacific

To register for this Farsight webinar, go to:

About the Speakers

dr.vixie.1.jpgDr. Paul Vixie: Chairman, CEO & Co-founder of Farsight Security Inc.
Inducted into the Internet Hall of Fame in 2014, Dr. Vixie designed, implemented and deployed several DNS protocol extensions and applications that are used throughout the Internet today. Prior to Farsight, he served as President, Chairman, and founder of Internet Systems Consortium (ISC); as President of  MAPS, PAIX, and MIBH; and as CTO of Abovenet/MFN. He served on the ARIN Board of Trustees from 2005 to 2013, and as Chairman in 2008 and 2009. Dr. Vixie is a founding member of ICANN Root Server System Advisory Committee (RSSAC) and ICANN Security and Stability Advisory Committee (SSAC).

Paul-MockapetrisDr. Paul Mockapetris, the inventor of DNS and
Chief Scientist at ThreatSTOP
Paul invented the DNS while at USC’s Information Sciences Institute, and oversaw its root servers during its early years. He subsequently served as program manager at (D)ARPA, IETF Chair, and Division Director at ISI before turning to the startup world. He was founder at the first large scale Internet over cable ISP @Home, CTO at Software.com and Fiberlane, and Chief Scientist at Nominum. He became an Inaugural member of the Internet Hall of Fame, and is a fellow of the ACM, IEEE, and the National Academy of Engineering. He is the recipient of the IEEE Internet Award and the ACM Sigcomm Award. He earned learner’s permits in Physics and EE from MIT, and a PhD in Information and Computer Science from UC Irvine.


Donuts and MPAA Work To Thwart Piracy, But EFF Says TLD Operators Should Not Be Content Police

Donuts and the US’s Motion Picture Association of America (MPAA) have made a joint announcement that they believe will help ensure that websites using domains registered under the Donuts operated new gTLDs are not engaged in large-scale piracy. But the Electronic Frontier Foundation (EFF) is scathing of the agreement saying that “the companies and organisations that run the [DNS] shouldn’t be in the business of policing the contents of websites, or enforcing laws that can impinge on free speech.Donuts currently operates 191 new gTLDs with 185 having entered General Availability, by far the most of any new gTLD registry, and has 1.6 million domains under management (DUM). But the MPAA is probably most interested in one of the smaller gTLDs – .movie – with less than 900 DUM.Under the terms of the agreement, the MPAA will be treated as a “Trusted Notifier” for the purpose of reporting large-scale pirate websites that are registered in a domain extension operated by Donuts. The agreement imposes strict standards for such referrals, including that they be accompanied by clear evidence of pervasive copyright infringement and a representation that the MPAA has first attempted to contact the registrar and hosting provider for resolution.So it is not guaranteed that every domain reported to Donuts will be taken down. But the inference is that many, if not the vast majority, will.The agreement specifies that Donuts will work with registrar partners to contact the website operator and seek additional evidence. If Donuts or its registrar partner determines that the website is engaged in illegal activity and thereby violates Donuts’ Acceptable Use and Anti-Abuse Policy, then they, in their discretion, may act within their already established authority to put the infringing domain on hold or suspend it.The new programme is being touted as a voluntary best practice designed to help promote a healthier internet by mitigating blatantly illegal online activity.”This is a groundbreaking partnership and one we’re proud to undertake,” said Donuts Co-Founder and Executive Vice President Jon Nevett. “Donuts, as the operator of .MOVIE, .THEATER, .COMPANY and almost 200 other domain extensions, is committed to a healthy domain name environment and this is another step toward a safe and secure namespace.””I want to thank Donuts for their leadership. This agreement demonstrates that the tech community and content creators can work together on voluntary initiatives to help ensure vibrant, legal digital marketplaces that benefit all members of the online ecosystem,” said Senator Chris Dodd, Chairman and CEO of the MPAA. “Filmmakers and distributers are already using the internet to offer more options than ever before for accessing online legal content, including over 115 such sites in the U.S. alone. But sites engaged in large-scale piracy threaten this continued growth and creativity, as well as the livelihoods of the 1.9 million Americans whose jobs depend on our industry.””Nobody questions that the internet has made possible dramatic technology innovations both for legal and illegal purposes,” said Paul Vixie, CEO of Farsight Security and longtime member of the internet and open source technical communities. “We need responsible parties to take voluntary, cooperative action against illegal activities online. I see programs like Trusted Notifier as an ideal step toward making the internet safer.””While this agreement is geared specifically to film and television piracy, it can also be adapted to address other illegal activity online,” Nevett said. “Hopefully, it will become a model for similar agreements that can be reached with operators in the domain name ecosystem and other internet intermediaries.”But not everyone agrees the initiative is a good idea. It has long been viewed that top level domain operators, whether they be country codes or generic, should not be content police. And the Electronic Frontier Foundation for one is been scathing of the agreement.The EFF is concerned that “the danger in agreements like this is that they could become a blanket policy that internet users cannot avoid. If what’s past is prologue, expect to see MPAA and other groups of powerful media companies touting the Donuts agreement as a new norm, and using it to push ICANN and governments towards making all domain name registries disable access to an entire website on a mere accusation of infringement.”The EFF also is concerned that “other business interests, as well as governments, who want to suppress particular types of speech on the internet will jump on this bandwagon.”

New gTLDs A Money Grab And A Mistake; Whois Privacy Exists Only Because Of Criminals: Vixie

New generic Top Level Domains are a money grab and ICANN has been captured by industry are claims made by Dr Paul Vixie at a conference in Melbourne, Australia, last Sunday, according to a ZDNet report.”I think it is a money grab. My own view is that ICANN functions as a regulator, and that as a regulator it has been captured by the industry that they are regulating. I think that there was no end-user demand whatsoever for more so-called DNS extensions, [or] global generic top-level domains (gTLDs),” Vixie said in response to an audience question.Vixie went on to say that he believes the demand for new gTLDs has come from “the people who have the budget to send a lot of people to every ICANN meeting, and participate in every debate”, that is, the domain name registrars who simply want more names to sell, so they can make more money. But these new domains don’t seem to be working.”They’re gradually rolling out, and they are all commercial failures,” Vixie said.”I’m sure that there will be another 2,000 of them sold, because $185,000 to pay the application fee for each one [is] chump change to the companies who want to make money doing this.”In Vixie’s view, creating the new domains goes against ICANN’s purpose.”ICANN is a 501(c)(3) non-profit public charity [under the California Nonprofit Public Benefit Corporation Law], and their job is to serve the public, not to serve the companies… I think that until they can come up with an actual public benefit reason they should be creating more of these, they’ve got no cause to act,” Vixie said.”There should be no price at which you can buy .microsoft, but there is, and that’s a mistake. That indicates corruption, as far as I’m concerned.”Vixie’s opposition to the new gTLDs echoes those of another internet pioneer, Esther Dyson. Back in 2011 Dyson, the inaugural ICANN chair, continued her opposition to ICANN’s plans saying “this is an economic creation” as she contrasted the programme with how companies like Twitter and Amazon built value into top-level domains. “What I would like to see is real innovation. … For that, you don’t need a new TLD.”Vixie went on to say that, again according to ZDNet, that’s one reason that domain names now cost “effectively nothing”, because they can be bought with a stolen credit card, or in bulk for just pennies.”The WHOIS privacy industry would not exist if not for criminals,” Vixie said.”There are plenty of folks [who] would like to say [that] for civil society purposes we need the ability for dissidents to register a domain name and complain about their own government, and not have to worry about getting their doors kicked in. Frankly, that is not a realistic scenario, and that is not the way that WHOIS privacy gets used,” he said.”We’ve also seen through Brian Krebs’ work, there are plenty of registrars, registries, and ISPs that specialise, they cater to the criminal element. We’ve got businesses that exist for no purpose other than to enable the dark side of the economy. I hate that. And it is DNS, again, that makes all of that possible.”Vixie pointed out a clear difference between WHOIS and DNS, however.”WHOIS, you can lie. You can put in an address that is not your own, or you can pay some WHOIS privacy provider to hide the identity of your domain name registration, or your IP address registration. And so investigators, both criminal and civil, have long learned that WHOIS is probably not going to help them much. They check it, but they don’t expect any results,” he said.”DNS is not like that. If you lie in DNS, your shit doesn’t work, and that gives us some power. It gives us some leverage.”Vixie also called for “attendees to implement technologies that can improve the integrity of DNS, because right now it can’t be trusted — technologies such as the Domain Name System Security Extensions (DNSSEC), DNS Response Rate Limiting (DNS RRL), and DNS Response Policy Zones (DNS RPZ).”To read the ZDNet article in full, go to: