From: Franz Hinner (MKT-US)
Sent: Sunday, August 08, 2010 4:09:03 AM
To: Paul Ferguson (RD-US); Newsbank
Subject: RE: NEWSBANK:: DNS Software to Include Reputation Blacklist System
Auto forwarded by a Rule
Wow, very cool information. Thanks!
Please consider your environmental responsibility before printing this e-mail.
Saturday August 7, 2010
One of the architects of the DNS, the naming system for the Internet, is building into the server software for the Internet a system to allow cooperating servers to share reputation data in order to block malicious domains.
Vixie notes in his announcement of the development, which was first introduced at Black Hat and Defcon, that most new Internet domain names are malicious. He appears to consider those created by speculators to be in the "malicious" category, which is debatable, but surely the number of malicious domains is very large.
Paul Vixie was the primary architect and author of BIND, the DNS Internet server software of choice, and is the author of many important Internet RFCs. He co-founded MAPS (Mail Abuse Prevention System) with Dave Rand to implement SMTP e-mail blacklists based to prevent spam and other abuse. Vixie is now President of ISC (Internet Systems Consortium, Inc.), which produces BIND.
ISC has added a new element to BIND: Response Policy Zones (DNS RPZ). Vixie: "The subscribing agent in this case is a recursive DNS server... If your recursive DNS server has a policy rule which forbids certain domain names from being resolvable, then they will not resolve. And, it's possible to either create and maintain these rules locally, or, import them from a reputation provider." Essentially, they have ported the concept of RBLs from SMTP servers over to DNS servers. Click here for the current DNS RPZ spec.
The comments to Vixie's CircleID article include some interesting remarks from noteworthy people. David Ulevitch of OpenDNS notes that they have been doing something similar within their own service for some time. Frank Schilling, perhaps the most famous and successful domain speculator (he uses the term "investor" takes issue and sees this move as a land grab and an infringement on his rights. Phillip Hallem-Baker, former CTO of VeriSign, notes that even if few users understand the issues, they have a choice of DNS providers and ISPs which might filter DNS.
This is a development that we (FTR) is following very closely, and participating in public discussions on the direction of the issues/technology.
"Fergie", a.k.a. Paul Ferguson
Trend Micro, Inc., Cupertino, California USA