FW: NEWSBANK:: DNS Software to Include Reputation Blacklist System

-------------------------------------------
From: Franz Hinner (MKT-US)
Sent: Sunday, August 08, 2010 4:09:03 AM
To: Paul Ferguson (RD-US); Newsbank
Subject: RE: NEWSBANK:: DNS Software to Include Reputation Blacklist System
Auto forwarded by a Rule

Wow, very cool information. Thanks!

 

Best regards,

Franz

 

Franz S. Hinner Senior Product Manager Worry Free Business Security Services 178 Brushy Creek Trail, Hutto TX 78634 Office: +1 (408) 634-0623 | Mobile: +1 (512) 436-0723 Fax:    +1 (512) 857-0489  | Skype: fhinner

Please consider your environmental responsibility before printing this e-mail.

 

 

From: Paul Ferguson (RD-US)
Sent: Saturday, August 07, 2010 12:51
To: Newsbank
Subject: NEWSBANK:: DNS Software to Include Reputation Blacklist System

 

Saturday August 7, 2010

DNS Software to Include Reputation Blacklist System

 

One of the architects of the DNS, the naming system for the Internet, is building into the server software for the Internet a system to allow cooperating servers to share reputation data in order to block malicious domains.

Vixie notes in his announcement of the development, which was first introduced at Black Hat and Defcon, that most new Internet domain names are malicious. He appears to consider those created by speculators to be in the "malicious" category, which is debatable, but surely the number of malicious domains is very large.

Paul Vixie was the primary architect and author of BIND, the DNS Internet server software of choice, and is the author of many important Internet RFCs. He co-founded MAPS (Mail Abuse Prevention System) with Dave Rand to implement SMTP e-mail blacklists based to prevent spam and other abuse. Vixie is now President of ISC (Internet Systems Consortium, Inc.), which produces BIND.

ISC has added a new element to BIND: Response Policy Zones (DNS RPZ). Vixie: "The subscribing agent in this case is a recursive DNS server... If your recursive DNS server has a policy rule which forbids certain domain names from being resolvable, then they will not resolve. And, it's possible to either create and maintain these rules locally, or, import them from a reputation provider." Essentially, they have ported the concept of RBLs from SMTP servers over to DNS servers. Click here for the current DNS RPZ spec.

The comments to Vixie's CircleID article include some interesting remarks from noteworthy people. David Ulevitch of OpenDNS notes that they have been doing something similar within their own service for some time. Frank Schilling, perhaps the most famous and successful domain speculator (he uses the term "investor" takes issue and sees this move as a land grab and an infringement on his rights. Phillip Hallem-Baker, former CTO of VeriSign, notes that even if few users understand the issues, they have a choice of DNS providers and ISPs which might filter DNS.

 

 

http://blogs.pcmag.com/securitywatch/2010/08/dns_software_to_include_reputa.php

 

This is a development that we (FTR) is following very closely, and participating in public discussions on the direction of the issues/technology.

 

-ferg

 

--

"Fergie", a.k.a. Paul Ferguson

 Threat Research,

 CoreTech Engineering

 Trend Micro, Inc., Cupertino, California USA