This post has been contributed by Martin Jensen of Future Hosting. Martin is a technical writer for Future Hosting, a specialized VPS and dedicated server hosting company. Follow Future Hosting on Twitter at @fhsales, Like them on Facebook http://www.facebook.com/futurehosting, and check out all the services they offer on http://www.futurehosting.com.
A US laboratory recently revealed that it has been running a network encrypted with quantum technology for several years. Quantum cryptography has the potential to provide perfect encryption.
Traditional cryptography relies on the inherent difficulty of carrying out certain mathematical calculations in a practical amount of time. For example, encryption algorithms like RSA are based on the difficulty of factoring primes. If we take two very large prime numbers and multiply them, there is no quick mathematical way of getting back to the original prime numbers from their product. It can be done, but it typically takes hundreds or thousands of years to do so.
The Domain Name Service is a crucial aspect of maintaining a stable and reliable web presence. No matter how solid a business’s web hosting might be, how well-designed their site, and how effective their search engine optimization, without a properly managed domain name service, the connection between revenue generating users and a business’s site cannot be relied upon.
In the Unix developer world, there is a prevailing philosophy that a tool should do one thing and do it well. That’s both because it’s an extremely flexible approach, allowing collections of tools to be used in combinations that could never have been thought of by the original developer and because it allows developers to cultivate a deep knowledge of the problems of a particular domain and the best ways to solve them.
It’s a powerful way of thinking about developing software, and it’s equally applicable to other areas where a combination of functional units can be organized to contribute to an overarching goal.
We know that summer is approaching and the weather is getting warmer. Luckily, while you were away from the computer, we continued to scour the internet for the best DNS, security, and enterprise IT content from the last month. So, without further ado, here’s April best.
- ICANN gTLDs: When Names Are Borrowed from an Atlas - When names are borrowed from an Atlas, things happen. Use of Geographic names have always caused some problems for two reasons; one they are in the public domain so anyone else can use them and two they connote that business is confined to just that geographic area. Like Paris Bakery, Waterloo Furniture or London Bank.
- HTG Explains: What is DNS Cache Poisoning? – DNS cache poisoning, also known as DNS spoofing, is a type of attack that exploits vulnerabilities in the domain name system (DNS) to divert Internet traffic away from legitimate servers and towards fake ones. Read more..
This post has been contributed by Graeme Caldwell — Graeme works as an inbound marketer for InterWorx, a revolutionary web hosting control panel for hosts who need scalability and reliability.
When businesses are planning their infrastructure deployment strategy, there are a couple of high level ways they can think about preparing for future expansion.
Vertical scaling is the addition of extra resources to the servers in a network. For example, perhaps a business runs up against storage capacity limits, so they choose to add extra or larger hard drives to their existing servers.
Vertical scaling is the old fashioned approach, and it tends to be significantly more expensive than the horizontal scaling we’re going to look at below. If a company expects to be vertically scaling their existing hardware, then that hardware has to be built with the possibility in mind. It has to have excess capacity, extra drive bays, and so on, that will end up sitting idle until the moment of expansion comes. Such hardware tends to be significantly more expensive than commodity hardware: hardware prices don’t scale linearly.
We’ve previously discussed the recent massive DDoS attacks that were directed at the Spamhaus spam monitoring service, and which used open DNS resolvers to amplify their available bandwidth. We issued a call for ISPs, hosting companies, and others in the industry to do all they can to reduce the number of open recursive DNS resolvers on the Internet, but there are additional steps that can be taken to severely restrict the potential means of attack available.
DNS amplification DDoS attacks work by prompting open DNS servers to direct large amounts of data at a domain that isn’t the same as the originating domain of the request. To do this, packets are crafted so that the originating IP is spoofed. Responses are sent to the spoofed target address, and so, with a script and a relatively small amount of bandwidth, attackers can direct overpowering floods of data at their target.
Cutting attackers off by removing the open DNS servers is the optimal solution, but preventing packets with spoofed IPs ever from entering target networks will also help mitigate attacks.
Click fraud is the bane of the advertising industry. Publishers depend on display advertising to generate revenue. By displaying relevant advertising, they hope to encourage their users to click through to the advertiser’s landing page. Each such click is registered by the advertising network, and the network and publisher share the advertiser’s payment between them.
Determining whether a click on an advert was generated by a human is both difficult and essential. Advertisers don’t want to pay for clicks from sources that are never going to purchase their products. For advertising networks and the publishers however, there exists the incentive to increase click-through by whatever means they can. One of the most popular methods of generating fraudulent clicks is through the use of botnets, and in a recent announcement, Spider.io, an analytics company, related their discovery of one such botnet that was targeting a group of 200 sites.
Reston, VA, April 2, 2013 – DNS Made Easy, the leading provider of anycast managed DNS hosting, has requested that all responsible members of the Internet community make a concerted effort to close down the open DNS recursive resolvers that are frequently used for packet amplification distributed denial of service (DDoS) attacks.
An open DNS resolver is a server that accepts Domain Name Service requests from clients outside of its administrative domain, meaning that any machine connected to the Internet can make a DNS request of these resolvers. The originating IP of the request can be spoofed so that responses are sent to the attack’s target rather than the originator of the request.
It’s been a hectic few weeks in the DNS world, with DNS being brought into the mainstream media for all the wrong reasons. We’ve dealt with the enormous DDoS attacks that leverage open DNS resolvers elsewhere on this blog, so in our roundup of the month’s most interesting content, we’ll highlight other news that may have passed you by.
Many different services are involved in getting a site from the machines that serve it to the browsers of its users. Among them are domain name registrars, DNS hosting, web hosting, content distribution networks, and the networking infrastructure that underlies them all.
It’s common among IT professionals to advise that at least some of these services are distributed among different providers. For example, a site’s hosting provider should not be the same as the registrar that they bought their domain name from. The reasons for this are straightforward: occasionally companies fail (especially low-price domain name registrars and web hosts) and each company may have different strengths. Separating the domain name registrar from the hosting provider ensures that the risks and benefits are spread across different companies, rather than concentrated in one.
Separating out the the elements involved in site hosting allows administrators to make informed decisions about the relative strengths of the providers of each. The best web hosting company is unlikely to be the company that offers the best available DNS hosting. The most reliable domain name registrars do not always have the most robust web hosting services.
The arguments in favor of IaaS (Infrastructure as a Service) have been well-rehearsed in recent years. The flexibility, agility, and low initial investment costs that cloud-based infrastructure brings to startups and businesses of all sizes are universally acknowledged. However, the benefits of managed DNS hosting have tended to be drowned out by the prominence of infrastructure as a service stars like virtualized computing instances and cloud storage. This is unfortunate, because many businesses, small and large, could benefit from managed DNS hosting.
When deciding on infrastructure provisioning for a business, Domain Name Services should have the same importance as aspects like storage and web hosting, because the domain name system is the crucial connection between users and a business. The benefits of having sites and applications running on optimized and powerful infrastructure can be severely degraded if they are served by an inadequate, latency-causing, and down-time prone domain name service.