Why big ISPs aren’t happy about Google’s plans for encrypted DNS

Widespread adoption of DoH would limit ISPs’ ability to both monitor and modify customer queries. It wouldn’t necessarily eliminate this ability, since ISPs could still use these techniques for customers who use the ISP’s own DNS servers. But if customers switched to third-party DNS servers—either from Google or one of its various competitors—then ISPs would no longer have an easy way to tell which sites customers were accessing.

Source: Why big ISPs aren’t happy about Google’s plans for encrypted DNS | Ars Technica

Say hello to .google and other branded internet addresses

Google’s website is at the fore of an expected boom in websites taking advantage of a 2-year-old change in internet rules that lifted the limits for these suffixes, called top-level domains. That’s brought .paris, .movie and .xyz to websites and email addresses.

Source: Say hello to .google and other branded internet addresses – CNET

Turkey Hijacking IP addresses for popular Global DNS providers

BGP hijack
Using the Turk Telekom looking glass we can see that AS9121 (Turk Telekom) has specific /32 routes for these IP addresses. Since this is the most specific route possible for an IPv4 address, this route will always be selected and the result is that traffic for this IP address is sent to this new bogus route.

via Turkey Hijacking IP addresses for popular Global DNS providers.

ICANN seeks to tackle DNS namespace collision risks

For this “controlled interruption” JAS recommends returning an address within the 127/8 loopback range: “Responding with an address inside 127/8 will likely interrupt any application depending on an NXDOMAIN or some other response, but importantly also prevents traffic from leaving the requestor’s network and blocks a malicious actor’s ability to intercede.”

Instead of the familiar 127.0.0.1 loopback address for localhost, the report suggests “127.0.53.53”. Because the result is so unusual, it’s likely to be flagged in logs and sysadmins who aren’t aware of a name collision issue are likely to search online for information about the address problems.

via ICANN seeks to tackle DNS namespace collision risks – ICANN, Internet Corporation for Assigned Names and Numbers, gTLD, security, domain names – Computerworld.

Imgur Wiped Out By Sky Broadband Torrent Site Blocking

Sky regularly pull IP addresses listed on our DNS servers and adds them to their block list. This block list is then used by an advanced proxy system that redirects any requests to the blacklisted IP addresses to a webserver that the ISP owns which returns a blocked page message,” YIFY explains.

Therefore, when YIFY began using CloudFlare servers in Australia, Sky pulled these IP addresses and blocked them in the mistaken belief that they were YIFY’s. Since Imgur uses the same IP addresses, Sky’s automated blocking took the site offline, to the huge disappointment of countless customers.

via Imgur Wiped Out By Sky Broadband Torrent Site Blocking | TorrentFreak.

The UK Government Is Already Censoring The Global Internet

There is one group of people that can stop this madness before it’s too late – the domain name registrars themselves. In the middle of October, Mark Jeftovic, CEO of the Canadian hosting company EasyDNS, vocally refused to comply with a request from PIPCU. Has he suffered the wrath of the British authorities? Nope. Was EasyDNS’s accreditation revoked? No. Is the company still in business? Oh yes.

via The UK Government Is Already Censoring The Global Internet.

First new gTLDs added to the root

The four new gTLDs all use non-Latin scripts: شبكة (Arabic “web “), онлайн (“online” in Cyrillic), сайт (“sale” in Cyrillic) and 游戏 (“game” in Chinese). In total, the gTLD process will result in expansion of top-level domains from 22 to up to 1400.

More domains will be added to the root progressively. “ICANN’s New gTLD Program was designed to facilitate a measured rollout of new domains so as not to disrupt the Domain Name System,” ICANN said in a statement.

via First new gTLDs added to the root – gTLD, top-level domains – Computerworld.

How Do You Hijack a Popular Streaming Movie Site? With Ease, Apparently

“You don’t have to have access to any emails, passwords, or any other credentials. You simply grab the information from the WHOIS, write a letter with an attached photo-shopped ID with the same name, send it from a random email address, and the domain will be handed to you fairly quickly.”

via How Do You Hijack a Popular Streaming Movie Site? With Ease, Apparently | TorrentFreak.