Adding IPv6-only to DNS and Truncation in UDP

In February I looked at the behaviour of the DNS when processing responses in UDP which set the Truncated flag in the DNS response. In particular, I was looking for the incidence of DNS resolvers which used the Answer section in truncated responses (despite the admonition in DNS standards not…


KeyTrap!

The National Research Center for Applied Cybersecurity ATHENE has uncovered a critical flaw in the design of DNSSEC, the Security Extensions of DNS (Domain Name System). DNS is one of the fundamental building blocks of the Internet. The design flaw has devastating consequences for essentially all DNSSEC-validating DNS implementations and…


Opinion: Digital Sovereignty and Internet Standards

There have been a number of occasions when the Internet Engineering Task Force (IETF) has made a principled decision upholding users’ expectations of privacy in their use of IETF-standardised technologies. (Either that, or they were applying their own somewhat liberal collective bias and to the technologies they were working on!)…


DNS and Truncation in UDP

I’ll press on here with another item within an overall theme of some current work in DNS behaviours with a report of a recent measurement on the level of compliance of DNS resolvers with one aspect of standard-defined DNS behaviour: truncation of DNS over UDP responses. The DNS leverages the…


DNS OARC 42

–> The DNS Operations, Analysis, and Research Center (DNS-OARC) brings together DNS service operators, DNS software implementors, and researchers together to share concerns, information and learn together about the operation and evolution of the DNS. They meet between two to three times a year in a workshops format. The most…


DNS and the DELEG Proposal

The Internet’s Domain Name System (DNS) is implemented as a distributed database. The structure of the database mimics the structure of the name space itself, namely a hierarchy where each “node” (or “zone”) in the distributed database has a single “parent” node and some number of “child” or descendant nodes…


IP Addresses through 2023

Time for another annual roundup from the world of IP addresses. Let’s see what has changed in the past 12 months in addressing the Internet and look at how IP address allocation information can inform us of the changing nature of the network itself. Back around 1992 the IETF gazed…


BGP in 2023 – BGP Updates

The first part of this annual report looked at the size of the routing table and looked at some projections of its growth for both IPv4 and IPv6. However, the scalability of BGP as the Internet’s routing protocol is not just dependant on the number of prefixes carried in the…


BGP in 2023 – Have we reached Peak IPv4?

At the start of each year, I’ve been reporting on the behaviour of the Internet’s inter-domain routing system over the previous 12 months, looking in some detail at some metrics from the routing system that can show the essential shape and behaviour of the underlying interconnection fabric of the Internet.…


Models of Trust for the RPKI

This is a report on a feasibility study looking at an alternative trust anchor structure for the Resource Public Key Infrastructure (RPKI). Background In the early days of the Internet in the 1980’s when the Internet address plan used the Class A, B and C address structure, it appears that…