Hosts vs Networks

There are a number of ways to view the relationship between hosts and the network in the Internet. One view is that this is an example of two sets of cooperating entities that share a common goal: hosts and the network both want content to be delivered. Both have an…


DNS Privacy

The DNS is normally a relatively open protocol that smears its data (which is your data and mine too!) far and wide. Little wonder that the DNS is used in many ways, not just as a mundane name resolution protocol, but as a data channel for surveillance and as a…


DNS OARC 24

DNS OARC held a two day workshop in Buenos Aires prior to IETF 95 at the end of March 2016. Here are my impressions of this meeting. For a supposedly simply query response protocol that maps names to IP addresses there a huge amount going on under the hood with…


Rolling Roots

In the world of public key cryptography, it is often observed that no private key can be a kept as an absolute secret forever. This does not mean that a private key remains a secret for a limited time and then the underlying cryptography spontaneously breaks apart and the key…


Measuring the DNS Root KSK Keyroll

Measuring the Root KSK Keyroll A little over five years ago the root zone of the Domain Name System (DNS) was signed using the DNSSEC name-signing framework. The approach used to sign the root zone is a conventional one, using two keys. The root zone has a “working key”, the…


Diving into the DNS

If you are at all interested in how the Internet’s Domain Name System (DNS) works, then one of the most rewarding meetings that is dedicated to this topic is the DNS OARC workshops. I attended the spring workshop in Amsterdam in early May, and the following are my impressions from…


NANOG 63: The DDOS Conversation

In some ways the details of specific case of DDOS attacks are less material than the larger picture. The Internet always had the potential issue that the aggregate sum of I/O capacity of the edge was massively larger than the interior, and the sum of multiple edge outputs was always…


NANOG 63: BGP Route Hijacks

This presentation looked at a number of specific examples of route hijacking. The examples included: Network hijacking to support the creation of bitcoin farms and bitcoin mining via hijacked pool of servers, which, in turn, may use a hijacked pool of routes. The scope of a Canadian hijack was limited…


NZNOG 2015: Lets all run OpenWRT

Jed Laundry gave a brief impassioned call-to-arms. We need to stop expecting vendors to encode different systems and sell us different CPE when the actual need is for commonality, not difference. The way out is to push OpenWRT as a common standard with add-ons, and give the community a chance…


Best Practices in Operating a Secure Routing Environment

The Internet’s Border Gateway Protocol (BGP) is one of the most critical components of today’s Internet. It’s the engine that ensures that when your application passes a packet into the network, the network is able to pass it onward to its intended destination. This routing protocol is the glue that…