DNS OARC 24

DNS OARC held a two day workshop in Buenos Aires prior to IETF 95 at the end of March 2016. Here are my impressions of this meeting. For a supposedly simply query response protocol that maps names to IP addresses there a huge amount going on under the hood with…


Rolling Roots

In the world of public key cryptography, it is often observed that no private key can be a kept as an absolute secret forever. This does not mean that a private key remains a secret for a limited time and then the underlying cryptography spontaneously breaks apart and the key…


Measuring the DNS Root KSK Keyroll

Measuring the Root KSK Keyroll A little over five years ago the root zone of the Domain Name System (DNS) was signed using the DNSSEC name-signing framework. The approach used to sign the root zone is a conventional one, using two keys. The root zone has a “working key”, the…


Diving into the DNS

If you are at all interested in how the Internet’s Domain Name System (DNS) works, then one of the most rewarding meetings that is dedicated to this topic is the DNS OARC workshops. I attended the spring workshop in Amsterdam in early May, and the following are my impressions from…


NANOG 63: The DDOS Conversation

In some ways the details of specific case of DDOS attacks are less material than the larger picture. The Internet always had the potential issue that the aggregate sum of I/O capacity of the edge was massively larger than the interior, and the sum of multiple edge outputs was always…


NANOG 63: BGP Route Hijacks

This presentation looked at a number of specific examples of route hijacking. The examples included: Network hijacking to support the creation of bitcoin farms and bitcoin mining via hijacked pool of servers, which, in turn, may use a hijacked pool of routes. The scope of a Canadian hijack was limited…


NZNOG 2015: Lets all run OpenWRT

Jed Laundry gave a brief impassioned call-to-arms. We need to stop expecting vendors to encode different systems and sell us different CPE when the actual need is for commonality, not difference. The way out is to push OpenWRT as a common standard with add-ons, and give the community a chance…


Best Practices in Operating a Secure Routing Environment

The Internet’s Border Gateway Protocol (BGP) is one of the most critical components of today’s Internet. It’s the engine that ensures that when your application passes a packet into the network, the network is able to pass it onward to its intended destination. This routing protocol is the glue that…


Who’s Watching?

Much has been said over the past year or so about various forms of cyber spying. The United States has accused the Chinese of cyber espionage and stealing industrial secrets. A former contractor to the United States’ NSA, Edward Snowden, has accused various US intelligence agencies of systematic examination of…


ECDSA and DNSSEC

Yes, that’s a cryptic topic, even for an article that addresses matters of the use of cryptographic algorithms, so congratulations for getting even this far! This is a report of a an experiment conducted in September and October 2014 by the authors to measure the extent to which deployed DNSSEC-validating…