Peak DNSSEC?

The story about securing the DNS has a rich and, in Internet terms, protracted history. The original problem statement was simple: how can you tell if the answer you get from your query to the DNS system is ‘genuine’ or not? The DNS alone can’t help here. You ask a…


Helping Resolvers to help the DNS

In this final article of a trio that looks at today’s “hot” topics in the DNS, I’d like to look at ways that recursive resolvers in the DNS can take some further steps that assist other parts of the DNS, notably the set of authoritative name servers, including root zone…


Hiding the DNS

Among all the working groups that met at IETF 100 in Singapore was the first meeting of the DNS over HTTPs Working Group (DOH). I wrote on a related topic of DNS Privacy a little over a year ago, looking at the work at the time on the privacy-related topics…


DNS and DDOS

The Mirai DDOS attack happened just over a year ago, on the 21st October 2016. The attack was certainly a major landmark in terms of the sorry history of “landmark” DDOS attacks in the Internet. It’s up there with the Morris Worm of 1988, Slammer of 2002, Sapphine/Slammer of 2009…


Thanks Google!

When writing this blog I am never sure who reads it and how they take it. Back in August I wrote up an examination of the behaviour of IPv6 and packet fragmentation with an observation relating to Google’s Public DNS Service. I used two example cases of queries for Google’s…


Ripe 75

RIPE held its 75th meeting in Dubai in mid-October. As usual there was a diverse set of presentations covering a broad range of activities that are taking place on today’s Internet. The topics include issues relating to network operations, regulatory policies, peering and interconnection, communications practices within data centres, IPv6,…


DNS OARC 27

The DNS OARC meetings are an instance of a meeting that concentrates on the single topic of the DNS, and in this case it delves as deep as anyone is prepared to go! It’s two days where too much DNS is barely enough! The hot topic of the meeting was…


Not Rolling the KSK

For some years now (and it has definitely been two years, probably three and maybe longer) we have been working on a process of changing the cryptographic key that signs the Root Zone of the DNS. I wrote about this back in March 2016, describing both the role of this…


IPv6, Large UDP Packets and the DNS

The IPv6 protocol introduced very few changes to its IPv4 predecessor. The major change was of course the expansion of the size of the IP source and destination address fields in the packet header from 32-bits to 128-bits. There were, however, some other changes that apparently were intended to subtly…


Notes from IETF99 – DNS Activity

Interest in the DNS appears to come in waves. It’s quiet for a few years, then there is a furious burst of activity. We appear to be in the middle of a burst of activity, and there is probably enough material presented at the recent IETF meeting to cover the…