Measuring ATR

The Problem It’s pretty clear that the Internet has a problem. If you want to include Facebook’s misuse of personal information in ways that closely resemble unconstrained abandon, then the Internet probably has hundreds of millions of problems! More prosaically, lets confine our view of problems to the Internet Protocol…


Measuring the Root Zone KSK Trust

In September 2017 the proposed roll of the Root Zone Key Signing Key (KSK), scheduled for 11th October 2017 was suspended. I wrote about the reasons for this suspension of the key roll at the time. The grounds for this action was based in the early analysis of data derived…


Stuffing the Camel into the Bikeshed

“Bikeshedding” Parkinson’s Law of Triviality is C. Northcote Parkinson’s 1957 argument that members of an organisation give disproportionate weight to trivial issues. He provides the example of a fictional committee whose job was to approve the plans for a nuclear power plant. He postulates that they would spend the majority…


APNIC Labs enters into a Research Agreement with Cloudflare

APNIC Labs is partnering with Cloudflare for a joint research project relating to the operation of the DNS. I’d like to explain our motivation in entering into this research project, explain what we hope to be able to achieve with this work, and describe briefly how we intend to handle…


DNS OARC 28

March has seen the first of the DNS Operations, Analysis, and Research Center (OARC) workshops for the year, where two days where too much DNS is just not enough! These workshops are a concentrated two days of presentations and discussions that focus exclusively in the current state of the DNS.…


Peak DNSSEC?

The story about securing the DNS has a rich and, in Internet terms, protracted history. The original problem statement was simple: how can you tell if the answer you get from your query to the DNS system is ‘genuine’ or not? The DNS alone can’t help here. You ask a…


Helping Resolvers to help the DNS

In this final article of a trio that looks at today’s “hot” topics in the DNS, I’d like to look at ways that recursive resolvers in the DNS can take some further steps that assist other parts of the DNS, notably the set of authoritative name servers, including root zone…


Hiding the DNS

Among all the working groups that met at IETF 100 in Singapore was the first meeting of the DNS over HTTPs Working Group (DOH). I wrote on a related topic of DNS Privacy a little over a year ago, looking at the work at the time on the privacy-related topics…


DNS and DDOS

The Mirai DDOS attack happened just over a year ago, on the 21st October 2016. The attack was certainly a major landmark in terms of the sorry history of “landmark” DDOS attacks in the Internet. It’s up there with the Morris Worm of 1988, Slammer of 2002, Sapphine/Slammer of 2009…


Thanks Google!

When writing this blog I am never sure who reads it and how they take it. Back in August I wrote up an examination of the behaviour of IPv6 and packet fragmentation with an observation relating to Google’s Public DNS Service. I used two example cases of queries for Google’s…