A DNS view of Lockdown

By Joao Damas and Geoff Huston   At NANOG 79 earlier this month Craig Labowitz from Nokia Deepfield presented on the impact on the COVID-19 pandemic on Internet use. The approach to the analysis used real time streaming telemetry from Communication Service Provider (CSP) backbone and aggregation routers and the…


DNSSEC Validation (Revisited)

One year ago, I looked at the state of adoption of DNSSEC validation in DNS resolvers and the answer was not unreservedly optimistic. Instead of the “up and to the right” curves that show a momentum of adoption, there was a pronounced slowing down across 2017 and the first half…


Notes from OARC 31

DNS OARC held its 31st meeting in Austin, Texas on 31 October to 1 November. Here are some of my highlights from two full days of DNS presentations at this workshop. Building a New Nameserver There are two parts to DNS infrastructure. One is the infrastructure that supports resolving queries…


DNS Wars

NANOG is now quite an institution in the Internet, particularly in the North American Internet community. It was an offshoot of the Regional Techs meetings, which were part of the NSFNET framework of the late 80s and early 90s. NANOG has thrived since then and is certainly one of the…


DNS Resolver Centrality

At various times the Internet has been touted as a triumph of the power of open markets and competition. This line of argument says that unfettered by the often regressive and stultifying hand of government regulation, open markets are able to react to the needs of consumers. The rigors of…


DNS Query Privacy

Much has been said and written in recent times about the use of the DNS as a means of looking at the behaviour of end systems and inferring user behaviours. Almost every transaction starts with a DNS query, and if one were to assemble the complete set of DNS queries…


Looking for What’s Not There

DNSSEC is often viewed as a solution looking for a problem. It seems only logical that there is some intrinsic value in being able to explicitly verify the veracity and currency of responses received from DNS queries, yet fleshing this proposition out with practical examples has proved challenging. The relatively…


Report: DNS OARC 30 Meeting

DNS OARC held its 30th meeting in Bangkok on the 12th and 13th May. Here’s what attracted my interest from two full days of DNS presentations and conversations, together with a summary of the other material that was presented at this workshop. Some Bad News for DANE (and DNSSEC) For…


Report: ICANN DNS Symposium

By any metric, the queries and responses that take place in the DNS are highly informative of the Internet and its use. But perhaps the level of interdependencies in this space is richer than we might think. When the IETF considered a proposal to explicitly withhold certain top level domains…


DNS Privacy at IETF 104

From time to time the IETF seriously grapples with its role with respect to technology relating to users’ privacy. Should the IETF publish standard specifications of technologies that facilitate third party eavesdropping on communications or should it refrain from working on such technologies? Should the IETF take further steps and…