DNS Nameservers

It’s common folklore in the Domain Name System that a delegated domain name must be served by 2 or more nameservers. The logic for this is based in a desire for service resilience. If one server is unreachable then hopefully the other is not, and recursive resolvers when presented with…


DNS OARC 43

The DNS Operations, Analysis, and Research Center (DNS-OARC) brings together DNS service operators, DNS software implementors, and researchers together to share concerns, information and learn together about the operation and evolution of the DNS. They meet between two to three times a year in a workshops format. The most recent…


Bytes from IETF 120 – DNS Topics

DELEG This is a newly formed Working Group to look at the mechanisms for delegation in the DNS, intending to define a delegation with a richer set of functions than what we have with the NS delegation record. There are a number of shortcomings with the current form of delegation…


Privacy and DNS Client Subnet

There has been a fundamental change in the architecture of service and content delivery over the Internet over the past decade. Instead of using the network to bring the remote user to a server that delivers the content or service, the content (or service) is loaded into one or more…


Revisiting DNS and UDP Truncation

The choice of UDP as the default transport for the DNS was not a completely unqualified success. On the positive side, the stateless query/response model of UDP has been a good fit to the stateless query/response model of DNS transactions between a client and a server. The use of a…


DNS Evolution

The DNS is a crucial part of today’s Internet. With the fracturing of the network’s address space as a byproduct of IPv4 address run down and the protracted IPv6 transition the Internet’s name space is now the defining attribute of the Internet that makes it one network. However, the DNS…


DNS Topics at RIPE 88

RIPE 88 was held in May 2024 at Krakow, Poland. Here’s as summary of some of the the DNS topics that were presented at that meeting that I found to be of interest. DNSSEC Bootstrapping How can you start up a DNSSEC relationship between the parent zone and the delegated…


Calling Time on DNSSEC?

There have been quite a few Internet technologies which have not been enthusiastically adopted from the outset. In many cases the technology has been quietly discarded in favour of the next innovation, but in some cases the technology just refuses to go away and sits in a protracted state of…


DNSSEC and .nz

I had the opportunity to participate in the New Zealand Network Operators Group meeting (NZNOG) in Nelson earlier this month. This article was prompted by a presentation from Josh Simpson on an .nz service outage incident in May 2023. I guess we’ve become used to reading evasive and vague outage…


DNS Topics at IETF 119

The Internet has changed quite radically in recent years. The proliferation of service and content delivery platforms at the edge of the network, fed by privately operated feeder networks has reamed out the transit core of the Internet. Most of the traffic and the overwhelming of value within the Internet…