We would like to provide you with a better user experience. Please re-enable Javascript in your web browser.
Measuring the Root KSK Keyroll A little over five years ago the root zone of the Domain Name System (DNS) was signed using the DNSSEC name-signing framework. The approach used to sign the root zone is a conventional one, using two keys. The root zone has a “working key”, the…
The DNS is a very simple protocol. The protocol is a simple query / response interaction where the client passes a DNS transaction to a server with the query part of the transaction completed. The server fills in the answer part and possibly adds further information in the additional information…
If you are at all interested in how the Internet’s Domain Name System (DNS) works, then one of the most rewarding meetings that is dedicated to this topic is the DNS OARC workshops. I attended the spring workshop in Amsterdam in early May, and the following are my impressions from…
The theme of a workshop, held at the start of December 2014 in Hong Kong, was looking at means to enable further scaling of the root server system, and the 1½ day workshop was scoped in the form of consideration of alternative approaches to that of the default activity of…
The Internet’s Domain Name System is a modern day miracle. It may not represent the largest database that has ever been built, but nevertheless it’s truly massive. And even if it’s not the largest database that’s ever been built, it’s perhaps one of the more intensively used. The DNS is…
Yes, that’s a cryptic topic, even for an article that addresses matters of the use of cryptographic algorithms, so congratulations for getting even this far! This is a report of a an experiment conducted in September and October 2014 by the authors to measure the extent to which deployed DNSSEC-validating…
If you’re playing in the DNS game, and you haven’t done so already, then you really should be considering turning on security in your part of the DNS by enabling DNSSEC. There are various forms of insidious attack that start with perverting the DNS, and end with the misdirection of…
At APNIC Labs we’ve been working on developing a new approach to navigating through some of our data sets the describe aspects of IPv6 deployment, the use of DNSSEC and some measurements relating to the current state of BGP.
Much has been said about how Google uses the services they provide, including their mail service, their office productivity tools, file storage and similar services, as a means of gathering an accurate profile of each individual user of their services. The company has made a very successful business out of…
It was never obvious at the outset of this grand Internet experiment that the one aspect of the network’s infrastructure that would truly prove to be the most fascinating, intriguing, painful, lucrative and just plain confusing, would be the Internet’s Domain Name System.
