Measuring the Use of DNSSEC

The canonical specification of the DNS that is normally cited are the pair of quite venerable RFCs, RFC 1034, “Domain names – concepts and facilities”, and RFC 1035, “Domain names – implementation and specification”, both published in November 1987. However, these two specification documents are just the tip of a…


DNSOP at IETF117

This is part of a personal commentary on the meetings at the July 2023 meeting of the Internet Engineering Task Force (IETF 117). If you want to know what was presented and the recordings of the sessions, see the IETF 117 meeting archive. After the flurry of work in various…


NXDOMAIN

The DNS is a strange and at times surprising environment. One could take a simple perspective and claim that the aim of the DNS is to translate DNS names into IP addresses. And you wouldn’t be wrong, but it’s also so much more. The DNS is also used as a…


OARC 40

OARC held a 2-day meeting in February, with a set of presentations on various DNS topics. Here’s some observations that I picked up from the presentations in that meeting. Cache Poisoning Protection Deployment Experience In a world where every DNS name is DNSSEC-signed and every DNS client validates all received…


To DNSSEC or Not?

The early days of the Internet were marked by a constant churn of technology. For example, routing protocols came and went in rapid succession, transmission technologies were in a state of constant flux, the devices we used to interact with the emerging digital environment were changing, and the applications we…


The Root Zone of the DNS Revisited

The DNS is a remarkably simple system. You send it queries and you get back answers. Within the system you see exactly the same simplicity: The DNS resolver that receives your query may not know the answer, so it, in turn, will send queries deeper into the system and collects…


DNS in the IGF

I don’t normally make the effort to attend the Internet Governance Forum gatherings these days. It seems to me that this forum continues to struggle for relevance. In my view it has never been able to realize an effective engagement with the set of actors who make up the supply…


Looking at Centrality in the DNS

The Internet’s Domain Name System undertakes a vitally important role in today’s Internet. Originally conceived as a human-friendly way of specifying the location of the other end of an Internet transaction, it became the name of a service point during the transition to a client/server architecture. A domain name was…


Notes from OARC 39

OARC held its fall meeting in Belgrade on October 22 and 23. Here are my impressions of some of the presentations from that meeting. UI, UX, and the Registry/Registrar Landscape One of the major reforms introduced by ICANN in the world of DNS name management was the separation of registry…


DNS Evolution: Innovation or Fragmentation?

There is no single name system that is necessarily bound to the Internet. Unlike IP addresses which are in every IP packet, names are an application construct, and, in theory, applications have considerable latitude in how they handle such names. There could be many name systems that could coexist within…