Much has been said and written in recent times about the use of the DNS as a means of looking at the behaviour of end systems and inferring user behaviours. Almost every transaction starts with a DNS query, and if one were to assemble the complete set of DNS queries…

DNSSEC is often viewed as a solution looking for a problem. It seems only logical that there is some intrinsic value in being able to explicitly verify the veracity and currency of responses received from DNS queries, yet fleshing this proposition out with practical examples has proved challenging. The relatively…

DNS OARC held its 30th meeting in Bangkok on the 12th and 13th May. Here’s what attracted my interest from two full days of DNS presentations and conversations, together with a summary of the other material that was presented at this workshop. Some Bad News for DANE (and DNSSEC) For…

By any metric, the queries and responses that take place in the DNS are highly informative of the Internet and its use. But perhaps the level of interdependencies in this space is richer than we might think. When the IETF considered a proposal to explicitly withhold certain top level domains…

From time to time the IETF seriously grapples with its role with respect to technology relating to users’ privacy. Should the IETF publish standard specifications of technologies that facilitate third party eavesdropping on communications or should it refrain from working on such technologies? Should the IETF take further steps and…

I guess that for me April has been DNS month, as here is another article on the Domain Name System. This time I would like to look at the efforts to expand the root zone service by enabling recursive resolvers. The root zone of the DNS has been the focal…

It seems that the previous article on DOH has generated some reaction, and also there is some further development that should be reported, all of which I’ll cover here. The previous article on the reactions to DOH at IETF 104 can be found at https://www.potaroo.net/ispcol/2019-04/angst.html. Default DOH First, with respect…

Many aspects of technology adoption in the Internet over time show simple “up and to the right” curves. There are many examples, so to pick a classic curve Google’s measurement of IPv6 use is a good example. What lies behind these curves is the theory that once a decision is…

What part of “No!” doesn’t the DNS understand? One effective form of attack on the authoritative DNS server infrastructure, including the root servers, is the so-called random name attack. If you want to target the online availability of a particular domain name, then a random name attack will attempt to…

It’s been more than two weeks since the roll of the Key Signing Key (KSK) of the root zone on October 11 2018, and it’s time to look at the data to see what we can learn from the first roll of the root zone’s KSK. There are a number…