Posts by Category


Greasing DNS Extension Points

less than 1 minute read

Mark Andrews (ISC) and I have published an initial version of a new Internet Draft on Greasing Protocol Extension Points in the DNS.

RFC 9471 published

less than 1 minute read

DNS Glue Requirements in Referral Responses has just been published as RFC 9471. Co-authored with Mark Andrews, Paul Wouters, and Duane Wessels.

DNS-OARC talk on DNSSEC Experience

less than 1 minute read

I just returned from the 40th DNS-OARC Workshop in Atlanta, Georgia, a small DNS focussed conference, run by DNS-OARC.


less than 1 minute read

I was in Philadelphia for the 38th DNS-OARC Workshop.

RFC 9102 Published (TLS DNSSEC Chain)

less than 1 minute read

RFC 9102: “TLS DNSSEC Chain Extension”, was finally published as “experimental” – a few years after a long, acrimonious battle in the IETF TLS WG to get it p...

Swedish Internet Foundation on Multi-Signer

less than 1 minute read

The Swedish Internet Foundation published an article yesterday, “Solving the decade old problem with Multi-Signer DNSSEC”, mentioning my work and collaborat...


less than 1 minute read

Recording of the ICANN70 DNSSEC Panel, in which I participated.

RFC 8901 published

less than 1 minute read

Multi-Signer DNSSEC Models has just been published as RFC 8901.

DANE library in Go

less than 1 minute read

I’ve developed a DANE TLS authentication library in Go recently, which is available on Github:

Iterative DNS resolution testing tool

1 minute read

Since I’ve been trapped at home due to the pandemic and have more free time, I’ve recently enhanced my command line iterative DNS resolution testing tool, “r...

Delegation Revalidation by DNS Resolvers

1 minute read

I’ve been working recently on a new IETF draft document on Delegation Revalidation by DNS Resolvers, with collaborators Paul Vixie, CEO of Farsight Security,...

Multi-Signer DNSSEC Models approved as RFC

1 minute read

The Multi-Signer DNSSEC Models draft that I’ve been working on for the past couple of years, has been approved by the IESG (Internet Engineering Steering Gro...

NS1 Press Release on Multi-Signer DNSSEC

less than 1 minute read

DNS Company, NS1 today issued a press release on their collaboration with Salesforce (my employer) on the specification and implementation of Multi-Signer DN...


less than 1 minute read

APNIC invited me to write a guest article for their blog, elaborating on my ‘Whither DANE’ lighting talk at the DNS-OARC 30 workshop in May. It just went up ...

Whither DANE?

11 minute read

At the recent DNS-OARC workshop, I gave a short talk on current prospects for DANE adoption. This generated a fair amount of subsequent discusion and comment...

IETF102 and Montreal

less than 1 minute read

I was in Montreal this month to attend IETF102 and several side meetings just before it.

Talks at Fall 2015 DNS-OARC Workshop

less than 1 minute read

I attended the Fall 2015 DNS-OARC workshop in Montreal, Canada earlier this month. DNS-OARC is the “DNS Operations, Analysis, and Research Center”, and the p...

Key Transparency for DNSSEC?

6 minute read

At the recent IETF meeting in Toronto, there was an interesting discussion in the trans working group on DNSSEC certificate transparency, and there is a (ver...

I’ve left Penn for a new job

3 minute read

After more than 20 years of working at Penn (University of Pennsylvania), I’ve decided to take a new job as Principal Research Scientist at Verisign Labs, th...

An IPv6 Success Story – Galois

2 minute read

The following article was contributed by Paul Heinlein, a systems administrator at Galois. Paul attended my full day IPv6 training course at USENIX LISA 2013...

EDU Top Level Domain statistics

3 minute read

Some DNS Top Level Domain (TLD) operators publish statistics about their DNS zones. Some others have a zone file access program that allows others to examine...

USENIX interviews - IPv6 and DNSSEC

less than 1 minute read

I’m giving full day tutorials on IPv6 and DNSSEC at the upcoming USENIX LISA conference in Washington DC in November. Matt Simmons interviewed me about both ...

ISC DLV registry usage

5 minute read

On a LinkedIn forum, Dan York of the Internet Society recently asked a question about who still uses the ISC DNSSEC Lookaside Validation (DLV) registry. Whil...

DNS Amplification Attacks

10 minute read

There has been a lot of talk recently about DNS amplification attacks (with prominent news reports of high bandwidth attacks targeted at anti-spam services, ...

ISOC ION Panel - Advancing the Network

1 minute read

“I tend to think of IPv6 & DNSSEC both a little bit like global warming … something that is developing kind of slowly … they’re both inevitable, it’s a j...

Internet2 IPv6 Panel recap

6 minute read

A few notes from last month’s IPv6 deployment panel at the Fall Internet2 Member Meeting in Philadelphia, which I moderated (October 2nd 2012). Watch the ent...

DNSSEC and Certificates

7 minute read

DNSSEC is a system to verify the authenticity of DNS data using public key signatures. With increasing deployment of DNSSEC comes the possibility of applicat...

Stanford Linear Accelerator Tour

1 minute read

At the recent Joint Techs conference, our host Stanford University arranged a lunch time tour of the Stanford Linear Accelerator Center (SLAC) for a small gr...

A Look at World IPv6 Launch Traffic

2 minute read

The World IPv6 Launch website has compiled a set of measurements at I’ll take a quick look at some of them here...

IPv6 at Penn

8 minute read

World IPv6 Launch (June 6th 2012) is fast approaching, so I thought I’d share some details about IPv6 deployment at the University of Pennsylvania and what w...

Penn’s DNS Zone

3 minute read

Some data from a quick analysis of the contents of the University of Pennsylvania’s primary DNS zone (

IPv6 and DNS Classes I’m Teaching

1 minute read

I’m teaching two half day classes on IPv6 and DNS/DNSSEC at the LOPSA PICC conference (Professional IT Community Conference), being held May 11-12, 2012 in N...

Back to Top ↑


Website Reboot

less than 1 minute read

It’s finally time to redo my website a bit.

San Diego Trip

less than 1 minute read

I was in San Diego for a few days. The first day I visited the San Diego zoo, widely considered to be one the best. The second day I rented a car and drove o...

Banff and Jasper Vacation

less than 1 minute read

We visited Banff and Jasper National Parks in the Canadian Rockies earlier this month. It was unusually cool for this time of year, even for the Canadian Roc...

Volunteer Time at Spirit Open Equestrian

less than 1 minute read

With work colleagues, I recently did some volunteering work at a local non-profit, Spirit Open Equestrian, which offers numerous healing programs involving t...

Around London with my brother

less than 1 minute read

I’ve been in London for nearly a week and a half for the IETF 101 meeting, and stayed the weekend after to visit and catch up with my (many) relatives here. ...

Arecibo Observatory

less than 1 minute read

I’m in Puerto Rico for the DNS-OARC Workshop and ICANN 61 meeting. Yesterday, with some conference friends, we visited the world famous Arecibo Observatory. ...

Website reboot

less than 1 minute read

I’ve redone my website, something I’ve been planning to do for quite a while. I’m now using the Pelican static site generator. Over the next few days, I will...

Srimongol Village visit

less than 1 minute read

We visited (completely unannounced) a small village in Srimongol, Bangladesh on this day. The locals (and especially the kids) were delighted to see us. And ...

Singapore Zoo

less than 1 minute read

Photos from the Singapore Zoo, which I visited with some IETF100 colleagues, on Nov 17th 2017.

Photos from Rocky Mountains

less than 1 minute read

We went on vacation earlier this month to visit two US National Parks renowned for their spectacular natural scenery: Rocky Mountain National Park in Colorad...

Philadelphia Skyline Photos

less than 1 minute read

My colleague Deke Kassabian posted an older photo of the Philly skyline (that I’d taken a number of years ago) on his Facebook page. So I thought I’d post a ...

A Start

less than 1 minute read

A colleague on her office door, has a picture of a famous New Yorker cartoon, in which one dog says to another, “I had my own blog for a while, but I decided...

Back to Top ↑