I attended the Fall 2015 DNS-OARC workshop in Montreal, Canada earlier this month. DNS-OARC is the "DNS Operations, Analysis, and Research Center", and the premier venue for discussion and information sharing on DNS operations, protocol implementations, and research. As its website notes, DNS-OARC "brings together key operators, implementors, and researchers …read more
Originally hosted on storify (which shut down), this is a collection of social media references to my talk on DNS Query-Name Minimization at the May 2015 DNS-OARC Workshop in Amsterdam, Netherlands.read more
At the recent IETF meeting in Toronto, there was an interesting discussion in the trans working group on DNSSEC certificate transparency, and there is a (very) preliminary IETF draft (that needs a lot more work):
This isn't a new topic. It has been talked …read more
After more than 20 years of working at Penn (University of Pennsylvania), I've decided to take a new job as Principal Research Scientist at Verisign Labs, the applied research division of Verisign Inc. You might know that Verisign is one of the world's largest DNS infrastructure providers. It runs the …read more
Some DNS Top Level Domain (TLD) operators publish statistics about their DNS zones. Some others have a zone file access program that allows others to examine their data and publish statistics. Frederic Cambus (@fcambus on Twitter) maintains a site called statdns ( http://www.statdns.com/ ) that keeps statistics for several …read more
I'm giving full day tutorials on IPv6 and DNSSEC at the upcoming USENIX LISA conference in Washington DC in November. Matt Simmons interviewed me about both and you can read the transcripts on the USENIX website:read more
On a LinkedIn forum, Dan York of the Internet Society recently asked a question about who still uses the ISC DNSSEC Lookaside Validation (DLV) registry. While commenting on the discussion, I decided to take a look at the contents of the registry, and I'm sharing some of my findings in …read more
There has been a lot of talk recently about DNS amplification attacks (with prominent news reports of high bandwidth attacks targeted at anti-spam services, cloud providers, financial institutions, etc). These are a class of denial of service attack that use DNS servers to emit large amounts of traffic onto unsuspecting …read more
A few notes from last month's IPv6 deployment panel at the Fall Internet2 Member Meeting in Philadelphia, which I moderated (October 2nd 2012). Watch the entire video of the session (1 hour 15 minutes) for full details.
I opened the session with a brief review of World IPv6 Launch and …read more
DNSSEC is a system to verify the authenticity of DNS data using public key signatures. With increasing deployment of DNSSEC comes the possibility of applications using the DNS to store and retrieve TLS/SSL certificates in an authenticated manner. And possibly obviating the need for public/global certification authorities (CA …read more
At the recent Joint Techs conference, our host Stanford University arranged a lunch time tour of the Stanford Linear Accelerator Center (SLAC) for a small group of attendees. I signed up early as I knew it was going to popular with this crowd. SLAC is a 50 GeV electron-positron accelerator …read more
The World IPv6 Launch website has compiled a set of measurements at http://www.worldipv6launch.org/measurements/. I'll take a quick look at some of them here, with a focus on universities.
The "Network Operator measurements" include data collected by Google, Facebook, and Yahoo! for access to their services on …read more
We have two job openings at the University of Pennsylvania for Network Engineers.
1. Network Engineer or Senior Network Engineer
This position is part of our Network Operations group which deploys and operates Penn's production campus network (data/voice/video), and …read more
I've been working on a DNS and DNSSEC monitoring project, which is available at
It looks at externally visible features of the authoritative DNS service at a selected set of institutions. The original version monitored the roughly 200 members of Internet2. It was mostly …read more
World IPv6 Launch (June 6th 2012) is fast approaching, so I thought I'd share some details about IPv6 deployment at the University of Pennsylvania and what we've recently done to prepare for this event.
A quick history
Penn runs a regional network called MAGPI, which connects Research & Education (R&E …read more
Some data from a quick analysis of the contents of the University of Pennsylvania's primary DNS zone (upenn.edu):read more
Zone: upenn.edu. Total RR = 624221 Total RR = 159928 (excluding DNSSEC records) Total RRsets = 464295 Total RRsets = 155165 (exluding DNSSEC records) Total Names = 154570 TTL min, max, avg = 0, 114000, 38562 …
I'm teaching two half day classes on IPv6 and DNS/DNSSEC at the LOPSA PICC conference (Professional IT Community Conference), being held May 11-12, 2012 in New Brunswick, NJ. This is a regional IT and system administration conference run by the New Jersey chapter of the League of Professional System …read more