Other articles

  1. Multi-Signer DNSSEC Models approved as RFC

    The Multi-Signer DNSSEC Models draft that I've been working on for the past couple of years, has been approved by the IESG (Internet Engineering Steering Group - the overall management arm of the IETF).

    The approval announcement can be seen here: https://mailarchive.ietf.org/arch/msg/ietf-announce/F3RtV_72iUvdoAOv_LgN3aeIWx0/.

    The document …

    read more
  2. Qname Minimization talk

    Originally hosted on storify (which shut down), this is a collection of social media references to my talk on DNS Query-Name Minimization at the May 2015 DNS-OARC Workshop in Amsterdam, Netherlands.

    read more
  3. DNS Amplification Attacks

    There has been a lot of talk recently about DNS amplification attacks (with prominent news reports of high bandwidth attacks targeted at anti-spam services, cloud providers, financial institutions, etc). These are a class of denial of service attack that use DNS servers to emit large amounts of traffic onto unsuspecting …

    read more
  4. DNSSEC and Certificates

    DNSSEC is a system to verify the authenticity of DNS data using public key signatures. With increasing deployment of DNSSEC comes the possibility of applications using the DNS to store and retrieve TLS/SSL certificates in an authenticated manner. And possibly obviating the need for public/global certification authorities (CA …

    read more
  5. Penn's DNS Zone

    Some data from a quick analysis of the contents of the University of Pennsylvania's primary DNS zone (upenn.edu):

    Zone: upenn.edu.
      Total RR     = 624221
      Total RR     = 159928 (excluding DNSSEC records)
      Total RRsets = 464295
      Total RRsets = 155165 (exluding DNSSEC records) 
      Total Names  = 154570
      TTL min, max, avg = 0, 114000, 38562 …
    read more
  6. IPv6 and DNS+DNSSEC Classes I'm Teaching

    I'm teaching two half day classes on IPv6 and DNS/DNSSEC at the LOPSA PICC conference (Professional IT Community Conference), being held May 11-12, 2012 in New Brunswick, NJ. This is a regional IT and system administration conference run by the New Jersey chapter of the League of Professional System …

    read more