>To ensure service consistency in a Content Distribution Network (CDN) replicated instances of the content are named with the same DNS name, and the DNS conventionally offers the same resolution outcome to each user when they query for the IP address of the content server. How can the CDN "steer" each user to the closest instance of the desired content to optimise the subsequent content transaction? At the same time the user is revealing their location within the network to inform this steering decision. To what extent is such a steering function compromising the privacy expectations of users with respect to the location and their online actions?
The choice of UDP as the default transport for the DNS was not a completely unqualified success. On the positive side, the stateless query/response model of UDP has been a good fit to the stateless query/response model of DNS transactions between a client and a server. On the other hand, these same minimal overheads imply that DNS over UDP cannot perform prompt detection of packet loss and cannot efficiently defend itself against various approaches to tampering with the DNS, such as source address spoofing, payload alteration and third-party packet injection. Perhaps most importantly, the way UDP handles large payloads is a problem.
The DNS is a crucial part of the Internet's architecture. However, the DNS is not a rigid and unchanging technology. It has changed considerably over the lifetime of the Internet and here I’d like to look at what’s changed and what’s remained the same.
RIPE 88 was held in May 2024 at Krakow, Poland. Here’s as summary of some of the routing topics that were presented at that meeting that I found to be of interest.
RIPE 88 was held in May 2024 at Krakow, Poland. Here’s as summary of some of the DNS topics that were presented at that meeting that I found to be of interest.
Through the lack of clear signals of general adoption of DNSSEC over three decades, then is it time to acknowledge that DNSSEC is just not going anywhere? Is it time to call it a day for DNSSEC and just move on?
Let's look at the Starlink at a protocol level, and how TCP, the workhorse transport protocol of the Internet, interacts with the somewhat unique characteristics of Starlink's service.
These days its up to IPv6 Service providers to determine what IPv6 address prefix length they assign to each customer. This leads to the question: What lengths are commonly used for customer assignments? Let's see if we can answer it.
It's a welcome sight to see a careful and thoughtful analysis of a service outage. One such instance was a presentation by .nz's Josh Simpson at the recent NZNOG meeting, reporting on a service outage for .nz domains.
The Internet is rapidly shifting to a name-based network and the DNS is now the underlying technology that lies the core of today's network. So, let’s see what we are currently thinking about in terms of names and the DNS at the recent IETF meeting.
I had the opportunity to participate in the New Zealand Network Operators Group meeting (NZNOG) in Nelson earlier this month. This article was prompted by a presentation from Thomas Weible of Flexoptix at NZNOG on the topic of Coherent Optical Transceivers.
We repeat the measurements of the behaviour of the DNS when processing truncated UDP responses, but this time we've constrained the measurement so that only IPv6-capable DNS resolvers are being measured. Does this make the results better or worse?
We repeat the measurements of the behaviour of the DNS when processing truncated UDP responses, but this time we've constrained the measurement so that only IPv6-capable DNS resolvers are being measured. Does this make the results better or worse?
Yet another DNS vulnerability has been exposed. The language of the press release revealing the vulnerabil;ity is certainly dramatic, with "devasting consequences" and the threat to "completely disable large parts of the worldwide Internet."" If this is really so devastating then perhaps we should look at this in a little more detail to see what’s going on, how this vulnerability works, and what the response has been.
Yet another DNS vulnerability has been exposed. The language of the press release revealing the vulnerabil;ity is certainly dramatic, with "devasting consequences" and the threat to "completely disable large parts of the worldwide Internet."" If this is really so devastating then perhaps we should look at this in a little more detail to see what’s going on, how this vulnerability works, and what the response has been.
There is a view that Internet standards, and the IETF in particular, are at the centre of many corporate and national strategies to exert broad influence and shape the internet to match their own preferred image. This view asserts that standards have become the most important component of the Internet’s infrastructure. Due to their economic and strategic importance, the process of creation of internet standards are inevitably subject to the intense economic and political tensions between diverse world views. There are, naturally, other views, along the lines that the IETF does little other than reflect the more general pressures and directions being taken by industry actors, and has no ability to exert any leadership role in this space.
There is a view that Internet standards, and the IETF in particular, are at the centre of many corporate and national strategies to exert broad influence and shape the internet to match their own preferred image. This view asserts that standards have become the most important component of the Internet’s infrastructure. Due to their economic and strategic importance, the process of creation of internet standards are inevitably subject to the intense economic and political tensions between diverse world views. There are, naturally, other views, along the lines that the IETF does little other than reflect the more general pressures and directions being taken by industry actors, and has no ability to exert any leadership role in this space.
I’ll press on with another item within an overall theme of some current work in DNS behaviours with a report of a recent measurement on the level of compliance of DNS resolvers with one aspect of standard-defined DNS behaviour: truncation of DNS over UDP responses.
I’ll press on with another item within an overall theme of some current work in DNS behaviours with a report of a recent measurement on the level of compliance of DNS resolvers with one aspect of standard-defined DNS behaviour: truncation of DNS over UDP responses.
The DNS Operations, Analysis, and Research Center (DNS-OARC) brings together DNS service operators, DNS software implementors, and researchers together to share concerns, information and learn together about the operation and evolution of the DNS. They meet between two to three times a year in a workshops format. The most recent workshop was held in Charlotte, North Carolina in early February 2024. Here are my thoughts on the material that was presented and discussed at this workshop.