Recent Articles

 

Scoring the Root Server System, Pt2 - A Sixth Star?

December 2016

In November I wrote about some simple tests that I had undertaken on the DNS Root nameservers. The tests looked at the way the various servers responded when they presented a UDP DNS response that was larger than 1,280 octets. I awarded each of the name servers up to five stars depending on how that managed to serve such large responses in IPv4 and IPv6. I'd like to return to this topic by looking at one further aspect of DNS server behaviour, namely the way in which servers handle large UDP responses over IPv6. More...

 


Scoring the Root Server System

November 2016

The process of rolling the DNS Root’s Key Signing Key of the DNS has now started. During this process there will be a period where the root zone servers’ response to a DNS query for the DNSKEY resource record of the root zone will grow from the current value of 864 octets to 1,425 octets. Does this present a problem? Let’s look at the DNS Root Server system and score it on how well it can cope with large responses. It seems that awarding stars is the current Internet way, so let’s see how many stars we’ll give to the Root Server System for their handling of large responses. More...

 


RIPE73

November 2016

RIPE held its 73rd meeting in Madrid in the last week of October. Here are a few of my takeaways from that meeting. More...

 


BGP Large Communities

November 2016

IPv4 addresses are not the only Internet number resource that has effectively run out in recent times. Another pool of Internet numbers under similar consumption pressures has been the numbers that are intended to uniquely identify each network in the Internet’s inter-domain routing space. These are Autonomous System numbers. More...

 


The Death of Transit?

October 2016

I was struck at a recent NANOG meeting just how few presentations looked at the ISP space and the issues relating to ISP operations and how many were looking at the data centre environment. If the topics that we use to talk to each other are any guide, then this is certainly an environment which appears to be dominated today by data centre design and the operation of content distribution networks. And it seems that the ISP function, and particularly the transit ISP function is waning. It’s no longer a case of getting users to content, but getting content to users. Does this mean that the role of transit for the Internet’s users is now over? More...

 


DNS DDOS

October 2016

The recent attacks on the DNS infrastructure operated by DYN in October 2016 have generated a lot of comment in recent days. Indeed, it’s not often that the DNS itself has been prominent in the mainstream of news commentary, and in some ways this DNS DDOS prominence is for all the wrong reasons! I’d like to speculate a bit on what this attack means for the DNS and what we could do to mitigate the recurrence of such attacks. More...

 


NANOG 68

October 2016

NANOG held its 68th meeting in Dallas in October. Here's what I found memorable and/or noteworthy from this meeting. More...

 


A Brief History of the IANA

October 2016

October 2016 marks a milestone in the story of the Internet. At the start of the month the United States Government let its residual oversight arrangements with ICANN (the Internet Corporation for Assigned Names and Numbers) over the operation of the Internet Assigned Numbers Authority (IANA) lapse. It seems like a good time to look back at the path taken to get to where the IANA is today. More...

 


DNS OARC 25

October 2016

DNS OARC is the place to share research, experiences and data primarily concerned with the operation of the DNS in the Internet. Here are some highlights for me from the most recent meeting, held in October 2016 in Dallas. More...

 


IPv6 and the DNS

October 2016

We often think of the Internet as the web, or even these days as just a set of apps. When we look at the progress with the transition to IPv6 we talk about how these apps are accessible using IPv6 and mark this as progress. But the Internet is more than just these services. There is a whole substructure of support and if we are thinking about an IPv6 Internet then everything needs to change. So here I want to look at perhaps the most critical of these hidden infrastructure elements - the Domain Name System. How are we going with using IPv6 in the DNS? More...

 


DNSSEC and ECDSA

October 2016

The 'traditional' cryptographic algorithm used to generate digital signatures in secure DNS (DNSSEC) has been RSA. But maybe its time to look around at a "denser" algorithm that can offer comparable cryptographic strength using much smaller digital keys. Are we ready to use ECDSA in DNSSEC? More...

 


DDOS Attackers - Who and Why?

September 2016

Bruce Schneier's recent blog post, "Someone is Learning How to Take Down the Internet" reported that the incidence of DDOS attacks is on the rise. The obvious question I have when reading these reports is "Who is behind these attacks, and why are they doing it?" More...

 


Binding to an IPv6 Subnet

September 2016

In the original framework of the IP architecture, hosts had network interfaces, and network interfaces had single IP addresses. These days, many operating systems allow a configuration to add additional addresses to network interfaces by enumerating these additonal addresses. But can we bind a network interface to an entire subnet of IP addresses without having to enumerate each and every individual address? More...

 


IPv6 Performance - Revisited

August 2016

Every so often I hear the claim that some service or other has deliberately chosen not to support IPv6, and the reason cited is not because of some technical issue, or some cost or business issue, but simply because the service operator is of the view that IPv6 offers an inferior level service as compared to IPv4, and by offering the service over IPv6 they would be exposing their clients to an inferior level of performance of the service. But is this really the case? More...

 


IETF 96

July 2016

The IETF meetings are relatively packed events lasting over a week, and it’s just not possible to attend every session. From the various sessions I attended here are a few personal impressions that I took away from the meeting that I would like to share with you. More...

 


Hosts vs Networks

July 2016

There are a number of ways to view the relationship between hosts and the network in the Internet. One view is that this is an example of two sets of cooperating entities that share a common goal: hosts and the network both want content to be delivered. Another view is that hosts and networks have conflicting objectives. This was apparent in a couple of sessions at the recent IETF 96 Meeting. More...

 


One Second Warning

July 2016

The Earth Orientation Centre is the bureau that looks after Universal Coordinated Time, and each six months they release a bulletin about their intentions for the next Universal Time correction window. This month they announced a leap second to be scheduled for midnight UTC 31 December 2016. More...