Recent Articles

 

On Cyber Governance

August 2020

APAN (Asia Pacific Advanced Network) brings together national research and education networks in the Asia Pacific region. APAN holds meetings twice a year to talk about current activities in the regional NREN sector. I was invited to be on a panel at APAN 50 on the subject of Cyber Governance, and I’d like to share my perspective on this topic here. More...

 


IPv6 and the DNS

July 2020

These days it seems that whenever we start to talk about the DNS the conversation immediately swings around to the subject of DNS over HTTPS (DoH) and the various implications of this technology. But that's not my intention here. I'd like to look at a different, but still very familiar and somewhat related, topic relating to the DNS, namely how IPv6 is being used as a transport protocol for DNS queries. More...

 


Measuring Route Origin Validation

June 2020

How well are we doing with the adoption of Route Origin Validation in the Inter-Domain routing space? How many users can no longer reach a destination if the only available ROAs mark the destination announcement as invalid? More...

 


Measuring IPv6

June 2020

This week I participated in a workshop on measurement of IPv6, organised by the US Naval Postgraduate School's Centre for Measurement and Analysis of Network Data (CMAND) and the folk at UC San Diego's Center for Applied Internet Data Analysis (CAIDA). Here's my notes from that workshop and a few opinions about IPv6 thrown is as well. More...

 


Where is the DNS Headed?

June 2020

I was on a panel at the recent Registration Operations Workshop on the topic of DNS Privacy and Encryption. The question I found myself asking was: “What has DNS privacy to do with registration operations?” More...

 


Technology Adoption in the Internet

June 2020

How are new technologies adopted in the Internet? What drives adoption? What impedes adoption? These were the questions posed at a panel session at the recent EuroDiG workshop in June. More...

 


DNS OARC 32a Meeting Report

June 2020

For many years I have been a keenly interested participant in the meetings organised by the DNS Operations and Research Community, or DNS OARC. This time around its most recent meeting headed into the online space. Here's my impressions of the material presented at the online DNS OARC 32a meeting. More...

 


A DNS view of Lockdown

June 2020

Over the past couple of decades, we've constructed two quite distinct online environments. There is the enterprise network which is commonly encountered at physical workplaces, and there is the consumer network which has been deployed across residential domains. The result is that many observed characteristics of the network have patterns that reflected the differences between these work and home environments. But what happened when the at-work workforce was sent home to work? What can the DNS tell us about the Lockdown? More...

 


New IP and Emerging Communications Technologies

May 2020

A "New IP" framework was proposed to an ITU Study Group last year. This framework envisages a resurgence of a network-centric view of communications architectures where application behaviours are moderated by network-managed control mechanisms. It's not the first time that we’ve seen proposals to rethink the basic architecture of the Internet’s technology and it certainly won’t be the last. But is it going to really going to influence the evolution of the Internet? What can we observe about emerging technologies that will play a critical role in the coming years? Here’s my personal selection of recent technical innovations that I would add into the set of emerging technologies that will exercise a massive influence over the coming ten years. More...

 


RPKI and Trust Anchors

April 2020

I’ve been asked a number of times: “Why are we using as distributed trust framework where each of the RIRs are publishing a trust anchor that claims the entire Internet number space?” I suspect that the question will arise again the future so it may be useful to record the design considerations here in the hope that this may be useful to those who stumble upon the same question in the future. More...

 


The Wrong Certificate

April 2020

I'm constantly impressed by the rather complex intricacies that are associated with running your own web server these days. A recent source of these complexities has been the PKI, the security infrastructure used to maintain secure connections over the network, and I'd like to recount my experience here, in case any others encounter the same seemingly inexplicable behaviours in their secure web service configurations. More...

 


Insecurity

March 2020

We need a secure and trustable infrastructure. We need to be able to provide assurance that the service we are contacting is genuine, that the transaction is secured from eavesdroppers and that we leave no useful traces behind us. Why has our public key certificate system failed the Internet so badly? More...

 


Revocation

March 2020

Public key cryptography is the mainstay of Internet security. It relies on all of us being able to keep our private key a secret. And if it all goes wrong, well we can always get our public key certificate revoked and start again with a new key pair. But what if revocation doesn't work? More...

 


DNSSEC Validation (Revisited)

February 2020

One year ago, I looked at the state of adoption of DNSSEC validation in DNS resolvers and the answer was not unreservedly optimistic. Instead of the "up and to the right" curves that show a momentum of adoption, there was a pronounced slowing down aof the momentum of DNSSEC adoption. The current picture of DNSSEC adoption is certainly far more heartening, and I would like to update this earlier article on DNSSEC with more recent data. More...

 


Deep Sea Diving

February 2020

There is something quite compelling about engineering a piece of state-of-the-art technology that is intended to be dropped off a boat and then operate flawlessly for the next twenty-five years or more in the silent depths of the world's oceans! It brings together advanced physics, marine technology and engineering to create some truly amazing pieces of netw2orking infrastructure. More...

 


Addressing 2019

January 2020

Time for another annual roundup from the world of IP addresses. Let's see what has changed in the past 12 months in addressing the Internet and look at how IP address allocation information can inform us of the changing nature of the network itself. More...

 


BGP in 2019 - Part 2

January 2020

This second part of the report of BGP across 2019 will look at the profile of BGP updates across 2019 to assess whether the stability of the routing system, as measured by the level of BGP update activity, is changing. More...

 


BGP in 2019 - Part 1

January 2020

It has become a tradition each January for me to report on the behaviour of the inter-domain routing system over the past year, looking in some detail at some metrics from the routing system that can show the essential shape and behaviour of the underlying interconnection fabric of the Internet. More...

 


Sizing the Buffer

December 2019

The topic of buffer sizing was the subject of a workshop at Stanford University in early December 2019. The workshop drew together academics, researchers, vendors and operators to look at this topic from their perspectives. The following are my notes from this workshop. More...

 


My IETF 106

November 2019

The 106th meeting of the IETF was in Singapore in November 2019. As usual for the IETF, there were many Working Group meetings, and this report is definitely not an attempt to cover all of these meetings or even anything close to that. Here I’ve been highly selective and picked out just the items that I found interesting from the sessions I attended. More...

 


Notes from OARC 31

November 2019

DNS OARC held its 31st meeting in Austin, Texas on 31 October to 1 November. Here are some of my highlights from two full days of DNS presentations at this workshop. More...

 


DNS Wars

November 2019

The 77th NANOG meeting was held in Austin, Texas at the end of October and they invited Farsight’s Paul Vixie to deliver a keynote presentation. These are my thoughts in response to his presentation, and they are my interpretation of Paul’s talk and more than a few of my opinions thrown in for good measure! More...

 


Path Prepending in BGP

October 2019

In this article I'd like to look at one particular aspect of the Internet's inter-domain routing framework, namely the role of the Autonomous System (AS) Path in the operation of BGP, and in particular the use of AS Prepending. More...

 


Dark Traffic

October 2019

This a report on a four-year long experiment in advertising a 'dark' prefix on the internet and examining the profile of unsolicited traffic that is sent to a traffic collector. More...

 


DNS Resolver Centrality

September 2019

Moving the DNS from the access ISP to the browser may not necessarily enhance open competition in the DNS world. In today's Internet just two browsers, Chrome and Safari dominate the browser world with an estimated 80% share of all users. If the DNS becomes a browser-specific setting, then what would that mean for the DNS resolver market? And why should we care? It would be useful to understand what is going on in the DNS today, before there has been any major shift to adopt DoH or DoT by high-use applications such as browsers. Can we measure the level of DNS centrality in the Internet today? More...

 


Why is Securing BGP just so Damn Hard?

September 2019

Stories of BGP routing mishaps span the entire thirty-year period that we’ve been using BGP to glue the Internet together. We’ve experienced all kinds of route leaks from a few routes to a few thousand or more. We’ve seen route hijacks that pass by essentially unnoticed, and we’ve seen others that get quoted for the ensuing decade or longer! After some 30 years of running BGP it would be good to believe that we’ve learned from this rich set of accumulated experience, and we now understand how to manage the operation of BGP to keep it secure, stable and accurate. But no. That's is not where we are today. Why is the task to secure this protocol just so hard? More...

 


DNS query Privacy

August 2019

In this article we'll look at DNS Query Name Minimisation in some detail and present the results of our measurement of the current level of use of this resolver query technique in today's Internet. More...

 


TCP MSS Values

July 2019

It may sound a little esoteric, but after a recently exposed Linux vulnerability the setting of the MSS value in a TCP handshake evidently matters. What values are used out there in the Internet today? More...

 


Not So Private Thoughts at IETF 105

July 2019

At IETF 105, held in Montreal at the end of July, the Technical Plenary part of the meeting had two speakers on the topic of privacy in today's Internet, Associate Professor Arvind Narayanan of Princeton University and Professor Stephen Bellovin of Colombia University. They were both quite disturbing talks in their distinct ways, and I'd like to share my impressions of these two presentations and then consider what privacy means for me in today's Internet. More...

 


Looking for What's Not There

June 2019

DNSSEC is often viewed as a solution looking for a problem. It seems only logical that there is some intrinsic value in being able to explicitly verify the veracity and currency of responses received from DNS queries, yet fleshing this proposition out with practical examples has proved challenging. Where else might DNSSEC be useful? More...

 


Network Protocols and their Use

June 2019

In June I participated in a workshop, organized by the Internet Architecture Board, on the topic of protocol design and effect, looking at the differences between initial design expectations and deployment realities. These are my impressions of the discussions that took place at this workshop. More...

 


Happy Birthday BGP

June 2019

The first RFC describing BGP, RFC 1105, was published in June 1989, thirty years ago. That makes BGP a venerable protocol in the internet context and considering that it holds the Internet together it's still a central piece of the Internet's infrastructure. How has this critically important routing protocol fared over these thirty years and what are its future prospects? It BGP approaching its dotage or will it be a feature of the Internet for decades to come? More...

 


Meeting Report: DNS Oarc 30

May 2019

I attended the 30th DNS OARC meeting in May. These are my impressions from the meeting. More...

 


Meeting Report: ICANN DNS Symposium

May 2019

I attended the 2019 ICANN DNS Symposium in May. These are my impressions from the meeting. More...

 


Expanding the DNS Root: Hyperlocal vs NSEC Caching

April 2019

The root zone of the DNS has been the focal point of many DNS conversations for decades. One set of conversations, which is a major preoccupation of ICANN meetings, concerns what labels are contained in the root zone. A separate set of conversations concern how this root zone is served in the context of the DNS resolution protocol. In this article I'd like to look at the second topic, and, in particular, look at two proposals to augment the way the root zone is served to the DNS, More...

 


More DOH

April 2019

It seems that the previous article on DOH has generated some reaction, and also there is some further development that should be reported, all of which I'll cover here. More...

 


DNS Privacy at IETF 104

April 2019

From time to time the IETF seriously grapples with its role with respect to technology relating to users’ privacy. Should the IETF publish standard specifications of technologies that facilitate third party eavesdropping on communications or should it refrain from working on such technologies? Should the IETF take further steps and publish standard specifications of technologies that directly impede various forms of third party eavesdropping on communications? Is a consistent position from the IETF on personal privacy preferred? Or should the IETF be as agnostic as possible and publish protocol specifications based solely on technical coherency and interoperability without particular regard to issues of personal privacy? This issue surfaced at IETF 104 in the context of discussions of DNS over HTTPS, or DOH. More...

 


The State of DNSSEC Validation

March 2019

Many aspects of technology adoption in the Internet over time show simple "up and to the right" curves. What lies behind these curves is the assumption that once a decision is made to deploy a technology the decision is not subsequently "unmade." When we observe an adoption curve fall rather than rise, then it’s reasonable to ask what is going on. More...

 


A quick look at QUIC!

March 2019

Quick UDP Internet Connection (QUIC) is a network protocol initially developed and deployed by Google, and now being standardized in the Internet Engineering Task Force. In this article we’ll take a quick tour of QUIC, looking at what goals influenced its design, and what implications QUIC might have on the overall architecture of the Internet Protocol. More...

 


No!

February 2019

Just what part of "No" doesn't the DNS understand? Why does the DNS over-query for non-existent names? More...

 


Addressing 2018

January 2019

Time for another annual roundup from the world of IP addresses. Let's see what has changed in the past 12 months in addressing the Internet and look at how IP address allocation information can inform us of the changing nature of the network itself. More...

 


BGP in 2018 - Part 2: BGP Churn

January 2019

The scalability of BGP as the Internet’s routing protocol is not just dependant on the number of prefixes carried in the routing table. Dynamic routing updates are also part of this story. If the update rate of BGP is growing faster than we can deploy processing capability to match then the routing system will lose data, and at that point the routing system will head into turgid instability. This second part of the report of BGP across 2018 will look at the profile of BGP updates across 2018 to assess whether the stability of the routing system, as measured by the level of BGP update activity, is changing. More...

 


BGP in 2018 - Part 1: The BGP Table

January 2019

It has become either a tradition, or a habit, each January for me to report on the experience with the inter-domain routing system over the past year, looking in some detail at some metrics from the routing system that can show the essential shape and behaviour of the underlying interconnection fabric of the Internet. More...