Notes from DNS-OARC 36
Slack’s DNSSEC debacle, NSEC problems, Measuring DNSSEC, and more from DNS-OARC 36.
Category:
Tech matters
ICARUS: Beware of flying satellites
Guest Post: How resilient are LEO satellite networks to DDoS attacks?
NPM, encryption, and the challenges ahead: Part 2
Guest Post: Encryption forced NPM vendors to evolve. Part 2 of this series discusses NPM’s evolution, including synthetic testing as one recent advancement.
Notes from RIPE 83
Geoff Huston discusses technical presentations from RIPE 83.
Working latency — the next QoE frontier
Guest Post: Comcast shares its work into reducing latency through Active Queue Management.
Help develop the DNS Data Dictionary
Guest Post: The DNS Data Dictionary seeks to map what is in existing relevant protocols and prevent divergence in new protocols.
ARP problems in EVPN
Guest Post: Why you should always set ARP timeout to less than five minutes in L3 EVPN and beware potential ARP suppression issues in L2 EVPN.
Modern OSes are prone to side-channel-based DNS cache poisoning attacks
Guest Post: Researchers show how SAD DNS attacks allow an off-path attacker to inject malicious DNS records into a DNS cache.
NPM, encryption, and the challenges ahead: Part 1
Guest Post: Encryption and cloud adoption are creating hurdles for network performance monitoring vendors. To survive, solutions must evolve or die.
Should you update your Route Flap Damping parameters?
Guest Post: Network operators should regularly check their RFD configurations for harmful vendor defaults.