DNS Archives | APNIC Blog

DNS query duplication

By Geoff Huston on 17 Jun 2026

In the DNS, name resolution space queries are free. To what extent do we see over-querying on the part of recursive resolvers in the DNS?

Unveiling the hidden complexity of authoritative DNS resilience

By Minzhao Lyu on 10 Jun 2026

Guest Post: Government online services rely on authoritative DNS as a critical foundation of national digital infrastructure. This study presents a systematic framework to assess DNS resilience, revealing strengths, weaknesses, and operational practices shaping governments’ ability to withstand failures and attacks.

Cold start DNS

By Geoff Huston on 2 Jun 2026

There is an obvious tension between resilience and speed in the design of a resolver’s query strategy. DNS cold starts bring that tension into focus.

Centrality in the Internet’s names

By Geoff Huston on 28 May 2026

The Internet’s Domain Name System undertakes a vitally important role in today’s Internet. The question here is — is the DNS centralized?

Authoritative DNS over encrypted transport at OARC 45

By Geoff Huston on 20 May 2026

The use of encrypted DNS transports for communication between recursive resolvers and authoritative services in the DNS was an important topic of discussion OARC 46 in Edinburgh.

Rolling the root key

By Geoff Huston on 5 May 2026

Have DNSSEC-validating recursive resolvers updated their Trust Anchor sets to include KSK-2024, and how can we measure whether this transition has been successfully adopted?

NIST updates its secure DNS deployment guide: What operators need to know

By Dan Fidler on 14 Apr 2026

NIST’s updated DNS deployment guide treats DNS as a core security control, offering practical guidance on protective DNS, encryption, DNSSEC, and both authoritative and recursive operations to help operators strengthen resilience, visibility, and policy enforcement.

[Podcast] Measuring the use of DNS over IPv6

By George Michaelson on 5 Mar 2026

Geoff Huston explores how DNS operates over IPv6 and the challenges of measuring it. His findings reveal interesting variances by geographic region and network, raising questions about whether IPv6-only DNS is reliable enough to guide future operational practices.

Network Management session at APRICOT 2026: DNS logs, enterprise open source, and configuration management

By George Michaelson on 3 Mar 2026

The Network Management session at APRICOT 2026 brought together four presenters to share practical, data‑driven insights into how operators can better understand and optimize their networks.

Measuring the use of DNS over IPv6

By Geoff Huston on 2 Mar 2026

How much of the Internet user base can reliably access a DNS server where the only form of access is via IPv6?