Cold start DNS
There is an obvious tension between resilience and speed in the design of a resolver’s query strategy. DNS cold starts bring that tension into focus.
Tag: DNS
Centrality in the Internet’s names
The Internet’s Domain Name System undertakes a vitally important role in today’s Internet. The question here is — is the DNS centralized?
Authoritative DNS over encrypted transport at OARC 45
The use of encrypted DNS transports for communication between recursive resolvers and authoritative services in the DNS was an important topic of discussion OARC 46 in Edinburgh.
Rolling the root key
Have DNSSEC-validating recursive resolvers updated their Trust Anchor sets to include KSK-2024, and how can we measure whether this transition has been successfully adopted?
NIST updates its secure DNS deployment guide: What operators need to know
NIST’s updated DNS deployment guide treats DNS as a core security control, offering practical guidance on protective DNS, encryption, DNSSEC, and both authoritative and recursive operations to help operators strengthen resilience, visibility, and policy enforcement.
[Podcast] Measuring the use of DNS over IPv6
Geoff Huston explores how DNS operates over IPv6 and the challenges of measuring it. His findings reveal interesting variances by geographic region and network, raising questions about whether IPv6-only DNS is reliable enough to guide future operational practices.
Network Management session at APRICOT 2026: DNS logs, enterprise open source, and configuration management
The Network Management session at APRICOT 2026 brought together four presenters to share practical, data‑driven insights into how operators can better understand and optimize their networks.
Measuring the use of DNS over IPv6
How much of the Internet user base can reliably access a DNS server where the only form of access is via IPv6?
On misusing transparent DNS forwarders For amplification attacks
Guest Post: Research shows the threat vector introduced by transparent DNS forwarders that enable access to shielded recursive resolvers, and scale better in terms of potential attack volume.
From the stupid DNS tricks department: ipasn.net
A trick that lets you map an IP address to an ASN without preprocessing any data.