DNS query duplication
In the DNS, name resolution space queries are free. To what extent do we see over-querying on the part of recursive resolvers in the DNS?
In the DNS, name resolution space queries are free. To what extent do we see over-querying on the part of recursive resolvers in the DNS?
Guest Post: Government online services rely on authoritative DNS as a critical foundation of national digital infrastructure. This study presents a systematic framework to assess DNS resilience, revealing strengths, weaknesses, and operational practices shaping governments’ ability to withstand failures and attacks.
There is an obvious tension between resilience and speed in the design of a resolver’s query strategy. DNS cold starts bring that tension into focus.
The Internet’s Domain Name System undertakes a vitally important role in today’s Internet. The question here is — is the DNS centralized?
The use of encrypted DNS transports for communication between recursive resolvers and authoritative services in the DNS was an important topic of discussion OARC 46 in Edinburgh.
Have DNSSEC-validating recursive resolvers updated their Trust Anchor sets to include KSK-2024, and how can we measure whether this transition has been successfully adopted?
NIST’s updated DNS deployment guide treats DNS as a core security control, offering practical guidance on protective DNS, encryption, DNSSEC, and both authoritative and recursive operations to help operators strengthen resilience, visibility, and policy enforcement.
Geoff Huston explores how DNS operates over IPv6 and the challenges of measuring it. His findings reveal interesting variances by geographic region and network, raising questions about whether IPv6-only DNS is reliable enough to guide future operational practices.
The Network Management session at APRICOT 2026 brought together four presenters to share practical, data‑driven insights into how operators can better understand and optimize their networks.
How much of the Internet user base can reliably access a DNS server where the only form of access is via IPv6?