Evaluation of anti-DDoS features in full-service resolvers
Guest Post: Simulating a DDoS attack, Japanese researchers tested a full-service resolver configured with both fetch-limit and serve-stale enabled.
Tag: DNS
DNSSEC with RSA-4096 keys
We must anticipate changes in computational capacity when choosing an encryption algorithm, but is it relevant to DNSSEC?
DNSSEC KSK Ceremony 43
Guest Post: After issues at recent DNSSEC KSK ceremonies what can we expect at the next one?
Can the DNS support encryption without enabling centralization?
Guest Post: Study shows clients can distribute DNS queries across a set of popular recursive resolvers without performance degradation.
DNS security and key ceremonies
Guest Post: What happens at a Root KSK ceremony? What’s at stake, and what could go wrong?
Who emailed who? Institutional privacy risks in the DNS
Guest Post: Institutions that run their own recursive resolvers and route from their own AS are most susceptible to privacy risks.
DoHoT: better security, privacy, and integrity via load-balanced DNS over HTTPS over Tor
Guest Post: Looking for a way to improve privacy and security of your DNS? Run it through Tor.
Observing DNSSEC key life cycles
Guest Post: A new visualization project is shedding light on how regularly DNSSEC are keys being updated.
Another DNS OARC meeting
Geoff shares his thoughts on what was being discussed the recent OARConline 35a.
The prevalence of DNS over HTTPS
Guest Post: DoH resolver lists are not comprehensive, which makes it difficult for network administrators to entirely block DoH connections.