DNS-over-TCP considered vulnerable
Guest Post: There are several ways attackers can force TCP to fragment for inclusion in IP fragmentation attacks.
Guest Post: There are several ways attackers can force TCP to fragment for inclusion in IP fragmentation attacks.
Guest Post: How DNSSEC Delegation Trust Maintenance can be automated via the DNS itself.
The evolution of the DNS reflects broader market pressures in the Internet at large.
Guest Post: Context is everything when it comes to assessing anycast.
Guest Post: Simulating a DDoS attack, Japanese researchers tested a full-service resolver configured with both fetch-limit and serve-stale enabled.
We must anticipate changes in computational capacity when choosing an encryption algorithm, but is it relevant to DNSSEC?
Guest Post: After issues at recent DNSSEC KSK ceremonies what can we expect at the next one?
Guest Post: Study shows clients can distribute DNS queries across a set of popular recursive resolvers without performance degradation.
Guest Post: What happens at a Root KSK ceremony? What’s at stake, and what could go wrong?
Guest Post: Institutions that run their own recursive resolvers and route from their own AS are most susceptible to privacy risks.