DNS-over-TCP considered vulnerable
Guest Post: There are several ways attackers can force TCP to fragment for inclusion in IP fragmentation attacks.
Tag: DNS
DNSSEC provisioning automation with CDS/CDNSKEY in the real world
Guest Post: How DNSSEC Delegation Trust Maintenance can be automated via the DNS itself.
DNS openness
The evolution of the DNS reflects broader market pressures in the Internet at large.
Caching is key to interpreting root DNS anycast performance
Guest Post: Context is everything when it comes to assessing anycast.
Evaluation of anti-DDoS features in full-service resolvers
Guest Post: Simulating a DDoS attack, Japanese researchers tested a full-service resolver configured with both fetch-limit and serve-stale enabled.
DNSSEC with RSA-4096 keys
We must anticipate changes in computational capacity when choosing an encryption algorithm, but is it relevant to DNSSEC?
DNSSEC KSK Ceremony 43
Guest Post: After issues at recent DNSSEC KSK ceremonies what can we expect at the next one?
Can the DNS support encryption without enabling centralization?
Guest Post: Study shows clients can distribute DNS queries across a set of popular recursive resolvers without performance degradation.
DNS security and key ceremonies
Guest Post: What happens at a Root KSK ceremony? What’s at stake, and what could go wrong?
Who emailed who? Institutional privacy risks in the DNS
Guest Post: Institutions that run their own recursive resolvers and route from their own AS are most susceptible to privacy risks.