An Opinion Piece on Internet Security
Opinion: Why has our public key certificate system failed the Internet so badly?
Tag: DNS
The different ways of minimizing ANY
Guest Post: Retiring the DNS special query type ‘ANY’ is anything but easy.
Drilling for the KSK
What happens when a safe containing the devices to facilitate the Root Signing Ceremony doesn’t open?
DNSSEC validation revisited
Over the past year, DNSSEC validation has rallied. Geoff Huston looks at what is behind the rise.
How to: Deploy DoT and DoH with dnsdist
Follow this step-by-step guide to implement the DNS privacy standards DNS-over-TLS and DNS-over-HTTPS.
Why dynamic DNS mapping prevents DNSSEC deployment
Guest Post: Study looks at why DNSSEC deployment remains so slow (and hard) in CDNs.
Traffic analysis still possible when using DoT and DoH
Guest Post: Study seeks to measure the effectiveness of encrypting the DNS for the purpose of privacy.
SHA-1 chosen prefix collisions and DNSSEC
Guest Post: The SHAmbles prefix collision attack against SHA-1 offers a new way for attackers to spook the DNS despite DNSSEC.
What is the DNS anyway?
Guest Post: Part of the DoH-related conflicts seem to come from a different understanding of what the DNS is and what it is meant to do.
Three of the best: Geoff Huston
Review 2019 through Geoff Huston’s eyes, with three of his best posts from the year past.