DNSSEC Archives | APNIC Blog

Web PKI: How to protect a popular security service?

By Pouyan Fotouhi Tehrani on 2 Oct 2024

Guest Post: Lessons learned from a study on the interrelation of CAA, CT, and DANE in web PKI deployments.

[Podcast] EDNS and UDP

By George Michaelson on 22 Aug 2024

Investigating the EDNS0 option for DNS, focusing on the specified maximum UDP packet size and its practical implications in the modern Internet.

[Podcast] Calling time on DNSSEC part 2 of 2

By George Michaelson on 25 Jul 2024

Following on from his last podcast, Geoff explores how to fix the problem in DNSSEC deployment and how this can benefit TLS.

[Podcast] Testing Post Quantum Cryptography DNSSEC

By George Michaelson on 11 Jul 2024

If quantum computing becomes viable, Post Quantum Cryptography (PQC) will be needed to replace RSA and ECC signatures in DNSSEC. How well can today’s DNS system handle PQC methods?

Where did DNSSEC go wrong?

By Edward Lewis on 5 Jul 2024

Guest Post: What lessons can we learn from the development of DNSSEC?

DNS evolution

By Geoff Huston on 1 Jul 2024

The DNS has evolved significantly during the Internet’s lifetime. What’s changed and what’s remained the same?

[Podcast] Calling time on DNSSEC: Part 1 of 2

By George Michaelson on 27 Jun 2024

Geoff Huston discusses the market failure of DNSSEC in deployment.

DNS topics at RIPE 88

By Geoff Huston on 6 Jun 2024

DNSSEC bootstrapping, DELEG update, DNS energy consumption, resolver BCP, and more from RIPE 88.

Calling time on DNSSEC?

By Geoff Huston on 28 May 2024

Should we drop DNSSEC and just move on?

KeyTrap

By Geoff Huston on 12 Mar 2024

Just how ‘devastating’ is the Keytrap vulnerability? How it works, and what the response has been.