[Podcast] Measuring DNSSEC keying ‘drift’ between parent and child
An analysis of CDS and CDNSKEY records looking at mismatches between child and parent, and the nameservers for the zone.
Tag: DNSSEC
Web PKI: How to protect a popular security service?
Guest Post: Lessons learned from a study on the interrelation of CAA, CT, and DANE in web PKI deployments.
[Podcast] EDNS and UDP
Investigating the EDNS0 option for DNS, focusing on the specified maximum UDP packet size and its practical implications in the modern Internet.
[Podcast] Calling time on DNSSEC part 2 of 2
Following on from his last podcast, Geoff explores how to fix the problem in DNSSEC deployment and how this can benefit TLS.
[Podcast] Testing Post Quantum Cryptography DNSSEC
If quantum computing becomes viable, Post Quantum Cryptography (PQC) will be needed to replace RSA and ECC signatures in DNSSEC. How well can today’s DNS system handle PQC methods?
Where did DNSSEC go wrong?
Guest Post: What lessons can we learn from the development of DNSSEC?
DNS evolution
The DNS has evolved significantly during the Internet’s lifetime. What’s changed and what’s remained the same?
[Podcast] Calling time on DNSSEC: Part 1 of 2
Geoff Huston discusses the market failure of DNSSEC in deployment.
DNS topics at RIPE 88
DNSSEC bootstrapping, DELEG update, DNS energy consumption, resolver BCP, and more from RIPE 88.
Calling time on DNSSEC?
Should we drop DNSSEC and just move on?