Service Bindings are a new family of DNS record types that enable improved security, privacy, and performance for Internet services. By providing an extensible bound collection of endpoint metadata, these new RR types allow clients to learn more about a server before they initiate a connection.
This session will review the technical architecture of the SVCB and HTTPS RR types, their...
New DNS record types are not added very often, and if they are in many cases they're highly specialized and not widely used. But this year two new record types (SVCB=64 and HTTPS=65) were introduced and are now used on devices which are widely deployed. For example, all Apple devices with recent software issue an HTTPS query for every lookup they do. This not only has a noticeable impact on...
The eXpress Data Path (XDP) is a "hook" in the Linux kernel providing programmability at the lowest layer of the Network Stack (at the device driver layer) and can even be hardware offloaded to programmable devices (e.g. SmartNICs). XDP provides an easy way to perform some parts of DNS handling in the kernel but still have traditional userspace software 'after' that. XDP does not have to...
A small survey of the adoption rates of various security related DNS records ( DNSSEC, SPF, DMARC etc. ). Looking at top 100 companies and DNS infrastructure companies.
Many measurements on the DNS are based on collections of "most popular" web sites, such as the Alexa list. Using these lists skew the results of analysis because those sites are often well-managed and available from many locations (such as through CDNs). A different tactic would be to look for collections of more typical web sites. For this study, data is collected from Wikipedia around the...
