The intent of this talk is to review many of the differences that I personally have experienced while working with a wide variety of DNS service providers. Because of the corporate acquisitions by Salesforce, we need to bring their domain name assets into our company, handling the transfer of domain registrations, registrars, and operations. While often this is a pretty straightforward...
The combination of DNS over HTTPS and HTTP Server Push opens up the potential of hainv a server push a DNS response to the client without the client having to perform a DNS query. This has received a lukewarm reception so far in the DNS community, but there are some interesting aspects to this approach in terms of enhanced privacy and improved latency.
One of the main challenge facing IoT today is security. The constrained nature of IoT devices deprives them of using security solutions used in the Internet. Constrained IoT devices cannot use the Public Key Infrastructure with X.509 certificates to establish secure sessions. Moreover, the idea of self-signed certificates and having trust based on a single private trusted CA does does not...
Most clients, servers and test tools in the Domain Name System (DNS) ecosystem today strive to get the DNS protocol implementation as correct as possible.
This is a particularly difficult effort for DNS test tools, such as Zonemaster, which require a specific infrastructure to ascertain their own correctness.
Testing such tools is traditionally done by having DNS servers serve specially...
The Internet's naming system (DNS) is a hierarchically structured database, with hundreds of millions of domains in a radically distributed management architecture. The distributed nature of the DNS is the primary factor that allowed it to scale to its current size, but it also brings security and stability risks. The Internet standards community (IETF) has published several operational best...
We consider how the DNS security and privacy landscape has evolved over time, using data collected annually at A-root between 2008 and 2021. We consider issues such as deployment of security and privacy mechanisms, including source port randomization, TXID randomization, DNSSEC,and QNAME minimization. We find that achieving general adoption of new security practices is a slow, ongoing process....
