Short presentation providing updates since presentation in OARC 38.
* new learnings
* trends in adoption of DNS protection mechanisms
* coverage and future plans in Google Public DNS
This presentation describes the need for collaborative multi-stakeholder involvement in research and modeling to inform the DNSSEC post-quantum cryptography (PQC) algorithm standardization and transition agenda. Some key issues that need to be researched are described. This includes DNSSEC's need for long-term cryptographic resiliency and the impact NIST's selected PQC signature algorithm...
Several years ago, we completed a large scale deployment of DNSSEC across many zones on multiple DNS providers, in-house servers, and commercial appliances. While largely successful, we faced a number of significant operational challenges too. This talk will walk through some of our noteworthy operational experiences and challenges with the deployment. It will cover topics like configuration,...
DNSCrypt Protocol has been in existence since 2013 and has received considerable attention from the DNS community with several major DNS services providing support. This protocol also has several established client and server side open-source implementations in different programming languages. While not providing end-to-end DNS security, this protocol is designed to protect the ‘last mile’...
Public hosting services provide convenience for domain owners to build web applications with better scalability and security. However, if a domain name points to released service endpoints (e.g., nameservers allocated by a provider), adversaries can take over the domain by applying the same endpoints. Such threat is called hosting-based domain takeover. In recent years, a series of domain...
NS1 has introduced a new platform feature providing its authoritative DNS customers with a live telemetry stream of deep DNS analytics like traffic volume by QNAME, Top client IPs, Geo Location information, Client Subnet, ASNs, and much more. Customers get broad traffic analysis as well as the ability to create custom “edge queries” that represent a specific dimension of telemetry relevant to...
The transition to IPV6 has been a visible topic for more than 20 years and lots of energy has been expended at conferences. Most discussions have focused on IPv6 addressing but the DNS is just as essential to the proper functioning of the IPv6 internet. This talk will explore IPv6 readiness of the global DNS, including the long tail. A huge dataset of anonymized query traffic gathered from...
EduDig is a tool for making DNS education a little simpler. A web dig as many that are already seen on the internet today. The crucial difference is we have the goal of making the "DIG" presentation highlightable with an information space to explain the contents to the student/user. We have a working proof of concept and more work is planned in the coming months. Exposure and feedback will...