Posts by matt.

Episode 56

We’re back with an emergency episode published just in time to inform your frantic preparations for DNS Flag Day on 1 February 2019. We’re delighted to welcome another special guest, Petr Špaček from CZ.NIC, to fill us in and let us know if we should stockpile food for an impending Internet collapse and the ensuing end of civilization as we know it. Or maybe it’s just the story of a few DNS developers whose patience has finally run out. Then Matt recommends the Netflix show Babylon Berlin, and Cricket and Matt lament their years-long study of German with not nearly as much to show for it as we’d like.

 

Play

Episode 55

We’re back after our longest hiatus yet. Alas, the mail bag was empty, so instead we invited special guest Paul Hoffman to talk about DNS over HTTPS (DoH), which has generated some buzz in the DNS community (to the extent that anything can generate buzz in the DNS community). We end with our usual pop culture consumption recap, this time focusing on what we’ve read recently (science fiction, unsurprisingly) and what shows we’ve watched in this new Golden Age of Television.

Play

Episode 52

In this episode, number 52 (cards in a deck! And just wait till we hit 53, which has special significance!), Matt and Cricket are joined by a pantheon of the gods of DNS.  However, since they neglected to ask any of the speakers to introduce themselves, you’ll just have to guess, Band Aid “Do They Know It’s Christmas”-style, who’s who.  (Olafur’s basically a gimme–our Boy George or Bono.)  We answer David Mar’s question about how to learn the basics of DNS and then recap some of the topics of the Inside Baseball meeting we’d been attending, graciously hosted by Salesforce and organized by Allison Mankin & company.

Play

Episode 49

Cricket and Matt took advantage of being in the same place for once to record the podcast, though that doesn’t stop us from forgetting which episode number we’re actually recording.  We answer four questions on subjects relating to SPF, DNSSEC, /etc/host.conf and authoritative server selection by recursive name servers.  On that last topic, Matt refers to research on server selection he contributed to and promised a link to the paper in the show notes.  The paper is “Authority Server Selection of DNS Caching Resolvers” and was published in ACM SIGCOMM Computer Communication Review (CCR), April 2012.

Play

Root DNSSEC Key Ceremony 27 Attestation


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thursday, October 27, I attended the Root DNSSEC Key Ceremony 27,
administered by Public Technical Identifiers (PTI), the administrator
of the IANA functions and an affiliate of ICANN, which was held in
PTI's key management facility (KMF) in Culpeper, Virginia, USA.

ICANN and PTI are in the process of rolling the root zone key-signing
key (KSK) and details about that project are available at:

https://www.icann.org/resources/pages/ksk-rollover

I attest that a new key intended to be the next root zone KSK was
generated at that ceremony, and that the following DS record
corresponds to the newly generated key:

. IN DS 20326 8 2 E06D44B80B8F1D39A95COBOD7C65D08458E880409BBC683457104237C7F8EC8D

The key will not be declared operationally ready until it is imported
into the hardware security modules (HSMs) in PTI's second KMF in El
Segundo, CA, at the next root key ceremony planned for February, 2017.
Provided that ceremony is successful and that subsequent root KSK
rollover plans proceed according to schedule, the key attested to
above will become the next root zone KSK and be used to sign the root
zone's key set on October 11, 2017.

I further attest that the ceremony followed the script published at
https://data.iana.org/ksk-ceremony/27/KC27_Script.pdf, with one minor
exception relating to the formatting of USB drives used to transport
signed material out of the ceremony room.

Disclosure: I am employed by ICANN as VP of Research and sometimes act
as a Ceremony Administrator (CA) for root key ceremonies.

Matt Larson
28 October 2017
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iEYEARECAAYFAlgTpoMACgkQATXaA1CYG0VqFgCeINrlVQDIDAMZO0RtlftiNYMj
5CgAniFE+fdA9MQY/BE3VwG0dEvhHsU/
=sM6f
-----END PGP SIGNATURE-----

Episode 48

In Episode 48, we are pleased to welcome Bert Hubert of PowerDNS fame to the show.  We reach into the mailbag to answer Nic Waller’s question about measuring which names in a zone are actually queried, Jesus Cea asked about proving domain ownership to obtain a Let’s Encrypt certificate (which caused us to do some actual research before recording!), and long-suffering listener Yiorgos Adamopoulos gamely sent in a question about using the block chain for name resolution.  As usual, we indulge in light banter completely unrelated to DNS, this time on outrageous cell phone roaming charges and Dutch pipe organs.

 

Play

Episode 45

We’re back again, scraping the bottom of the mailbag for questions.  Erik Radde helped us out with a question on the interaction of wildcards and the search list, and Lenny Tropiano tweeted a question at Mr. DNS about Dyn’s support for a feature that provides CNAME-like semantics at a zone apex.  Along the way there were detours into the three laws of thermodynamics and, more importantly as the AI revolution grows ever closer, the three laws of robotics.

 

Play

Episode 43

In this, our holiday episode, we’re joined by returning special guest, Duane Wessels, who discusses a recent event involving the root name servers and a lot of obviously spoofed traffic, as well as his ongoing work in the IETF around DNS privacy.  We reach into the mail bag and find a question from our friend, Rob Fleischman, musing about possible additional metadata that recursive servers could send to authoritative servers.  As it happens, Duane’s also working on a DNS protocol extension directly related to Rob’s question, which he tells us about.  Finally, we end with a brief and spoiler-free discussion about The Force Awakens.

Play

Episode 42

In Episode 42, we discuss the meaning of life, the universe and everything with a very special guest, @dnsreactions, creator of the hit DNS Reactions Tumblr.  “DR”, as we call him or her (or it?), prefers to stay anonymous, so we have obscured his/her/its voice using the magic of technology.  Our long-suffering listeners submitted questions for DR, who was very accommodating.  Enjoy!

Play

Episode 41

Welcome to our special Halloween episode!  Okay, not really, but we are recording in late October…  This time we answer a record-breaking three questions from the same listener, Grant Taylor, who single-handedly supplied the material for all our tangents in this show.  We remind everyone of the dangers of cache poisoning in a discussion about CNAMEs, we strain our memories back to the early days of DNSSEC to discuss SIG(0), and we explain and opine on EDNS Client Subnet, a recent and increasingly popular DNS protocol extension.  Considering the time of year, we also lapse into a discussion of candy, specifically peanut M&Ms.

Play