Posts by matt.

Root DNSSEC Key Attestation

On June 16, 2010, I witnessed the generation of the first root zone key-signing key in the first key ceremony held by ICANN, the IANA functions operator, at its key ceremony facility in Culpeper, VA.  I attest that the following DS record corresponds to the key generated at that ceremony:

. IN DS 19036 8 2  49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5

The canonical location of the root zone trust anchor information is Also included there are supporting material and explanatory documentation.

A PGP-signed version of this attestation is available here.

Matt Larson
July 16, 2010

Episode 6

In yet another episode recorded with Matt and Cricket in the same room, they offer their opinions on two security-related topics: TSIG, including when to use it and whether it’s still worthwhile with DNSSEC-signed zones; and the benefits and drawbacks of using split namespaces.  Along the way, they attempt to determine – using nothing but their wits, logical extrapolation and haphazard guessing – how a new feature of BIND 9.6 must work.


Episode 3

Warning: spoiler alert!  Do not listen to this episode if you do not want to learn the identity of the final Cylon in Battlestar Galactica.  Also, do not listen if you do not want to hear Matt correct and elaborate a bit on DNSSEC topics from Episode 2.  And especially do not listen if you are not interested in learning about the uses of stub zones and hearing an explanation of web browser DNS “pre-fetching”.  Otherwise, it’s fine to listen and we hope you will.


Episode 2

In our second episode, Matt and Cricket discuss Matt’s distaste for handbells and lapse into a discussion of Star Trek (The Original Series) — oh, and answer an actual listener’s question about when DNSSEC deployment will be widespread.  Also, Cricket says “Right, right” many times.


Episode 1

Welcome to the inaugural episode of the Ask Mr. DNS Podcast! In this first episode, we introduce ourselves and talk a little about our backgrounds. We also explain who the heck Mr. DNS is and why we’ve named our podcast after him. Then we actually answer a DNS question and wind up the episode discussing some interesting DNS research we’ve each done.

We hope you enjoy it!


Do you have a question for Mr. DNS?

If you have a question about DNS for Mr. DNS, he’d love to hear it. Drop him a line at