Posts categorized “Uncategorized”.

Episode 49

Cricket and Matt took advantage of being in the same place for once to record the podcast, though that doesn’t stop us from forgetting which episode number we’re actually recording.  We answer four questions on subjects relating to SPF, DNSSEC, /etc/host.conf and authoritative server selection by recursive name servers.  On that last topic, Matt refers to research on server selection he contributed to and promised a link to the paper in the show notes.  The paper is “Authority Server Selection of DNS Caching Resolvers” and was published in ACM SIGCOMM Computer Communication Review (CCR), April 2012.

Play

Episode 48

In Episode 48, we are pleased to welcome Bert Hubert of PowerDNS fame to the show.  We reach into the mailbag to answer Nic Waller’s question about measuring which names in a zone are actually queried, Jesus Cea asked about proving domain ownership to obtain a Let’s Encrypt certificate (which caused us to do some actual research before recording!), and long-suffering listener Yiorgos Adamopoulos gamely sent in a question about using the block chain for name resolution.  As usual, we indulge in light banter completely unrelated to DNS, this time on outrageous cell phone roaming charges and Dutch pipe organs.

 

Play

Episode 47

In this episode, our 47th, we realize the mailbag is actually fuller than we thought, and work diligently to answer questions from a “long-term” Swedish listener about IPv6 reverse mapping, from Jeremy Laidman about BIND 9.11′s new catalog zones feature, and from (the also likely Swedish) Håkan Lindqvist about the credibility of DNS data, particularly NS records.  We also digress into ruminating over the possible deleterious effects of The Disney Channel on the attitudes of tween daughters, why the first four minutes of the forthcoming “Sully” are likely the highlight of the film, and what we’ve been watching on TV lately.  Don’t miss it!

Play

Episode 45

We’re back again, scraping the bottom of the mailbag for questions.  Erik Radde helped us out with a question on the interaction of wildcards and the search list, and Lenny Tropiano tweeted a question at Mr. DNS about Dyn’s support for a feature that provides CNAME-like semantics at a zone apex.  Along the way there were detours into the three laws of thermodynamics and, more importantly as the AI revolution grows ever closer, the three laws of robotics.

 

Play

Episode 44

Well, we said we’d try to keep to a monthly schedule, and we arguably just made it!  This episode, number 44, features a special guest:  Andrew Sullivan, Matt’s colleague at Dyn and Chair of the Internet Architecture Board.  Now, if we’d planned ahead and let you know Andrew was going to be on the show, we could have let you know so that you could have submitted lots of thoughtful questions for him to answer, but by now you know not to expect that kind of forethought from us.  Instead, we asked him about stuff we’re interested in, including the IANA transition and ARCING, an IETF effort to identify alternative resolution contexts.  We also answer a question from Sheridan West about some suspicious-looking log messages from his name server and one from Jeff Helman about the right DNS configuration for handling multiple back-end web servers.

Play

Episode 42

In Episode 42, we discuss the meaning of life, the universe and everything with a very special guest, @dnsreactions, creator of the hit DNS Reactions Tumblr.  “DR”, as we call him or her (or it?), prefers to stay anonymous, so we have obscured his/her/its voice using the magic of technology.  Our long-suffering listeners submitted questions for DR, who was very accommodating.  Enjoy!

Play

Episode 41

Welcome to our special Halloween episode!  Okay, not really, but we are recording in late October…  This time we answer a record-breaking three questions from the same listener, Grant Taylor, who single-handedly supplied the material for all our tangents in this show.  We remind everyone of the dangers of cache poisoning in a discussion about CNAMEs, we strain our memories back to the early days of DNSSEC to discuss SIG(0), and we explain and opine on EDNS Client Subnet, a recent and increasingly popular DNS protocol extension.  Considering the time of year, we also lapse into a discussion of candy, specifically peanut M&Ms.

Play

Episode 37

Back after a long absence they try to avoid talking about, Cricket and Matt tackle some meat-and-potatoes questions: Why can’t one have a CNAME with other records at a domain name? Are registrars buying up expired domain names? How can one make a name server generate answers dynamically?  Listen as Matt embarrasses himself by forgetting the name of the Registry-Registrar Protocol (RRP), the predecessor to the Extensible Provisioning Protocol (EPP), used today between registrars and registries.  Cricket’s memory is working fine, though, as he dredges up a reference to lbnamed, a simple, Perl-based name server now remembered only by Google and DNS geeks.  And as usual, there are tangents: the episode winds up with an impromptu discussion of standing desks and how Matt is an effective but not-at-all-subtle choral conductor.

Play

Root DNSSEC Key Attestation

On June 16, 2010, I witnessed the generation of the first root zone key-signing key in the first key ceremony held by ICANN, the IANA functions operator, at its key ceremony facility in Culpeper, VA.  I attest that the following DS record corresponds to the key generated at that ceremony:

. IN DS 19036 8 2  49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5

The canonical location of the root zone trust anchor information is http://data.iana.org/root-anchors. Also included there are supporting material and explanatory documentation.

A PGP-signed version of this attestation is available here.

Matt Larson
July 16, 2010

Episode 16

In this episode, for the first time ever, Matt and Cricket are joined by a dozen DNS dignitaries to answer a question from Alejandro Acosta about when to plug trust anchors into his name servers’ configurations and begin validating, and Bob Lee’s question about which tools to use to check his zone data and his name server’s configuration.  Then they discuss DENIC’s recent Worst Day Ever after they published a truncated zone data file for .DE.  And Mr. DNS is amazed to learn how many dynamic zone hosting services are blocked from China.

Mr. DNS sends special thanks to Dyn Inc. for their support of this Ask Mr. DNS episode.  Dyn provided the venue, the equipment and their famous New England hospitality.  Thanks also to all of the panelists for their good humor and participation.

Play