[dns-wg] New on RIPE Labs: Expanding Our Authoritative DNS Cluster
Dear colleagues, We just published an article on the latest steps we've been taking to expand our authoritative DNS (AuthDNS) cluster. Read more on RIPE Labs: https://labs.ripe.net/Members/anandb/expansion-of-ripe-nccs-anycasted-authoritative-dns-cluster Kind regards, Alun Davies RIPE NCC
[dns-wg] New on RIPE Labs: Journeying into XDP Part 1 - Augmenting DNS
Dear colleagues, In the second of a series of articles aimed at exploring use cases for XDP (eXpress Data Path) technology, Tom Carpay talks about implementing Response Rate Limiting. Read more now on RIPE Labs: https://labs.ripe.net/Members/tom_carpay/journeying-into-xdp-part-1-augmenting-dns Kind regards, Alun Davies RIPE NCC
[dns-wg] New on RIPE Labs: Inferring the Deployment of Inbound Source Address Validation Using DNS Resolvers
Dear colleagues Source Address Validation (SAV) is aimed at filtering packets based on source IP addresses at the network edge. On RIPE Labs now, Maciej Korczynski and colleagues share their method for identifying networks that do not deploy SAV for incoming traffic. https://labs.ripe.net/Members/yevheniya_nosyk/inferring-the-deployment-of-inbound-source-address-validation-using-dns-resolvers Kind regards, Alun Davies
[dns-wg] New on RIPE Labs: How Centralised is DNS Traffic Becoming?
Dear colleagues, In this new article on RIPE Labs, Giovane Moura talks about how he and his colleagues have been measuring Internet centralisation and its effects: https://labs.ripe.net/Members/giovane_moura/how-centralised-is-dns-traffic-becoming Kind regards, Alun Davies RIPE NCC
[dns-wg] New on RIPE Labs: Trufflehunter - A New Tool to Sniff Out DNS Usage
Dear colleagues, Measuring domain usage on centralised public DNS resolvers can be very useful, but it's also pretty hard to do. Trufflehunter is a new open source tool that puts snooping techniques to good use in order to accurately estimate the popularity of domains. Read all about it on RIPE Labs: https://labs.ripe.net/Members/audrey_randall/a-new-tool-to-sniff-out-dns-usage Kind regards, Alun Davies RIPE Labs Editor RIPE NCC
[dns-wg] New on RIPE Labs: Measuring DNS over TLS from the Edge
Dear colleagues, In a study aimed at understanding the availability of DoT and how it performs for end users, Trinh Viet Doan and colleagues have been measuring DoT adoption, reliability, and response times with RIPE Atlas. Read the results on RIPE Labs: https://labs.ripe.net/Members/trinh_viet_doan/measuring-dns-over-tls-from-the-edge-adoption-reliability-and-response-times Kind regards, Alun Davies RIPE Labs Editor RIPE NCC
[dns-wg] New on RIPE Labs: Understanding the European Resolver Policy
Dear colleagues, The European Resolver Policy is intended to provide reassurance to end-users and other stakeholders that personal data gained in the operation of DNS resolution services will not be misused. In this guest post on RIPE Labs, Andrew Campling talks about the aims and benefits of the policy: https://labs.ripe.net/author/andrew_campling/understanding-the-european-resolver-policy/ Kind regards, Alun Davies RIPE Labs Editor RIPE NCC
[dns-wg] New on RIPE Labs: Fragmentation, Truncation, and Timeouts - Are Large DNS Messages Falling to Bits?
Dear colleagues, Large DNS responses over UDP can lead to fragmentation, truncation, and timeouts. But how much of a problem is this actually causing in the wild? Are large DNS messages falling to bits? In this new article now available on RIPE Labs, Giovane Moura and colleagues from SIDN Labs investigate: https://labs.ripe.net/author/giovane_moura/fragmentation-truncation-and-timeouts-are-large-dns-messages-falling-to-bits/ Kind regards, Alun Davies RIPE Labs Editor RIPE NCC
[dns-wg] New on RIPE Labs: An Analysis of Responses to Mozilla’s Trusted Recursive Resolver Public Consultation
Dear colleagues, Mozilla's public consultation into the TRR policy closed in January this year. In this article, Andrew Campling provides an analysis of the responses received: https://labs.ripe.net/author/andrew_campling/an-analysis-of-responses-to-mozillas-trusted-recursive-resolver-public-consultation/ Kind regards, Alun Davies RIPE Labs Editor RIPE NCC
[dns-wg] New on RIPE Labs: Celebrating 30 Years of Europe’s First Root Name Server
Dear colleagues, In this new guest post on RIPE Labs, Lars-Johan Liman from Netnod talks us through the 30-year history of I-root, Europe's first root name server: https://labs.ripe.net/author/liman/celebrating-30-years-of-europes-first-root-name-server/ Kind regards, Alun Davies RIPE Labs Editor RIPE NCC
[dns-wg] New on RIPE Labs: DNS Vulnerability, Configuration Errors That Can Cause DDoS
Dear colleagues, Giovane Moura and colleagues discovered a DNS vulnerability that, when combined with a configuration error, can lead to massive DNS traffic surges. In this new article on RIPE Labs, they share more about the work they've been working to mitigate the threat: https://labs.ripe.net/author/giovane_moura/dns-vulnerability-configuration-errors-that-can-cause-ddos/ Kind regards, Alun Davies RIPE Labs Editor RIPE NCC -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/dns-wg
[dns-wg] New on RIPE Labs: Detecting DNS Root Manipulation
Dear colleagues, In 2021, when reports emerged that hosts in Mexico were unable to reach whatsapp.net, it was determined that middleboxes were to blame. These devices were intercepting the queries to the root instance hosted in China and sending a bogus reply. Taking this as their starting point, Qasim Lone and colleagues have been investigating the prevalence of middleboxes using RIPE Atlas: https://labs.ripe.net/author/qasim-lone/detecting-dns-root-manipulation/ Best regards, Alun Davies RIPE Labs Editor RIPE NCC -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/dns-wg
[dns-wg] New on RIPE Labs: Is It Possible for Encryption to Harm Cybersecurity?
Dear colleagues, Andrew Campling gives an update on developments in encrypted DNS and asks whether it’s possible that protocols intended to safeguard privacy might actually have a negative impact on cybersecurity for end users. Read more on RIPE Labs: https://labs.ripe.net/author/andrew_campling/is-it-possible-for-encryption-to-harm-cybersecurity/ Best regards, Alun Davies RIPE Labs Editor RIPE NCC -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/dns-wg
[dns-wg] New on RIPE Labs: Intercept and Inject - DNS Response Manipulation in the Wild
Dear colleagues, Prompted by an event that took place back in November 2021 - during which Internet users from Mexico lost access to whatsapp.net and facebook.com - a group of researchers have been carrying out an analysis of DNS root server manipulation in the wild using RIPE Atlas. In this new article on RIPE Labs, Yevheniya Nosyk shares some of the key takeaways from that analysis: https://labs.ripe.net/author/yevheniya_nosyk/intercept-and-inject-dns-response-manipulation-in-the-wild/ Best regards, Alun Davies RIPE Labs Editor RIPE NCC -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/dns-wg
[dns-wg] New on RIPE Labs: KeyTrap Algorithmic Complexity Attacks Exploit Fundamental Design Flaw in DNSSEC
Dear colleagues, The research team over at the National Research Center for Applied Cybersecurity ATHENE talk about their discovery of the devastating KeyTrap attack and the far-reaching impact such a vulnerability could have on the Internet: https://labs.ripe.net/author/haya-shulman/keytrap-algorithmic-complexity-attacks-exploit-fundamental-design-flaw-in-dnssec/ Kind regards, Alun Davies RIPE Labs Editor RIEP NCC -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/dns-wg
