Re: [dns-operations] Survey of How to Solving DNS Errors

> On 15 Aug 2024, at 10:39 PM, Florian Obser wrote: > > On 2024-08-15 11:25 +02, Ralf Weber wrote: >> I just logged in to a random server that is doing tens of thousands of >> requests per second and it had 15% NXDomain queries 1% SERVFAIL and REFUSED >> and 0.1% FORMERR and that is a typical

Re: [dns-operations] DNSbomb attack

> On 29 May 2024, at 12:55 AM, John Levine wrote: > > It appears that Ond� ej Surý said: >> I don’t know why are you trying to create rift where there’s really none. > > I suspect that I am not the only person who is getting a wee bit tired > of papers that say OMG MOST AWFUL DNS FLAW EVER! INT

Re: [dns-operations] DNSSEC parameter BCP

> On 13 Jun 2023, at 2:58 am, Viktor Dukhovni wrote: > > On Mon, Jun 12, 2023 at 10:41:12AM -0400, Viktor Dukhovni wrote: > >> On Mon, Jun 12, 2023 at 10:37:22AM -0300, daniel majela wrote: >> >>> What is the best algorithm for ksk and zsk? >> >> The BCP algorithm is ECDSAP256SHA256(13). T

Re: [dns-operations] Percentage of DoT/DoH requests for public resolvers?

> On 12 Jun 2023, at 10:49 pm, Stephane Bortzmeyer wrote: > > Hello, > > I'm looking for the current percentage of encrypted DNS requests > vs. in-the-clear ones on public resolvers having DoT/DoH/DoQ. I do not > find public information about it. May be I searched too fast? > > If you work fo

Re: [dns-operations] New addresses for b.root-servers.net

> On 3 Jun 2023, at 3:44 am, Robert Story wrote: > > On Fri 2023-06-02 09:33:20-0700 Manu wrote: >> On Tue, May 30, 2023 at 9:35 AM Robert Story >> wrote: >> >> It seems those are live and ready to use, but I did not see in the >> announcement that people could start updating their root zone

Re: [dns-operations] [Ext] K-root in CN leaking outside of CN

ec ;; SERVER: 2001:dc3::35#53(2001:dc3::35) ;; WHEN: Tue Aug 27 19:07:12 EST 2013 ;; MSG SIZE rcvd: 50 Normally this behaviour (where a query to a root server address received a response rather than a referral) was only visible within an area that was covered by the GFW. Geoff Huston ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations

Re: [dns-operations] Registrars supporting ED25519

> On 1 Aug 2021, at 1:21 am, Eric Germann via dns-operations > wrote: > > > From: Eric Germann > Subject: Registrars supporting ED25519 > Date: 1 August 2021 at 1:21:39 am AEST > To: dns-operations@lists.dns-oarc.net > > > I’m doing some work on my own test domains with ED25519. > > Does

Re: [dns-operations] Root Key Sentinel - current state of affairs?

These are good questions Ondrej. As Roy pointed out its not clear if you are referring to the “inward” signalling of RFC8145 or the response-based signalling of RFC8509. In the first roll one of the big questions was “who sees the roll” and the intent of RFC8509 was to jump in between the addit

Re: [dns-operations] REMINDER Re: Call for Participation -- ICANN DNSSEC Workshop at ICANN 52

of DNSSEC-validating resolvers, and which do not, and identifying those ISPs that have turned on DNSSEC-validating in their resolvers. kind regards, Geoff -- Geoff Huston Chief Scientist, APNIC +61 7 3858 3100 g...@apnic.net ___ dns-o

Re: [dns-operations] Geoff Huston on DNS-over-TCP-only study.

On 22/08/2013, at 10:32 AM, David Conrad wrote: > Geoff, > > I personally think this is really interesting work. A question about > methodology: > > On Aug 21, 2013, at 4:36 PM, Geoff Huston wrote: >> - Our experiment used a modified DNS server that truncated all U

Re: [dns-operations] Geoff Huston on DNS-over-TCP-only study.

On 22/08/2013, at 9:36 AM, Geoff Huston wrote: > > On 22/08/2013, at 12:36 AM, Jon Lewis wrote: > >> On Wed, 21 Aug 2013, Dobbins, Roland wrote: >> >>> >>> <http://www.circleid.com/posts/20130820_a_question_of_dns_protocols/> >> >&g

Re: [dns-operations] Geoff Huston on DNS-over-TCP-only study.

On 22/08/2013, at 12:36 AM, Jon Lewis wrote: > On Wed, 21 Aug 2013, Dobbins, Roland wrote: > >> >> > > I didn't even get far enough to get to the parts Vixie seems to object to. It > was too painful to read. It's in despe

Re: [dns-operations] Geoff Huston on DNS-over-TCP-only study.

Yes, our goal was to test out the asserting in RFC5966 that: "The majority of DNS server operators already support TCP" and we wanted to see if we could quantify what that "majority" actually was. What we found out was that of the DNS resolvers that were visible to the authoritative name server