Dear colleagues,
For those who missed the plenary talk Geoff Huston gave on Monday during
RIPE 69 ("The Resolvers We Use"), it is now published as an article on
RIPE Labs:
https://labs.ripe.net/Members/gih/the-resolvers-we-use
Kind regards,
Mirjam Kuehne
RIPE NCC
Labs:
https://labs.ripe.net/Members/romeo_zwart/new-architecture-for-k-root-local-nodes
Kind regards,
Mirjam Kuehne
RIPE NCC
Dear colleagues,
We took a look at the effect of the K-root node in Iran in order to
augment the picture provided by Dyn Research in a recent blog post.
Please find the results on RIPE Labs:
https://labs.ripe.net/Members/emileaben/iran-and-k-root-the-rest-of-the-story
Kind regards,
Mirjam
place new nodes. As a first step, Ray looked at the existing nodes to
see how they behave and if there is anything that can be improved. He
used RIPE Atlas to do this.
Kind regards,
Mirjam Kuehne
RIPE NCC
nt in a zone.
This new article on RIPE Labs describes our experiences with DNSSEC
algorithm roll-over:
https://labs.ripe.net/Members/anandb/dnssec-algorithm-roll-over
We hope that our experience will help others who may be considering
doing this.
Kind regards,
Mirjam Kuehne
RIPE NCC
-nodes-as-seen-by-ripe-atlas
Kind regards,
Mirjam Kuehne
RIPE NCC
mbers/suzanne_taylor_muzzin/ripe-atlas-domainmon-is-here
Kind regards,
Mirjam Kuehne
RIPE NCC
Dear colleagues,
Shane Kerr attended FOSDEM, the Free and Open-Source Developers European
Meeting last weekend, and wrote up a few observations around DNS. Please
see on RIPE Labs:
https://labs.ripe.net/Members/shane/dns-at-fosdem-2016
Kind regards,
Mirjam Kuehne
RIPE NCC
-iran-part-1
Kind regards,
Mirjam Kuehne
RIPE NCC
Dear colleagues,
You can now read part 2 of "A Tale of using Public DNS Servers in Iran"
on RIPE Labs, contributed by Babak Farroukhi:
https://labs.ripe.net/Members/babak_farrokhi/tale-of-using-public-dns-servers-in-iran-part-2
Kind regards,
Mirjam Kuehne
RIPE NCC
et/Members/babak_farrokhi/tale-of-using-public-dns-servers-in-iran-part-3?pk_campaign=labs&pk_kwd=list-dnswg
Kind regards,
Mirjam Kuehne
RIPE NCC
stress.
Please find this short guest post by Giovane Moura on RIPE Labs:
https://labs.ripe.net/Members/giovane_moura/anycast-vs-ddos-evaluating-the-november-2015-root-dns-event?pk_campaign=labs&pk_kwd=list-dnswg
Kind regards,
Mirjam Kuehne
RIPE NCC
nswg
Kind Regards,
Mirjam Kuehne
RIPE NCC
_kwd=list-dnswg
Kind regards,
Mirjam Kuehne
RIPE NCC
Hi Ralf,
Thanks for the feedback. I am copying the author so he is aware of your
comment.
Kind regards,
Mirjam
On 28/6/16 12:41, Ralf Weber wrote:
> Moin!
>
>
> On 28 Jun 2016, at 12:26, Mirjam Kuehne wrote:
>
>> Dear colleagues,
>>
>> Ramtin Kiaei sho
Dear colleagues,
Please find a new article by Babak Farrokhi on RIPE Labs:
Is your ISP Hijacking your DNS Traffic?
https://labs.ripe.net/Members/babak_farrokhi/is-your-isp-hijacking-your-dns-traffic?pk_campaign=labs&pk_kwd=list-dnswg
Kind regards,
Mirjam Kuehne
RIPE NCC
s, he started to think of a
solution to figure out whether such practice is widespread in other
areas of the world.
https://labs.ripe.net/Members/babak_farrokhi/operator-level-dns-redirection?pk_campaign=labs&pk_kwd=list-dnswg
Kind regards,
Mirjam Kuehne
RIPE Labs
Dear colleagues,
Please find this new article on DNS privacy by Geoff Huston on RIPE Labs:
https://labs.ripe.net/Members/gih/dns-privacy
Kind regards,
Mirjam Kuehne
RIPE NCC
Dear colleagues,
Please find this new article by Geoff Huston on RIPE Labs. In this
article Geoff evaluates if the elliptical curve cryptographic algorithm
(ECDSA) is a viable crypto algorithm for use in DNSSEC today.
https://labs.ripe.net/Members/gih/dnssec-and-ecdsa
Kind regards,
Mirjam
toric has faded and, possibly surprisingly, it has
been replaced by action in some notable parts of the Internet. But how
do we know there is action? How can we tell whether, and where, IPv6 is
being deployed in today’s Internet?"
Kind regards,
Mirjam Kuehne
RIPE NCC
/massimo_candela/a-quick-look-at-the-attack-on-dyn
Kind regards,
Mirjam Kuehne
RIPE NCC
Dear colleagues,
Please find this new article on RIPE Labs submitted by Geoff Huston:
Speculating on DNS DDoS:
https://labs.ripe.net/Members/gih/speculating-on-dns-ddos
Kind regards,
Mirjam Kuehne
RIPE NCC
ystem, Part 2 – A Sixth Star?
https://labs.ripe.net/Members/gih/scoring-the-dns-root-server-system-part-2-2013-a-sixth-star
Kind regards,
Mirjam Kuehne
RIPE NCC
Hi,
Sorry about the error in the subject line. Of course that meant to say:
"New on RIPE Labs: Scoring the DNS Root Server System"
(not enough coffee ;-)).
Kind Regards,
Mirjam Kuehne
RIPE NCC
Forwarded Message
Subject: New on RIPE Labs: Scoring the DNS Route Ser
Dear colleagues,
Please find this new article on RIPE Labs in which we shed some light on
the operational policies of K-root to clarify possible misunderstandings
about how it is operated.
https://labs.ripe.net/Members/emileaben/dns-root-server-transparency
Kind regards,
Mirjam Kuehne
RIPE NCC
Dear colleagues,
Two new DNS measurements, both designed to assess the impact of issues
with one or more root name servers, have been added to every RIPE Atlas
probe. Please find more details on RIPE Labs:
https://labs.ripe.net/Members/chris_amin/new-ripe-atlas-root-zone-dns-measurements
Kind r
Dear colleagues,
On Thursday 16 March 2017, a bug in a script caused an outage for some
reverse DNS delegations registered in the RIPE Database. The effects of
the bug were not immediate, but began a cascading failure, that
persisted until Friday 17 March.
In this RIPE Labs article, you will find
Dear colleagues,
The B-root operators have announced that they would enable IP anycast on
1 May 2017. In this new article Giovane Moura shows how that change has
been perceived by the RIPE Atlas probes, and if there were any transient
effects of this change:
https://labs.ripe.net/Members/giovane
Dear colleagues,
In case you missed this on the APNIC blog, please find this guest post
by Matt Larson on RIPE Labs: Do You Have DNSSEC Validation Enabled?
https://labs.ripe.net/Members/mirjam/do-you-have-dnssec-validation-enabled
Kind regards,
Mirjam Kuhne
RIPE NCC
Dear colleagues,
Please find this new article by Sofía Silva Berenguer on RIPE Labs:
Investigating the Status of Reverse DNS
This is based on a project Sofía did together with two colleagues from
the RIPE NCC during the recent DNS Measurements Hackathon in Amsterdam.
https://labs.ripe.net/Membe
Dear colleagues,
Please read this new article by Luuk Hendriks on how to find open DNS
resolvers on IPv6:
https://labs.ripe.net/Members/luuk_hendriks/finding-open-dns-resolvers-on-ipv6
Kind regards,
Mirjam Kühne
RIPE NCC
Dear colleagues,
By analysing how resolvers select authoritative name servers in the
wild, Moritz Müller of SIDN investigated how DNS operators are able to
reduce DNS response times. Please read the article on RIPE Labs:
https://labs.ripe.net/Members/moritz_muller/recursives-in-the-wild-engineeri
Dear colleagues,
On RIPE Labs Roland van Rijswijk of SURFnet describes the DNSSEC root
key rollover, why you should care about it and how you can test your
resolvers:
https://labs.ripe.net/Members/roland_van_rijswijk/a-virtual-canary-in-the-coalmine-for-the-dnssec-root-key-rollover
Kind regards,
Dear colleagues,
Please find this new article by Geoff Huston on RIPE Labs:
Dealing with IPv6 Fragmentation in the DNS
https://labs.ripe.net/Members/gih/dealing-with-ipv6-fragmentation-in-the-dns
Kind regards,
Mirjam Kuhne
RIPE NCC
Dear colleagues,
Please find part 2 of Geoff Huston's IPv6 Fragmentation measurements on
RIPE Labs:
Dealing with IPv6 Fragmentation in the DNS - Part 2
https://labs.ripe.net/Members/gih/dealing-with-ipv6-fragmentation-in-the-dns-part-2
Kind regards,
Mirjam Kuhne
RIPE NCC
Dear colleagues,
DNSSEC signing solutions and products have evolved greatly since we
first began signing our zones. We are now exploring ways of doing it
better and smarter.
Please read about our plans on RIPE Labs:
https://labs.ripe.net/Members/anandb/the-future-of-dnssec-at-the-ripe-ncc
Anand
Dear colleagues,
Please find this new article on RIPE Labs, contributed by Santiago Ruano
Rincon, one of the RACI fellows from RIPE 74:
A Software-based Approach to Identify Heavy Hitters in DNS Traffic
This article presents a software-based prototype able to estimate the
most queried domain nam
Dear colleagues,
We are working on an experiment to see if we can increase the capacity
and resiliency of the RIPE NCC's authoritative DNS service (AS197000).
This service hosts all the reverse DNS zones, ripe.net and provides
secondary service for various ccTLDs.
Please find more details on RIPE
Dear colleagues,
Here is a summary of a research paper written by Wes Hardaker, Wouter de
Vries and Ricardo Schmidt:
Verfploeter: Broad and Load-aware Anycast Mapping
IP anycast provides DNS operators and CDNs with automatic fail-over and
reduced latency by breaking the Internet into catchments,
Dear colleagues,
Please find this new article by Giovane Moura on RIPE Labs:
DNS TTL Violations in the Wild - Measured with RIPE Atlas
https://labs.ripe.net/Members/giovane_moura/dns-ttl-violations-in-the-wild-with-ripe-atlas-2
Kind regards,
Mirjam Kuhne
RIPE NCC
Dear colleagues,
Please find a new article by Ben Cartwright-Cox on RIPE Labs:
Traceroute Haikus
https://labs.ripe.net/Members/ben_cox/traceroute-haikus
Kind regards,
Mirjam Kühne
RIPE NCC
Dear colleagues,
In this new article on RIPE Labs Benno Overeinder describes a number of
initiatives that can help users to ensure proper authentication and
encryption of DNS data:
https://labs.ripe.net/Members/benno_overeinder/bringing-dns-security-and-privacy-to-the-end-user
Kind regards,
Mir
Dear colleagues,
Please read this new article by Ralph Dolmans from NLnet Labs. In this
article Ralph describes a flaw that made it possible to downgrade secure
connections and how it got fixed:
https://labs.ripe.net/Members/ralph_dolmans/the-peculiar-case-of-nsec-processing-using-expanded-wildc
Dear colleagues,
At the recent IETF 101 hackathon, Matthijs Mekking and Shane Kerr worked
on a project to reduce the size of incremental zone transfers (IXFRs).
Read more on RIPE Labs:
https://labs.ripe.net/Members/matthijs_mekking/making-ixfr-small-again
Kind regards,
Mirjam Kühne
RIPE NCC
Dear colleagues,
In this interesting article on RIPE Labs Rene Bakker explains how
economic decisions influence the adoption of DNSSEC:
Bang for the Buck: the Adoption of DNSSEC and Return on Investment
https://labs.ripe.net/Members/rene_bakker/bang-for-the-buck-the-adoption-of-dnssec-and-return
Dear colleagues,
Please find this new article by Scott Helme on RIPE Labs in which he
describes how he is securing the DNS across all of his devices with
Pi-Hole + DNS-over-HTTPS + 1.1.1.1:
https://labs.ripe.net/Members/scott_helme/securing-dns-across-all-of-my-devices
Kind regards,
Mirjam Kühne
Dear colleagues,
Please read this new article by Bert Hubert on RIPE Labs where he
introduces the Teachable Authoritative DNS Server (tdns):
https://labs.ripe.net/Members/bert_hubert/introducing-tdns-the-teachable-authoritative-dns-server/view#1524226239681019
Kind regards,
Mirjam Kühne
RIPE NCC
Dear colleagues,
Please read this new article by Giovane Moura on RIPE Labs:
Dissecting DNS Defenses During DDoS Attacks
https://labs.ripe.net/Members/giovane_moura/dissecting-dns-defenses-during-ddos-attacks
Kind regards,
Mirjam Kühne
RIPE NCC
Dear colleagues,
Please red this interesting article by Geoff Huston in which he
discusses the uncertainties of measuring the DNS and what this means for
the roll of the Key Signing Key (KSK) of the Root Zone:
https://labs.ripe.net/Members/gih/the-uncertainty-of-measuring-the-dns
Kind regards,
M
Dear colleagues,
Please read this new article by Wouter de Vries on RIPE Labs:
Passive Observations of Large DNS Service
https://labs.ripe.net/Members/wouter_de_vries/passive-observations-of-large-dns-service
Kind regards,
Mirjam Kuhne
RIPE NCC
Dear colleagues,
In this new RIPE Labs article we describe the evaluation and selection
of a new DNSSEC signer solution, along with a plan of how we intend to
perform the migration:
https://labs.ripe.net/Members/anandb/dnssec-signer-migration
Kind regards,
Mirjam Kühne
RIPE NCC
Dear colleagues,
Please read this new RIPE Labs article by Baptiste Jonglez:
Persistent DNS Connections for Reliability and Performance
https://labs.ripe.net/Members/baptiste_jonglez_1/persistent-dns-connections-for-reliability-and-performance
Kind regards,
Mirjam Kühne
RIPE NCC
Dear colleagues,
Please find this new article on RIPE Labs by Petr Spacek:
How to Survive Scheduled DNS Maintenance
https://labs.ripe.net/Members/petr_spacek/how-to-survive-scheduled-dns-maintenance
Kind regards,
Mirjam Kühne
RIPE NCC
Dear colleagues,
Please read on RIPE Labs how Geoff Huston and the APNIC Labs measured
the readiness of the Internet for the KSK roll:
https://labs.ripe.net/Members/gih/measuring-the-ksk-roll
Kind regards,
Mirjam Kühne
RIPE NCC
Dear colleagues,
Please read this new article on RIPE Labs where Geoff Huston explains
DNS over HTTPS - DOH!
https://labs.ripe.net/Members/gih/doh-dns-over-https-explained
Kind regards,
Mirjam Kühne
RIPE NCC
Dear colleagues,
At RIPE 77, Sara Dickinson talked about what’s been going on with DNS
over the past five years from the perspective of end devices. Now in
article form, here's what Sara had to say about the status of the IETF
standards for DNS over TLS (DoT) and DNS over HTTPS (DoH) as well as th
Dear colleagues,
Using zone files for managing the Domain Name System (DNS) zone data is
the most basic and flexible way to manage the authoritative DNS data. In
this post on RIPE Labs, Ondřej Caletka describes how the Git version
control system can be used to store zone file history and protect
a
Dear colleagues,
DNS queries can contain a lot of sensitive information about Internet
users. Query name minimisation (qmin) limits the information revealed to
what is actually necessary for a DNS name server to answer the query.
Woute de Vries, Moritz Mueller and others did a study on qmin deplo
Dear colleagues,
The ISOC African regional bureau has been organising hackathons at the
last three editions of the Africa Internet Summit. This year there was a
track on "Measuring DNS and DoH". Here is a report on the event and it's
outcomes:
https://labs.ripe.net/Members/willem_toorop/hackathon
Dear colleagues,
In the lead up to DNS Flag Day on 1 February 2019, the focus for
measurements has been the authoritative nameservers that needed to be
fixed. In this article, Willem Toorop, Mortiz Müller and Taejoong Chung
look at resolvers and resolver implementations — what was resolver
behavio
Dear colleagues,
There is no consensus on how to choose DNS time-to-live (TTL) values for
domain names. Yet, TTLs are incredibly important, given that they
indirectly control how long resolvers cache records, directly
influencing user experience.
Read more in this new article by Giovane Moura on
Dear colleagues,
Bert Hubert wrote an interesting article about centralised DNS over
HTTPS (DoH) and why it is bad for privacy:
https://labs.ripe.net/Members/bert_hubert/centralised-doh-is-bad-for-privacy-in-2019-and-beyond
Kind regards,
Mirjam Kühne
RIPE NCC
Dear colleagues,
For those of you who missed Austin Hounsel's presentation at RIPE 79,
here is his article on RIPE Labs:
Analysing the Costs (and Benefits) of DNS, DoT, and DoH for the Modern Web
https://labs.ripe.net/Members/austin_hounsel/analysing-the-costs-and-benefits-of-dns-dot-and-doh-for
Dear colleagues,
In this article, Giovane Moura and Thymen Wabeke describe how they
detected and took down a large number of fraudulent web sites using
tools developed by SIDN Labs:
https://labs.ripe.net/Members/giovane_moura/detecting-and-taking-down-fraudulent-webshops-at-a-cctld
Kind regards,
Dear colleagues,
How a virus can impact the carefully formulated plans that were made for
signing the DNS root zone:
The Best Laid Plans… (by João Luis Silva Damas) on RIPE Labs:
https://labs.ripe.net/Members/joao_luis_silva_damas/the-best-laid-plans
Kind regards,
Mirjam Kühne
RIPE NCC
Dear colleagues,
DNS operators have very few intelligent real-time tools that enable them
to monitor their anycast services, for instance during a DDoS attack.
In this post, Joao M. Ceron, Network Security Research Engineer at SIDN
Labs, describes the challenges associated with measuring anycast
Dear colleagues,
This article by Petr Špaček of CZ.NIC describes a newly discovered DNS
protocol vulnerability that affects all recursive DNS resolvers.
NXNSAttack allows the execution of random subdomain attacks using the
DNS delegation mechanism, resulting in a big packet amplification factor.
Dear colleagues,
Kim Davies, President of PTI and Vice President of IANA Services for
ICANN describes recent and new challenges when managing the DNS trust
anchor:
https://labs.ripe.net/Members/mirjam/managing-the-trust-anchor-of-the-dns-against-adversity
This article is an updated version of a
Dear colleagues,
Please see this interesting article by João Damas on RIPE Labs:
https://labs.ripe.net/Members/joao_luis_silva_damas/what-can-the-dns-tell-us-about-the-effect-of-working-from-home-on-the-internet
Kind regards,
Mirjam Kühne
RIPE NCC
Dear colleagues,
Please see below. This might also be interesting to the DNS WG.
Kind regards,
Mirjam
Forwarded Message
Subject:[cooperation-wg] Update on NIS 2: Proposed amendments by the
Parliament alter scope on (root) DNS
Date: Fri, 7 May 2021 12:12:06 +0200
From
70 matches
Mail list logo
