The Ask Mr. DNS Podcast

Follow The Ask Mr. DNS Podcast
Share on
Copy link to clipboard

Everything you ever wanted to know about DNS. And other things.


    • Jan 17, 2022 LATEST EPISODE
    • infrequent NEW EPISODES
    • 34m AVG DURATION
    • 62 EPISODES


    Search for episodes from The Ask Mr. DNS Podcast with a specific topic:

    Latest episodes from The Ask Mr. DNS Podcast

    Bumping the feed…

    Play Episode Listen Later Jan 17, 2022


    To make good on a new year's resolution, Mr. DNS recently put on his system administrator hat and upgraded his creaky WordPress installation. (Why does Mr. DNS insist on running his own WordPress installation rather than putting it in the new-fangled cloud that's so popular these days? Well, Mr. DNS is a creature of habit […]

    Episode 63

    Play Episode Listen Later Nov 7, 2021 47:45


    In this episode, Matt and Cricket are joined by Professor Casey Deccio, of DNSViz and now Brigham Young University fame. (Matt is embarrassed and sorry that he misremembered and called Casey's magnum opus “DNSSECViz” by mistake.) They tackle a listener's question about a recent “DNS outage,” examining the causes of both Facebook's and Slack's failures and how they might […]

    Episode 62

    Play Episode Listen Later May 30, 2021 41:57


    In this episode, Matt and Cricket are joined by Graeme Bunton, director of the newly formed DNS Abuse Institute.  Graeme describes his background and explains the mission of the institute and what they're working on.  And we finally (sort of) answer a long-suffering listener's question about producing a kind of “Compleat DNS Specifications RFC” and […]

    Episode 61

    Play Episode Listen Later May 14, 2020 44:51


    In this episode, Matt and Cricket are joined by Kim Davies of ICANN and PTI (you'll have to tune in to find out what that stands for).  Kim edifies us on key ceremonies and the Herculean efforts required to keep a key ceremony secure and transparent during what Matt referred to as a “global pandemic,” […]

    Episode 60

    Play Episode Listen Later Mar 9, 2020 40:03


    We're back with special guest Joe Abley, CTO of PIR, the registry for .ORG. We talk DNSSEC, research ideas, and more. Sadly, the mail bag was empty, but we still found more to talk about: DNS Flag Day 2020 is proposed to reduce fragmentation of DNS messages sent over UDP. Then Admiral Picard made an […]

    Episode 59

    Play Episode Listen Later Jan 2, 2020 26:45


    In this episode, Matt and Cricket are joined by Cricket's recent co-author, John Belamaric, to discuss CoreDNS, a DNS server built to act as a service discovery engine in containerized environments, particularly those managed by the ubiquitous Kubernetes.  They also answer a question from Shane Kerr about why certain RR types insist on using canonical […]

    Episode 58

    Play Episode Listen Later Jun 15, 2019 49:49


    Another year brings another Inside Baseball event, where an ad hoc group of DNS industry insiders get together for a day to talk about current issues and then go to a baseball game (really). So many DNS-knowledgeable folks in one place had the makings of a great podcast episode, so we got out the recording […]

    Episode 57

    Play Episode Listen Later Feb 10, 2019 26:51


    …in which Matt and Cricket, in a cunning bit of Tom Sawyering, take Rob Fleischman's question about how recursive DNS servers handle TTLs of zero, and induce Rob to both a) join the podcast as a guest and 2) paint their fence by doing all the legwork to find the answer.  In the inevitable light […]

    Episode 56

    Play Episode Listen Later Jan 21, 2019 30:58


    We're back with an emergency episode published just in time to inform your frantic preparations for DNS Flag Day on 1 February 2019. We're delighted to welcome another special guest, Petr Špaček from CZ.NIC, to fill us in and let us know if we should stockpile food for an impending Internet collapse and the ensuing end […]

    Episode 55

    Play Episode Listen Later Dec 20, 2018 43:43


    We're back after our longest hiatus yet. Alas, the mail bag was empty, so instead we invited special guest Paul Hoffman to talk about DNS over HTTPS (DoH), which has generated some buzz in the DNS community (to the extent that anything can generate buzz in the DNS community). We end with our usual pop […]

    Episode 53

    Play Episode Listen Later Oct 21, 2017 14:16


    This isn't exactly an episode, but Matt and Cricket recently recorded a short promo for Infoblox's DNS Awareness Day campaign, and they decided to keep recording because Cricket wanted to hear about the recent DNSSEC Key Ceremony, in which Matt had served as the Ceremony Administrator.  So if you're curious about how new root keys […]

    Episode 52

    Play Episode Listen Later Oct 9, 2017 30:15


    In this episode, number 52 (cards in a deck! And just wait till we hit 53, which has special significance!), Matt and Cricket are joined by a pantheon of the gods of DNS.  However, since they neglected to ask any of the speakers to introduce themselves, you'll just have to guess, Band Aid “Do They […]

    Episode 51

    Play Episode Listen Later Feb 15, 2017 43:16


    In this episode, number 51, Matt and Cricket are joined by Kyle York and Joe Abley, respectively the Chief Strategy Officer and we-don't-know-what of Dyn.  Kyle and Joe ably (ha!) fill in some of the details on the DDoS attack against Dyn on October 21 of last year.  And Kyle brags about the Patriots “dynasty,” […]

    Episode 50

    Play Episode Listen Later Jan 24, 2017 50:24


    In this episode, the 50th–their golden episode!–Matt and Cricket are joined by Dan York of the Internet Society, who brings them up to date on DNSSEC adoption.  Then the trio answer questions from Matt's former colleague Rick Andrews about the use of underscores in domain names and from Ben Dash about how some companies get […]

    Episode 49

    Play Episode Listen Later Dec 11, 2016 38:48


    Cricket and Matt took advantage of being in the same place for once to record the podcast, though that doesn't stop us from forgetting which episode number we're actually recording.  We answer four questions on subjects relating to SPF, DNSSEC, /etc/host.conf and authoritative server selection by recursive name servers.  On that last topic, Matt refers […]

    Episode 48

    Play Episode Listen Later Oct 3, 2016 44:26


    In Episode 48, we are pleased to welcome Bert Hubert of PowerDNS fame to the show.  We reach into the mailbag to answer Nic Waller's question about measuring which names in a zone are actually queried, Jesus Cea asked about proving domain ownership to obtain a Let's Encrypt certificate (which caused us to do some […]

    Episode 47

    Play Episode Listen Later Sep 17, 2016 40:57


    In this episode, our 47th, we realize the mailbag is actually fuller than we thought, and work diligently to answer questions from a “long-term” Swedish listener about IPv6 reverse mapping, from Jeremy Laidman about BIND 9.11's new catalog zones feature, and from (the also likely Swedish) Håkan Lindqvist about the credibility of DNS data, particularly […]

    Episode 46

    Play Episode Listen Later Jul 6, 2016 36:17


    This episode, number 46, features a guest appearance from Roy Arends of ICANN, whom Matt, Roy's boss, swears wasn't forced to participate in our forsaken podcast after midnight Oxford time.  Roy's worked on Unbound, fpdns, DNSSEC, and Nominet's Turing product.  We answer questions from Jacob Evans about mismatched SOA records and name server support for […]

    Episode 45

    Play Episode Listen Later Mar 14, 2016 26:14


    We're back again, scraping the bottom of the mailbag for questions.  Erik Radde helped us out with a question on the interaction of wildcards and the search list, and Lenny Tropiano tweeted a question at Mr. DNS about Dyn's support for a feature that provides CNAME-like semantics at a zone apex.  Along the way there […]

    Episode 44

    Play Episode Listen Later Feb 1, 2016 38:16


    Well, we said we'd try to keep to a monthly schedule, and we arguably just made it!  This episode, number 44, features a special guest:  Andrew Sullivan, Matt's colleague at Dyn and Chair of the Internet Architecture Board.  Now, if we'd planned ahead and let you know Andrew was going to be on the show, […]

    Episode 43

    Play Episode Listen Later Dec 28, 2015 36:44


    In this, our holiday episode, we're joined by returning special guest, Duane Wessels, who discusses a recent event involving the root name servers and a lot of obviously spoofed traffic, as well as his ongoing work in the IETF around DNS privacy.  We reach into the mail bag and find a question from our friend, […]

    Episode 42

    Play Episode Listen Later Nov 22, 2015 34:04


    In Episode 42, we discuss the meaning of life, the universe and everything with a very special guest, @dnsreactions, creator of the hit DNS Reactions Tumblr.  “DR”, as we call him or her (or it?), prefers to stay anonymous, so we have obscured his/her/its voice using the magic of technology.  Our long-suffering listeners submitted questions […]

    Episode 41

    Play Episode Listen Later Oct 30, 2015 39:33


    Welcome to our special Halloween episode!  Okay, not really, but we are recording in late October…  This time we answer a record-breaking three questions from the same listener, Grant Taylor, who single-handedly supplied the material for all our tangents in this show.  We remind everyone of the dangers of cache poisoning in a discussion about […]

    Episode 40

    Play Episode Listen Later Sep 15, 2015 22:53


    In this 40th episode–a milestone!–Matt and Cricket answer long-suffering listener Grant Taylor's question about sorting replies by type and wander into the Land of Happy Eyeballs, then explore an answer Joe Abley received from Mark Andrews of ISC.  Meanwhile, a discussion of the term G-job causes Matt to recount accidentally insulting a group of public […]

    Episode 39

    Play Episode Listen Later Jun 10, 2015 35:34


    In this star-studded episode, Matt and Cricket take advantage of a meeting of the DNS Cabal–that is, the annual “Inside Baseball” event–to answer Donald Rudder's question about whether synthesizing NXDOMAIN responses to avoid random subdomain attacks would work with NSEC3 as well as NSEC records.  This is followed by a wildly entertaining (by DNS standards, […]

    Episode 38

    Play Episode Listen Later May 31, 2015 32:02


    In this episode, long-time (and likely now sole) listener Yiorgos Adamopoulos asks about the the process of signing the root zone, which Mr. DNS has some experience with.  Matt also recaps some of the goings-on at the latest DNS-OARC meeting in Amsterdam, omitting that which must stay in Amsterdam, but revealing some lapses from his […]

    Episode 37

    Play Episode Listen Later Nov 9, 2014 26:21


    Episode 37 of the Ask Mr. DNS Podcast is here!

    Episode 36

    Play Episode Listen Later May 15, 2014 24:07


    In this episode, Matt and Cricket respond to Tommi Nikkilä's followup to his original question about the legality of multiple CNAME records in a DNS answer, and then react to (to claim they “answer” it is a reach) dedicated listener Yiorgos Adamopoulos's question about registering domain names with underscores in them.  On the way, Matt […]

    Episode 35

    Play Episode Listen Later Feb 13, 2014 28:16


    In this episode, Matt and Cricket wonder aloud whether they've lost their domestic audience, but then rally to answer questions from their remaining international listeners:  Evaggelos Balaskas's question about SRV records, Joe's questions about resolver and name server fallback to TCP, and Tommi Nikkilä's question about multiple CNAME records attached to the same domain name.  And, […]

    Episode 34

    Play Episode Listen Later Oct 3, 2013 20:41


    In this episode, Matt and Cricket answer Harry Stein's question about a DNSstuff search that turned up suspected cache poisoning, and Kirk Davis's question about Google's (somewhat crazy) recommendations on how to force the use their non-SSL-based services.

    Episode 33

    Play Episode Listen Later Jul 16, 2013 35:00


    Here, at long last, is Episode 33, in which Matt announces a “Development with a capital D” (and a lowercase “yn”), and Matt and Cricket answer questions from Jason Weber about how to deal with web hosting and a hosted DNS zone; from Chuck Nelis about split DNS; from Michael Simoni about the (waning?) need […]

    Episode 32

    Play Episode Listen Later Mar 5, 2013 30:46


    In this episode, Matt and Cricket answer questions (some posed on Twitter – please welcome Mr. DNS to the 21st Century) from ErrataRob about Verisign's DNS infrastructure, from devoted listener Yiorgos Adamopoulos on the value of DNS certifications, and from Frederic Cambus about zone file access programs.  And you'll hear some of Matt's and Cricket's […]

    Episode 31

    Play Episode Listen Later Jan 8, 2013 32:24


    In this, their inaugural episode for 2013, Cricket and Matt answer a question from the mysterious “Joe” (if that is his real name) about the differences between BIND's stub zone and conditional forwarding features, prompting some reminiscing about the good old days of BIND 8.  This episode is the third in which we tackle questions […]

    Episode 30

    Play Episode Listen Later Dec 18, 2012


    In this latest episode of our evidently-now-quarterly podcast, Matt and Cricket answer Donald Rudder's question about how common the A6 record is and its effect on DNSSEC. Then they discuss the upcoming change of d.root-servers.net's IPv4 address and the implications of that change. And despite having only one question to answer, they manage to take up the usual 30 minutes!

    Episode 29

    Play Episode Listen Later Sep 16, 2012


    In this episode, Matt and Cricket finally throw in the towel and give up on promising podcasts on any regular schedule. But they do manage to clear Mr. DNS's mailbag, answering questions from Ismael Lezcano about the availability of good programming APIs for working with DNS and why BIND doesn't have a good mechanism for creating and deleting zones dynamically; and from William Brown about how to induce major registrars to support DNSSEC.

    Episode 28

    Play Episode Listen Later Jun 9, 2012


    In this (much delayed) episode, Matt and Cricket discuss the folly of trying to hew to a podcast-publishing schedule, and answer (or avoid) questions from Sevan Janiyan and Yiorgos Adamopoulos on what operating systems and software the root name servers run; from Kent Shuey on why a device that implements only part of the DNS specs seems to work okay on his network; and from Todd Larsen (apparently of Danish descent) on where he can go to meet like-minded souls discussing current issues with DNS and DNSSEC (God help him) and whether DANE's TLSA record can coexist with a CNAME record.

    Episode 27

    Play Episode Listen Later Feb 24, 2012


    In this episode, Matt and Cricket answer Alan Frabutt's question about the existence of recursive name servers that don't honor TTLs - the "yeti" of recursive name servers - and Joe Conlin's question about the right way to deal with abuse of your name server, and try to assist Louis Sterchi in his quest to learn more about DNS, registries and registrars. And this last leads them on a trip down the Internet's memory lane, reminiscing about the old days of DNS, before registries and registrars, back when subdomains of com, net and org were free.

    Episode 26

    Play Episode Listen Later Dec 30, 2011


    In this (recorded-just-before) Christmas episode, Matt and Cricket discuss the occupational hazards of church organists during the holidays, and then answer Ed Horley's question about DNS64's effect on DNSSEC, David Dunleap's question about a special DNS setup that might be due to the use of load balancing, and Victor Tran's question about whether he needs to sign all of his name server's zones at once. In the mean time, they reminisce over ancient and obscure methods of compressing and encoding files, and both react with dismay to the memory of driving in Cambridge, Massachusetts.

    Episode 25

    Play Episode Listen Later Oct 28, 2011


    In this episode, Matt and Cricket attempt to answer all nine of Jorge Fábregas's "couple of questions" in a lightning round. Then they swap war stories about all the travel they've been doing and have yet to do (implicitly offering excuses for the long gap between episodes), and finally - and inevitably - discuss Neal Stephenson's new book, REAMDE.

    Episode 24

    Play Episode Listen Later Aug 29, 2011


    In this episode, Matt (having dodged Hurricane Irene) and Cricket (having recently returned from South America) grovel and scrape after a nearly-three-month hiatus, then answer questions from Jorge Fábregas about whether to allow ICMP to authoritative name servers; from Donnie Carvajal about how to resolve a private, internal domain name; and from Leo Vandewoestijne about mismatched NS RRsets.

    Episode 23

    Play Episode Listen Later Jun 5, 2011


    In this star-studded episode, taped at Dyn Inc.'s second annual "Inside Baseball" event, Matt and Cricket are joined by a "who's who" of DNS luminaries. They answer questions from Bob Harold (who previously received a tee shirt and does not want another) about whether CNAME records terminate a subtree of the namespace, from Warren Kumari about why a domain name that owns a CNAME record can't own any other record types, from Wayne Ketterer about how to set up DNS so that a given domain name maps to one address internally and another externally, and from Canadian Todd about whether adding glue AAAA records is a good idea. Then the collected luminaries toss a few "stump the chump"-style questions at Matt and Cricket - a little like shooting fish in a barrel. Tune in to see how well they fare.

    Episode 22

    Play Episode Listen Later Apr 20, 2011


    After a respite carefully timed to avoid the Ides of March, Matt and Cricket answer Brian Mazzocco's question about the meaning of strange, possibly European symbols in zone data files; address John Shin's question about how validating, recursive name servers handle aliases from signed zones to unsigned zones; and assess Gavin Brown's suggestion for automatically bootstrapping DS records from a signed child zone into its parent.

    Episode 21

    Play Episode Listen Later Feb 19, 2011


    In this mercifully digression-free episode - perhaps not coincidentally taped in-person in Cricket's office in Santa Clara - Matt and Cricket answer Josh Baverstock's umpteenth question, this one about storing certificates in DNS, as well as Dirck Copeland's and Bob Harold's related questions about bad delegations.

    Episode 20

    Play Episode Listen Later Jan 17, 2011


    In this episode, Matt and Cricket answer Dana S's question (submitted from Kurdistan!) about the wisdom (or folly) of implementing an OpenDNS-like system using multiple views, as well as Alex Wilkinson's questions about what all those SRV records that Domain Controllers register are for and whether BIND name servers can serve them, and which tools they recommend for troubleshooting DNS problems. Along the way, they plug several web-based troubleshooting tools, including VeriSign's http://www.dnssec-debugger.com/, Casey Deccio's http://www.dnsviz.net/ and Infoblox's http://www.dnsadvisor.com/.

    Episode 19

    Play Episode Listen Later Oct 29, 2010


    In this episode, Matt and Cricket beseech their legion of listeners to submit more questions, then turn Jeremy Laidman's question about conditionally forwarding a subzone into an exhaustive (and somewhat exhausting) discussion of the history of BIND and conditional forwarding, and how to use conditional forwarding to build robust name resolution architectures. Then they address Jesus Cea's question about how to goad his provider of secondary name service into supporting DNSSEC.

    Episode 18

    Play Episode Listen Later Aug 31, 2010


    In this podcast, Matt and Cricket answer Leen Besselink's question about the viability of Dan Kaminsky's proposed use of a clever DNSCurve concept in DNSSEC, and Matt offers his high opinion of the Dutch people (surely risking retribution by his Swedish countrymen). Then they turn to Josh Baverstock's question about why the LOC record failed to catch on, despite its obvious utility to cruise missiles with stub resolvers

    Episode 17

    Play Episode Listen Later Jul 13, 2010


    In this episode, Matt and Cricket reveal the first R-rated movies they saw and the circumstances in which they saw them. Oh, and they answer Rob Szarka's question about the maximum number of NS records a zone can contain and Matt's unnamed colleague's question about why we need intrazone NS records at all. Then Matt […]

    Episode 16

    Play Episode Listen Later May 21, 2010


    In this episode, for the first time ever, Matt and Cricket are joined by a dozen DNS dignitaries to answer a question from Alejandro Acosta about when to plug trust anchors into his name servers' configurations and begin validating, and Bob Lee's question about which tools to use to check his zone data and his name server's configuration.

    Episode 15

    Play Episode Listen Later Apr 29, 2010


    In this episode, Matt and Cricket reminisce about G jobs and the Good Old Days at pre-Carly HP, and answer Noe Nevarez's question about apparent timeouts in nslookup and Alan Shackelford's question about the effect of signing a parent zone on its subzones.  Then Matt plugs DNS-OARC in an act of contrition and proceeds to throw […]

    Episode 14

    Play Episode Listen Later Mar 25, 2010


    In this episode - returning after an unintentional hiatus - Matt and Cricket touch the third rail of DNS security, the DNSSEC versus DNScurve debate, by answering Yiorgos Adamopoulos's question. They also answer Shane Wegner's question about minimal responses, Matt brings Cricket up to date on progress in the effort to sign the root zone, and Matt describes a recent "brush with greatness."

    Episode 13

    Play Episode Listen Later Jan 18, 2010


    For the first time ever, Matt and Cricket have a guest host, Duane Wessels, recently of DNS-OARC and now at VeriSign. Matt, Duane and Cricket answer Christoph Kluenter's question about IPv6-only name servers, Rick Andrews's question about how software distinguishes IP addresses from domain names, and Rainer Duffner's question about whether Google is omniscient or just sneaky.

    Claim The Ask Mr. DNS Podcast

    In order to claim this podcast we'll send an email to with a verification link. Simply click the link and you will be able to edit tags, request a refresh, and other features to take control of your podcast page!

    Claim Cancel