Everything you ever wanted to know about DNS. And other things.
To make good on a new year's resolution, Mr. DNS recently put on his system administrator hat and upgraded his creaky WordPress installation. (Why does Mr. DNS insist on running his own WordPress installation rather than putting it in the new-fangled cloud that's so popular these days? Well, Mr. DNS is a creature of habit […]
In this episode, Matt and Cricket are joined by Professor Casey Deccio, of DNSViz and now Brigham Young University fame. (Matt is embarrassed and sorry that he misremembered and called Casey's magnum opus “DNSSECViz” by mistake.) They tackle a listener's question about a recent “DNS outage,” examining the causes of both Facebook's and Slack's failures and how they might […]
In this episode, Matt and Cricket are joined by Graeme Bunton, director of the newly formed DNS Abuse Institute. Graeme describes his background and explains the mission of the institute and what they're working on. And we finally (sort of) answer a long-suffering listener's question about producing a kind of “Compleat DNS Specifications RFC” and […]
In this episode, Matt and Cricket are joined by Kim Davies of ICANN and PTI (you'll have to tune in to find out what that stands for). Kim edifies us on key ceremonies and the Herculean efforts required to keep a key ceremony secure and transparent during what Matt referred to as a “global pandemic,” […]
We're back with special guest Joe Abley, CTO of PIR, the registry for .ORG. We talk DNSSEC, research ideas, and more. Sadly, the mail bag was empty, but we still found more to talk about: DNS Flag Day 2020 is proposed to reduce fragmentation of DNS messages sent over UDP. Then Admiral Picard made an […]
In this episode, Matt and Cricket are joined by Cricket's recent co-author, John Belamaric, to discuss CoreDNS, a DNS server built to act as a service discovery engine in containerized environments, particularly those managed by the ubiquitous Kubernetes. They also answer a question from Shane Kerr about why certain RR types insist on using canonical […]
Another year brings another Inside Baseball event, where an ad hoc group of DNS industry insiders get together for a day to talk about current issues and then go to a baseball game (really). So many DNS-knowledgeable folks in one place had the makings of a great podcast episode, so we got out the recording […]
…in which Matt and Cricket, in a cunning bit of Tom Sawyering, take Rob Fleischman's question about how recursive DNS servers handle TTLs of zero, and induce Rob to both a) join the podcast as a guest and 2) paint their fence by doing all the legwork to find the answer. In the inevitable light […]
We're back with an emergency episode published just in time to inform your frantic preparations for DNS Flag Day on 1 February 2019. We're delighted to welcome another special guest, Petr Špaček from CZ.NIC, to fill us in and let us know if we should stockpile food for an impending Internet collapse and the ensuing end […]
We're back after our longest hiatus yet. Alas, the mail bag was empty, so instead we invited special guest Paul Hoffman to talk about DNS over HTTPS (DoH), which has generated some buzz in the DNS community (to the extent that anything can generate buzz in the DNS community). We end with our usual pop […]
This isn't exactly an episode, but Matt and Cricket recently recorded a short promo for Infoblox's DNS Awareness Day campaign, and they decided to keep recording because Cricket wanted to hear about the recent DNSSEC Key Ceremony, in which Matt had served as the Ceremony Administrator. So if you're curious about how new root keys […]
In this episode, number 52 (cards in a deck! And just wait till we hit 53, which has special significance!), Matt and Cricket are joined by a pantheon of the gods of DNS. However, since they neglected to ask any of the speakers to introduce themselves, you'll just have to guess, Band Aid “Do They […]
In this episode, number 51, Matt and Cricket are joined by Kyle York and Joe Abley, respectively the Chief Strategy Officer and we-don't-know-what of Dyn. Kyle and Joe ably (ha!) fill in some of the details on the DDoS attack against Dyn on October 21 of last year. And Kyle brags about the Patriots “dynasty,” […]
In this episode, the 50th–their golden episode!–Matt and Cricket are joined by Dan York of the Internet Society, who brings them up to date on DNSSEC adoption. Then the trio answer questions from Matt's former colleague Rick Andrews about the use of underscores in domain names and from Ben Dash about how some companies get […]
Cricket and Matt took advantage of being in the same place for once to record the podcast, though that doesn't stop us from forgetting which episode number we're actually recording. We answer four questions on subjects relating to SPF, DNSSEC, /etc/host.conf and authoritative server selection by recursive name servers. On that last topic, Matt refers […]
In Episode 48, we are pleased to welcome Bert Hubert of PowerDNS fame to the show. We reach into the mailbag to answer Nic Waller's question about measuring which names in a zone are actually queried, Jesus Cea asked about proving domain ownership to obtain a Let's Encrypt certificate (which caused us to do some […]
In this episode, our 47th, we realize the mailbag is actually fuller than we thought, and work diligently to answer questions from a “long-term” Swedish listener about IPv6 reverse mapping, from Jeremy Laidman about BIND 9.11's new catalog zones feature, and from (the also likely Swedish) Håkan Lindqvist about the credibility of DNS data, particularly […]
This episode, number 46, features a guest appearance from Roy Arends of ICANN, whom Matt, Roy's boss, swears wasn't forced to participate in our forsaken podcast after midnight Oxford time. Roy's worked on Unbound, fpdns, DNSSEC, and Nominet's Turing product. We answer questions from Jacob Evans about mismatched SOA records and name server support for […]
We're back again, scraping the bottom of the mailbag for questions. Erik Radde helped us out with a question on the interaction of wildcards and the search list, and Lenny Tropiano tweeted a question at Mr. DNS about Dyn's support for a feature that provides CNAME-like semantics at a zone apex. Along the way there […]
Well, we said we'd try to keep to a monthly schedule, and we arguably just made it! This episode, number 44, features a special guest: Andrew Sullivan, Matt's colleague at Dyn and Chair of the Internet Architecture Board. Now, if we'd planned ahead and let you know Andrew was going to be on the show, […]
In this, our holiday episode, we're joined by returning special guest, Duane Wessels, who discusses a recent event involving the root name servers and a lot of obviously spoofed traffic, as well as his ongoing work in the IETF around DNS privacy. We reach into the mail bag and find a question from our friend, […]
In Episode 42, we discuss the meaning of life, the universe and everything with a very special guest, @dnsreactions, creator of the hit DNS Reactions Tumblr. “DR”, as we call him or her (or it?), prefers to stay anonymous, so we have obscured his/her/its voice using the magic of technology. Our long-suffering listeners submitted questions […]
Welcome to our special Halloween episode! Okay, not really, but we are recording in late October… This time we answer a record-breaking three questions from the same listener, Grant Taylor, who single-handedly supplied the material for all our tangents in this show. We remind everyone of the dangers of cache poisoning in a discussion about […]
In this 40th episode–a milestone!–Matt and Cricket answer long-suffering listener Grant Taylor's question about sorting replies by type and wander into the Land of Happy Eyeballs, then explore an answer Joe Abley received from Mark Andrews of ISC. Meanwhile, a discussion of the term G-job causes Matt to recount accidentally insulting a group of public […]
In this star-studded episode, Matt and Cricket take advantage of a meeting of the DNS Cabal–that is, the annual “Inside Baseball” event–to answer Donald Rudder's question about whether synthesizing NXDOMAIN responses to avoid random subdomain attacks would work with NSEC3 as well as NSEC records. This is followed by a wildly entertaining (by DNS standards, […]
In this episode, long-time (and likely now sole) listener Yiorgos Adamopoulos asks about the the process of signing the root zone, which Mr. DNS has some experience with. Matt also recaps some of the goings-on at the latest DNS-OARC meeting in Amsterdam, omitting that which must stay in Amsterdam, but revealing some lapses from his […]
In this episode, Matt and Cricket respond to Tommi Nikkilä's followup to his original question about the legality of multiple CNAME records in a DNS answer, and then react to (to claim they “answer” it is a reach) dedicated listener Yiorgos Adamopoulos's question about registering domain names with underscores in them. On the way, Matt […]
In this episode, Matt and Cricket wonder aloud whether they've lost their domestic audience, but then rally to answer questions from their remaining international listeners: Evaggelos Balaskas's question about SRV records, Joe's questions about resolver and name server fallback to TCP, and Tommi Nikkilä's question about multiple CNAME records attached to the same domain name. And, […]
In this episode, Matt and Cricket answer Harry Stein's question about a DNSstuff search that turned up suspected cache poisoning, and Kirk Davis's question about Google's (somewhat crazy) recommendations on how to force the use their non-SSL-based services.
Here, at long last, is Episode 33, in which Matt announces a “Development with a capital D” (and a lowercase “yn”), and Matt and Cricket answer questions from Jason Weber about how to deal with web hosting and a hosted DNS zone; from Chuck Nelis about split DNS; from Michael Simoni about the (waning?) need […]
In this episode, Matt and Cricket answer questions (some posed on Twitter – please welcome Mr. DNS to the 21st Century) from ErrataRob about Verisign's DNS infrastructure, from devoted listener Yiorgos Adamopoulos on the value of DNS certifications, and from Frederic Cambus about zone file access programs. And you'll hear some of Matt's and Cricket's […]
In this, their inaugural episode for 2013, Cricket and Matt answer a question from the mysterious “Joe” (if that is his real name) about the differences between BIND's stub zone and conditional forwarding features, prompting some reminiscing about the good old days of BIND 8. This episode is the third in which we tackle questions […]
In this latest episode of our evidently-now-quarterly podcast, Matt and Cricket answer Donald Rudder's question about how common the A6 record is and its effect on DNSSEC. Then they discuss the upcoming change of d.root-servers.net's IPv4 address and the implications of that change. And despite having only one question to answer, they manage to take up the usual 30 minutes!
In this episode, Matt and Cricket finally throw in the towel and give up on promising podcasts on any regular schedule. But they do manage to clear Mr. DNS's mailbag, answering questions from Ismael Lezcano about the availability of good programming APIs for working with DNS and why BIND doesn't have a good mechanism for creating and deleting zones dynamically; and from William Brown about how to induce major registrars to support DNSSEC.
In this (much delayed) episode, Matt and Cricket discuss the folly of trying to hew to a podcast-publishing schedule, and answer (or avoid) questions from Sevan Janiyan and Yiorgos Adamopoulos on what operating systems and software the root name servers run; from Kent Shuey on why a device that implements only part of the DNS specs seems to work okay on his network; and from Todd Larsen (apparently of Danish descent) on where he can go to meet like-minded souls discussing current issues with DNS and DNSSEC (God help him) and whether DANE's TLSA record can coexist with a CNAME record.
In this episode, Matt and Cricket answer Alan Frabutt's question about the existence of recursive name servers that don't honor TTLs - the "yeti" of recursive name servers - and Joe Conlin's question about the right way to deal with abuse of your name server, and try to assist Louis Sterchi in his quest to learn more about DNS, registries and registrars. And this last leads them on a trip down the Internet's memory lane, reminiscing about the old days of DNS, before registries and registrars, back when subdomains of com, net and org were free.
In this (recorded-just-before) Christmas episode, Matt and Cricket discuss the occupational hazards of church organists during the holidays, and then answer Ed Horley's question about DNS64's effect on DNSSEC, David Dunleap's question about a special DNS setup that might be due to the use of load balancing, and Victor Tran's question about whether he needs to sign all of his name server's zones at once. In the mean time, they reminisce over ancient and obscure methods of compressing and encoding files, and both react with dismay to the memory of driving in Cambridge, Massachusetts.
In this episode, Matt and Cricket attempt to answer all nine of Jorge Fábregas's "couple of questions" in a lightning round. Then they swap war stories about all the travel they've been doing and have yet to do (implicitly offering excuses for the long gap between episodes), and finally - and inevitably - discuss Neal Stephenson's new book, REAMDE.
In this episode, Matt (having dodged Hurricane Irene) and Cricket (having recently returned from South America) grovel and scrape after a nearly-three-month hiatus, then answer questions from Jorge Fábregas about whether to allow ICMP to authoritative name servers; from Donnie Carvajal about how to resolve a private, internal domain name; and from Leo Vandewoestijne about mismatched NS RRsets.
In this star-studded episode, taped at Dyn Inc.'s second annual "Inside Baseball" event, Matt and Cricket are joined by a "who's who" of DNS luminaries. They answer questions from Bob Harold (who previously received a tee shirt and does not want another) about whether CNAME records terminate a subtree of the namespace, from Warren Kumari about why a domain name that owns a CNAME record can't own any other record types, from Wayne Ketterer about how to set up DNS so that a given domain name maps to one address internally and another externally, and from Canadian Todd about whether adding glue AAAA records is a good idea. Then the collected luminaries toss a few "stump the chump"-style questions at Matt and Cricket - a little like shooting fish in a barrel. Tune in to see how well they fare.
After a respite carefully timed to avoid the Ides of March, Matt and Cricket answer Brian Mazzocco's question about the meaning of strange, possibly European symbols in zone data files; address John Shin's question about how validating, recursive name servers handle aliases from signed zones to unsigned zones; and assess Gavin Brown's suggestion for automatically bootstrapping DS records from a signed child zone into its parent.
In this mercifully digression-free episode - perhaps not coincidentally taped in-person in Cricket's office in Santa Clara - Matt and Cricket answer Josh Baverstock's umpteenth question, this one about storing certificates in DNS, as well as Dirck Copeland's and Bob Harold's related questions about bad delegations.
In this episode, Matt and Cricket answer Dana S's question (submitted from Kurdistan!) about the wisdom (or folly) of implementing an OpenDNS-like system using multiple views, as well as Alex Wilkinson's questions about what all those SRV records that Domain Controllers register are for and whether BIND name servers can serve them, and which tools they recommend for troubleshooting DNS problems. Along the way, they plug several web-based troubleshooting tools, including VeriSign's http://www.dnssec-debugger.com/, Casey Deccio's http://www.dnsviz.net/ and Infoblox's http://www.dnsadvisor.com/.
In this episode, Matt and Cricket beseech their legion of listeners to submit more questions, then turn Jeremy Laidman's question about conditionally forwarding a subzone into an exhaustive (and somewhat exhausting) discussion of the history of BIND and conditional forwarding, and how to use conditional forwarding to build robust name resolution architectures. Then they address Jesus Cea's question about how to goad his provider of secondary name service into supporting DNSSEC.
In this podcast, Matt and Cricket answer Leen Besselink's question about the viability of Dan Kaminsky's proposed use of a clever DNSCurve concept in DNSSEC, and Matt offers his high opinion of the Dutch people (surely risking retribution by his Swedish countrymen). Then they turn to Josh Baverstock's question about why the LOC record failed to catch on, despite its obvious utility to cruise missiles with stub resolvers
In this episode, Matt and Cricket reveal the first R-rated movies they saw and the circumstances in which they saw them. Oh, and they answer Rob Szarka's question about the maximum number of NS records a zone can contain and Matt's unnamed colleague's question about why we need intrazone NS records at all. Then Matt […]
In this episode, for the first time ever, Matt and Cricket are joined by a dozen DNS dignitaries to answer a question from Alejandro Acosta about when to plug trust anchors into his name servers' configurations and begin validating, and Bob Lee's question about which tools to use to check his zone data and his name server's configuration.
In this episode, Matt and Cricket reminisce about G jobs and the Good Old Days at pre-Carly HP, and answer Noe Nevarez's question about apparent timeouts in nslookup and Alan Shackelford's question about the effect of signing a parent zone on its subzones. Then Matt plugs DNS-OARC in an act of contrition and proceeds to throw […]
In this episode - returning after an unintentional hiatus - Matt and Cricket touch the third rail of DNS security, the DNSSEC versus DNScurve debate, by answering Yiorgos Adamopoulos's question. They also answer Shane Wegner's question about minimal responses, Matt brings Cricket up to date on progress in the effort to sign the root zone, and Matt describes a recent "brush with greatness."
For the first time ever, Matt and Cricket have a guest host, Duane Wessels, recently of DNS-OARC and now at VeriSign. Matt, Duane and Cricket answer Christoph Kluenter's question about IPv6-only name servers, Rick Andrews's question about how software distinguishes IP addresses from domain names, and Rainer Duffner's question about whether Google is omniscient or just sneaky.