In this mercifully digression-free episode – perhaps not coincidentally taped in-person in Cricket’s office in Santa Clara – Matt and Cricket answer Josh Baverstock’s umpteenth question, this one about storing certificates in DNS, as well as Dirck Copeland’s and Bob Harold’s related questions about bad delegations. Josh, Dirck and Bob will each receive a handsome black Practice Safe DNS tee shirt courtesy the Public Interest Registry. If we’ve got the right sizes, that is.
Podcast: Play in new window | Download
Posted by Cricket Liu at 5:02 am on February 19th, 2011.
Categories: DNSSEC, Episodes.
In this episode, Matt and Cricket answer Dana S’s question (submitted from Kurdistan!) about the wisdom (or folly) of implementing an OpenDNS-like system using multiple views, as well as Alex Wilkinson’s questions about what all those SRV records that Domain Controllers register are for and whether BIND name servers can serve them, and which tools they recommend for troubleshooting DNS problems. Along the way, they plug several web-based troubleshooting tools, including VeriSign’s http://www.dnssec-debugger.com/, Casey Deccio’s http://www.dnsviz.net/ and Infoblox’s http://www.dnsadvisor.com/.
But most importantly, they extend an offer of a free black tee shirt (and you can’t have enough of those!) to anyone submitting a question to Mr. DNS that’s answered on a forthcoming podcast! And if that’s not enough, listeners can also hear Matt best Cricket’s knowledge of Bay Area trivia with an obscure fact about the Westin St. Francis.
Podcast: Play in new window | Download
Posted by Cricket Liu at 3:26 am on January 17th, 2011.
Categories: Episodes. Tags: Active Directory, OpenDNS, SRV.
In this episode, Matt and Cricket beseech their legion of listeners to submit more questions, then turn Jeremy Laidman’s question about conditionally forwarding a subzone into an exhaustive (and somewhat exhausting) discussion of the history of BIND and conditional forwarding, and how to use conditional forwarding to build robust name resolution architectures. Then they address Jesus Cea’s question about how to goad his provider of secondary name service into supporting DNSSEC. In the process, they digress into the influence of “Top Gear” on impressionable youth, somewhat impractical advice on how HP could improve route aggregation through strategic acquisitions, and a comparison of various syndicated advice columnists.
Podcast: Play in new window | Download
Posted by Cricket Liu at 4:33 am on October 29th, 2010.
Categories: DNSSEC, Forwarding.
In this podcast, Matt and Cricket answer Leen Besselink’s question about the viability of Dan Kaminsky’s proposed use of a clever DNSCurve concept in DNSSEC, and Matt offers his high opinion of the Dutch people (surely risking retribution by his Swedish countrymen). Then they turn to Josh Baverstock’s question about why the LOC record failed to catch on, despite its obvious utility to cruise missiles with stub resolvers. Finally, in yet another of their “Why, back in my day…” sessions, they lament the loss of summer vacations that lasted through Labor Day.
Podcast: Play in new window | Download
Posted by Cricket Liu at 4:22 am on August 31st, 2010.
Categories: DNSSEC, Episodes, Resource records.
In this episode, Matt and Cricket reveal the first R-rated movies they saw and the circumstances in which they saw them. Oh, and they answer Rob Szarka’s question about the maximum number of NS records a zone can contain and Matt’s unnamed colleague’s question about why we need intrazone NS records at all. Then Matt gives us an insider’s look at the Root Zone’s Key Ceremony.
Podcast: Play in new window | Download
Posted by Cricket Liu at 2:37 am on July 13th, 2010.
Categories: DNSSEC, Episodes.
In this episode, for the first time ever, Matt and Cricket are joined by a dozen DNS dignitaries to answer a question from Alejandro Acosta about when to plug trust anchors into his name servers’ configurations and begin validating, and Bob Lee’s question about which tools to use to check his zone data and his name server’s configuration. Then they discuss DENIC’s recent Worst Day Ever after they published a truncated zone data file for .DE. And Mr. DNS is amazed to learn how many dynamic zone hosting services are blocked from China.
Mr. DNS sends special thanks to Dyn Inc. for their support of this Ask Mr. DNS episode. Dyn provided the venue, the equipment and their famous New England hospitality. Thanks also to all of the panelists for their good humor and participation.
Podcast: Play in new window | Download
Posted by Cricket Liu at 1:48 pm on May 21st, 2010.
Categories: DNSSEC, Episodes, Uncategorized.
In this episode, Matt and Cricket reminisce about G jobs and the Good Old Days at pre-Carly HP, and answer Noe Nevarez’s question about apparent timeouts in nslookup and Alan Shackelford’s question about the effect of signing a parent zone on its subzones. Then Matt plugs DNS-OARC in an act of contrition and proceeds to throw Cisco under the bus for offering an option in CNR that’s less than infrastructure-friendly. And finally – and somewhat predictably – the conversation veers off into movies featuring people who can’t form long-term memories (though, incredibly, they forget Dory in “Finding Nemo”!) and upcoming business travel.
Podcast: Play in new window | Download
Posted by Cricket Liu at 1:47 am on April 29th, 2010.
Categories: DNSSEC, Episodes.
In this episode – returning after an unintentional hiatus – Matt and Cricket touch the third rail of DNS security, the DNSSEC versus DNScurve debate, by answering Yiorgos Adamopoulos’s question. They also answer Shane Wegner’s question about minimal responses, Matt brings Cricket up to date on progress in the effort to sign the root zone (including a reference to slides by Duane Wessels from NANOG 48), and Matt describes a recent “brush with greatness.”
Podcast: Play in new window | Download
Posted by Cricket Liu at 3:44 pm on March 25th, 2010.
Categories: DNSSEC, Episodes.
In this episode, Matt and Cricket answer listener Paul Petersen’s question about how to register subdomains in country-code top-level domains around the world, and Ismael’s question about whether an RRSIG record’s signature validity can extend how long the signed RRset is cached. (And if you understood that last part, you probably don’t need this podcast.)
In addition, Matt and Cricket talk about the latest news in DNS, including the signing of the root zone, which Matt knows all about, and the introduction of (and uproar over) Google’s Public DNS service.
Though Matt contributes most of the technical answers, Cricket does score a small coup by remembering that the late Frank Gorshin played the half-blackfaced/half-whitefaced Bele in the original Star Trek episode “Let This Be Your Last Battlefield.”
Podcast: Play in new window | Download
Posted by Cricket Liu at 3:19 am on December 8th, 2009.
Categories: Episodes. Tags: ccTLD, delegation, DNSSEC, Google, registrar, root.
In Episode 11, Matt and Cricket manage to answer four (count ’em, four!) questions – except that they don’t really know the answer to Paul Roberts’s question about forwarding and delegation. However, in their own, inimitable style, they answer Yong Tak Ming’s question about forwarding, Samar’s question about how to configure his resolver so that he isn’t forced to type fully qualified domain names all the time, and Dirck Copeland’s questions about the Kaminsky vulnerability. And if you stay till the bitter end, you’ll learn where Matt and Cricket got their starts in DNS and why Cricket’s never seen a World Series game.
Podcast: Play in new window | Download
Posted by Cricket Liu at 3:21 pm on October 20th, 2009.
Categories: Episodes. Tags: delegation, Forwarding, Kaminsky, resolver, searchlist, Security, vulnerability.
