Posts by matt.

Episode 43

In this, our holiday episode, we’re joined by returning special guest, Duane Wessels, who discusses a recent event involving the root name servers and a lot of obviously spoofed traffic, as well as his ongoing work in the IETF around DNS privacy.  We reach into the mail bag and find a question from our friend, Rob Fleischman, musing about possible additional metadata that recursive servers could send to authoritative servers.  As it happens, Duane’s also working on a DNS protocol extension directly related to Rob’s question, which he tells us about.  Finally, we end with a brief and spoiler-free discussion about The Force Awakens.

Episode 42

In Episode 42, we discuss the meaning of life, the universe and everything with a very special guest, @dnsreactions, creator of the hit DNS Reactions Tumblr.  “DR”, as we call him or her (or it?), prefers to stay anonymous, so we have obscured his/her/its voice using the magic of technology.  Our long-suffering listeners submitted questions for DR, who was very accommodating.  Enjoy!

Episode 41

Welcome to our special Halloween episode!  Okay, not really, but we are recording in late October…  This time we answer a record-breaking three questions from the same listener, Grant Taylor, who single-handedly supplied the material for all our tangents in this show.  We remind everyone of the dangers of cache poisoning in a discussion about CNAMEs, we strain our memories back to the early days of DNSSEC to discuss SIG(0), and we explain and opine on EDNS Client Subnet, a recent and increasingly popular DNS protocol extension.  Considering the time of year, we also lapse into a discussion of candy, specifically peanut M&Ms.

Episode 37

Back after a long absence they try to avoid talking about, Cricket and Matt tackle some meat-and-potatoes questions: Why can’t one have a CNAME with other records at a domain name? Are registrars buying up expired domain names? How can one make a name server generate answers dynamically?  Listen as Matt embarrasses himself by forgetting the name of the Registry-Registrar Protocol (RRP), the predecessor to the Extensible Provisioning Protocol (EPP), used today between registrars and registries.  Cricket’s memory is working fine, though, as he dredges up a reference to lbnamed, a simple, Perl-based name server now remembered only by Google and DNS geeks.  And as usual, there are tangents: the episode winds up with an impromptu discussion of standing desks and how Matt is an effective but not-at-all-subtle choral conductor.

Episode 31

In this, their inaugural episode for 2013, Cricket and Matt answer a question from the mysterious “Joe” (if that is his real name) about the differences between BIND’s stub zone and conditional forwarding features, prompting some reminiscing about the good old days of BIND 8.  This episode is the third in which we tackle questions from apparent long-time listener Yiorgos Adamopoulos, who wonders about the various features of dig and if Mr. DNS still writes code.

Root DNSSEC Key Attestation

On June 16, 2010, I witnessed the generation of the first root zone key-signing key in the first key ceremony held by ICANN, the IANA functions operator, at its key ceremony facility in Culpeper, VA.  I attest that the following DS record corresponds to the key generated at that ceremony:

. IN DS 19036 8 2  49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5

The canonical location of the root zone trust anchor information is Also included there are supporting material and explanatory documentation.

A PGP-signed version of this attestation is available here.

Matt Larson
July 16, 2010

Episode 6

In yet another episode recorded with Matt and Cricket in the same room, they offer their opinions on two security-related topics: TSIG, including when to use it and whether it’s still worthwhile with DNSSEC-signed zones; and the benefits and drawbacks of using split namespaces.  Along the way, they attempt to determine – using nothing but their wits, logical extrapolation and haphazard guessing – how a new feature of BIND 9.6 must work.

Episode 3

Warning: spoiler alert!  Do not listen to this episode if you do not want to learn the identity of the final Cylon in Battlestar Galactica.  Also, do not listen if you do not want to hear Matt correct and elaborate a bit on DNSSEC topics from Episode 2.  And especially do not listen if you are not interested in learning about the uses of stub zones and hearing an explanation of web browser DNS “pre-fetching”.  Otherwise, it’s fine to listen and we hope you will.

Episode 2

In our second episode, Matt and Cricket discuss Matt’s distaste for handbells and lapse into a discussion of Star Trek (The Original Series) — oh, and answer an actual listener’s question about when DNSSEC deployment will be widespread.  Also, Cricket says “Right, right” many times.

Episode 1

Welcome to the inaugural episode of the Ask Mr. DNS Podcast! In this first episode, we introduce ourselves and talk a little about our backgrounds. We also explain who the heck Mr. DNS is and why we’ve named our podcast after him. Then we actually answer a DNS question and wind up the episode discussing some interesting DNS research we’ve each done.

We hope you enjoy it!