In this episode, Matt and Cricket are joined by Ulrich Wisser, a colleague of Matt’s at ICANN. Ulrich explains the latest efforts in the area of DNSSEC automation, including CDS, CDNSKEY and now even CSYNC records and how they’re used. Ulrich mentions a Github repo that includes a list of registries, registrars, DNS providers and software that support DNSSEC automation; and an SSAC report on DS record automation.
This very informative section gradually devolves into amusing (for us, anyway) recollections of attempts to “tamper” various hardware security modules.
Toward the end, as is their wont (and when do you ever hear the word “wont” except in that context?), Matt and Cricket profess their childlike excitement over the upcoming “Murderbot” series, and Matt admits (much to Cricket’s astonishment) that he has never read “Dune.”
Podcast: Play in new window | Download
Posted by Mr. DNS at 6:50 pm on May 4th, 2025.
Categories: DNSSEC, Episodes.
In this episode, Matt and Cricket are joined by Renée Burton, Infoblox’s Vice President of Threat Intelligence. They briefly introduce Protective DNS and its advantages as a security mechanism, then talk about threat feeds and how they’re created, and finally discuss Renée’s team and their work on analyzing Passive DNS data and DNS metadata to detect–and in some cases predict–the malicious use of DNS.
Toward the end, they segue (or perhaps “lapse”?) into a meandering discussion of Neal Stephenson’s “Polostan” (Cricket is, embarrassingly, stuck), Dennis E. Taylor’s Bobiverse series (which Matt recommends), von Neumann probes (which Cricket either had not heard of or did not remember, necessitating an explanation from Matt, and which illustrate John von Neumann’s incredible mind and remarkable versatility), “Silo” (because Cricket is still not over Rebecca Ferguson–see episode 63) and AppleTV+’s run of other worthwhile shows, including “Slow Horses,” “Bad Monkey,” and “For All Mankind.”
Podcast: Play in new window | Download
Posted by Mr. DNS at 6:58 pm on January 23rd, 2025.
Categories: Episodes, Security.
In this episode, Matt and Cricket are joined by Professor Casey Deccio, of DNSViz and now Brigham Young University fame. (Matt is embarrassed and sorry that he misremembered and called Casey’s magnum opus “DNSSECViz” by mistake.) They tackle a listener’s question about a recent “DNS outage,” examining the causes of both Facebook’s and Slack’s failures and how they might have been avoided. Then they dive into recent developments in sci-fi and fantasy, including “Dune” (thumbs-up from Cricket), “Foundation,” Charles Stross’s “The Merchant Princes” series, and Cixin Liu’s “Remembrance of Earth’s Past” trilogy.” (During this latter segment, Cricket might have gone on for a little too long about Rebecca Ferguson.)
Podcast: Play in new window | Download
Posted by Matt Larson at 11:01 pm on November 7th, 2021.
Categories: DNSSEC, Episodes.
In this episode, Matt and Cricket are joined by Kim Davies of ICANN and PTI (you’ll have to tune in to find out what that stands for). Kim edifies us on key ceremonies and the Herculean efforts required to keep a key ceremony secure and transparent during what Matt referred to as a “global pandemic,” immediately regretting his use of the redundant phrase. Later, Cricket is embarrassed to learn that Matt has already read both of the new books he’s reading (John Scalzi’s “The Last Emperox” and Martha Wells’s latest in the Murderbot series, “Network Effect“), and Kim laments that the end of business travel leaves him with no time to watch anything. Oh, and the guys (or Matt, really) answer a really good question from Swapneel Patnekar about an ICANN paper on the effects of COVID-19 on the root name servers.
If you’ve already listened to the episode and are interested in the resources Kim referred to, here are the links:
Podcast: Play in new window | Download
Posted by Mr. DNS at 6:04 pm on May 14th, 2020.
Categories: DNSSEC, Episodes, Root name servers.
In this episode, Matt and Cricket are joined by Cricket’s recent co-author, John Belamaric, to discuss CoreDNS, a DNS server built to act as a service discovery engine in containerized environments, particularly those managed by the ubiquitous Kubernetes. They also answer a question from Shane Kerr about why certain RR types insist on using canonical names in RDATA, and Cricket expresses his displeasure at the mispronunciation of “bailiwick.” Finally, they discuss “The Mandalorian,” and Cricket once again strongly recommends Taika Waititi’s movies, especially “What We Do in the Shadows” and “Jojo Rabbit.”
Podcast: Play in new window | Download
Posted by Mr. DNS at 5:58 pm on January 2nd, 2020.
Categories: Episodes.
Was it Cricket Liu Live or Ask Mr. DNS Live? And does it really matter?
Shortly after the first anniversary of the massive DDoS attack on Dyn, Matt and Cricket broadcast a session on DDoS attacks and their relationship to DNS from the National Press Club in Washington, D.C. They talked about how DDoS attacks target DNS infrastructure, how those attacks can exploit name servers, and recapped last year’s attack. And they even examined some mechanisms that will help protect your DNS infrastructure from DDoS attacks:
https://www.infoblox.com/resources/webinars/cricket-liu-virtual-event-2017/
Posted by Mr. DNS at 3:17 am on November 15th, 2017.
Categories: DDoS, Episodes.
This isn’t exactly an episode, but Matt and Cricket recently recorded a short promo for Infoblox’s DNS Awareness Day campaign, and they decided to keep recording because Cricket wanted to hear about the recent DNSSEC Key Ceremony, in which Matt had served as the Ceremony Administrator. So if you’re curious about how new root keys are generated and the sort of security that’s involved, tune in!
Oh, and there’s video, for the first time!
Podcast: Play in new window | Download
Posted by Mr. DNS at 5:47 pm on October 21st, 2017.
Categories: DNSSEC, Episodes, Security.
In this episode, number 52 (cards in a deck! And just wait till we hit 53, which has special significance!), Matt and Cricket are joined by a pantheon of the gods of DNS. However, since they neglected to ask any of the speakers to introduce themselves, you’ll just have to guess, Band Aid “Do They Know It’s Christmas”-style, who’s who. (Olafur’s basically a gimme–our Boy George or Bono.) We answer David Mar’s question about how to learn the basics of DNS and then recap some of the topics of the Inside Baseball meeting we’d been attending, graciously hosted by Salesforce and organized by Allison Mankin & company.
Podcast: Play in new window | Download
Posted by Matt Larson at 9:22 pm on October 9th, 2017.
Categories: Episodes, Uncategorized.
In this episode, number 51, Matt and Cricket are joined by Kyle York and Joe Abley, respectively the Chief Strategy Officer and we-don’t-know-what of Dyn. Kyle and Joe ably (ha!) fill in some of the details on the DDoS attack against Dyn on October 21 of last year. And Kyle brags about the Patriots “dynasty,” which for three quarters sure looked like the pride that cometh before a fall, but holy cow! Oh, and the guys jointly answer a question from Grant Taylor about a clever-but-frankly-awful way of adding a CNAME record to the apex of your zone and read a correction from Håkan Lindqvist about using underscores in certain fields of a cert.
Podcast: Play in new window | Download
Posted by Mr. DNS at 3:32 am on February 15th, 2017.
Categories: Episodes, Resource records.
In this episode, the 50th–their golden episode!–Matt and Cricket are joined by Dan York of the Internet Society, who brings them up to date on DNSSEC adoption. Then the trio answer questions from Matt’s former colleague Rick Andrews about the use of underscores in domain names and from Ben Dash about how some companies get around the prohibition against adding CNAME records to zone apexes. Apices. Whatever.
Podcast: Play in new window | Download
Posted by Mr. DNS at 5:56 am on January 24th, 2017.
Categories: DNSSEC, Episodes.