Matt and I are fortunate to have an august group of listeners to our Ask Mr. DNS Podcast.  More often than not, when we don’t know the answer to a tough DNS question—and if you listen, you know that happens alarmingly frequently—a listener will send us an email lifeline.  Or sometimes a listener will provide insider knowledge about an issue we’ve commented on.  Matt and I feel both flattered by and enormously grateful for the attention of so many smart, accomplished people.

I bring this up because we recently received a message from kc claffy, who falls squarely into that “smart, accomplished” demographic.  kc works at SDSC, the San Diego Supercomputing Center, which means a) she’s wicked smart and 2) she has the good sense to live in the lovely San Diego area. She’s done a lot of work with CAIDA, the Cooperative Association for Internet Data Analysis—and whose acronym I imagine she pronounces very carefully when explaining what she does to a TSA agent—including a fascinating study of the crazy mix of useless query traffic received by a root name server.

kc asked Matt and me for our opinion on an issue related to the expansion of the top-level namespace.  As I’ve written, ICANN has begun adding more top-level domains.  We recently saw the addition of TLDs that use IDNA to encode non-ASCII characters, and ICANN’s also planning to allow folks to register lots of the plain-Jane, ASCII variety of TLDs, too.

Read more...

I spent Tuesday of last week in Manchester, New Hampshire, at a DNS confab hosted by Dyn Inc.  This was different from most DNS get-togethers I've attended:  Most DNS meetings are fairly academic, and focus on discussions of relatively arcane aspects of DNS technology.  This one centered on the business of DNS, and was attended by representatives from a number of up-and-coming companies in the DNS space, including quite a few DNS hosting companies.

The high point of the meeting, for me, was taping the latest episode of The Ask Mr. DNS Podcast, my friend Matt and my irregular podcast on all things DNS (and many things not DNS).  Dyn graciously provided studio-quality equipment to record a roomful of participants, and most of the attendees joined the taping session.

The most surprising part of taping the episode - besides the fact that it worked as well as it did! - was learning that China blocks access to the name servers of every DNS hosting provider attending.  That's astounding.

Read more...

With DNSSEC's Red Letter Day, July 1, approaching, it'd be easy to neglect another DNS milestone, passed on May 5.  For the first time, the root zone contains delegation to non-ASCII domain names.  Gone are the days of just A to Z and 0 to 9, with dash added for spice.  Today, if you look closely at a copy of the root zone, you'll find delegation to XN--WGBH1C, XN--MGBERP4A5D4AR and XN--MGBAAM7A8H.

Wait a minute--those are ASCII domain names, too - albeit cryptic ones, aren't they?

Yes, but they're specially encoded domain names.  Using a technique called IDNA, for Internationalized Domain Names in Applications, software can nowencode characters from the whole world's scripts into ASCII.  The characters are taken from Unicode, a standard that encodes characters from 90 of the world's scripts, totaling more than 107,000 characters, from Arabic to Yi.  (Yi?  Yeah, I'd never heard of it either.)  The resulting domain names look weird (for example, they all start with "XN--," as you can see above), but IDN software has no trouble decoding them into appropriate-looking characters

Read more...

Waaaay back when I ran hp.com, I had what I only now realize was an enviable position:  I was HP’s hostmaster (the somewhat-ceremonial title given to the person responsible for a zone) but not much else.  I dabbled in NTP and ran a big mail relay, but the bulk of my responsibility was DNS.  From when I got to work in the morning to when I left in the evening, I could concentrate on DNS.

At the time, I didn’t realize what a luxury that was.  I figured every big company probably had a person dedicated to DNS.  And in those days, some did. Partly, this was because we hostmasters could get away with it.  DNS was such a black art that you could simply assert that it took up most of your time and your management wouldn’t know any better.

How the times have changed.  I’ve had the opportunity to meet the folks responsible for DNS at many big companies, but I hesitate to call them “hostmasters”—not because they don’t deserve the customary title, but because it sells them short.  These people run routers, switches, firewalls, mail servers, and more.  Almost no one has the luxury of specializing in DNS any more.  The economic climate dictates that we all take on more responsibilities to make our employers more competitive.

Read more...

A few weeks ago, Mauricio Vergara Ereche, who in addition to having a very cool-sounding name works for Chile's NIC, noticed that queries to one of the root name servers were returning odd answers.  In particular, queries he sent to i.root-servers.net for domain names like www.facebook.com were being answered not with referrals to the com name servers, as you'd expect, but with an address record for www.facebook.com.  Unfortunately, that address record wasn't correct; it led nowhere.

Further probing determined that it was queries sent to the instance of i.root-servers.net in Beijing that were being answered bogusly.  And it wasn't i.root-servers.net that was behaving badly:  Kurt Erik Lindqvist, the CEO of Netnod, which helps coordinate i.root-servers.net's operation, as well as Xiaodong Lee, CTO of CNNIC, China's NIC, which hosts the Chinese i.root-servers.net, both denied having anything to do with the mischief.  Instead, the working theory is that China's government is intercepting the queries and forging the bogus responses, partly to keep ordinary Chinese citizens from Harmful Western Imperialist Influences like Facebook (and of course FarmVille).

Read more...