home.social

#rootservers — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #rootservers, aggregated by home.social.

  1. At #ICANN, they currently discuss the rollover of a root KSK. They switch from an #RSA based key to an elliptic curve algorithm. From algorithm 8 to algorithm 13, a common observation in the past 2 or 3 years.

    There will be a multi-year (~3 years) transition period in which both algorithms run in parallel.

    Anyone want to read upon it, here is the proposal

    #DNSSEC #rootservers #ecdsa

  2. At #ICANN, they currently discuss the rollover of a root KSK. They switch from an #RSA based key to an elliptic curve algorithm. From algorithm 8 to algorithm 13, a common observation in the past 2 or 3 years.

    There will be a multi-year (~3 years) transition period in which both algorithms run in parallel.

    Anyone want to read upon it, here is the proposal

    #DNSSEC #rootservers #ecdsa

  3. At #ICANN, they currently discuss the rollover of a root KSK. They switch from an #RSA based key to an elliptic curve algorithm. From algorithm 8 to algorithm 13, a common observation in the past 2 or 3 years.

    There will be a multi-year (~3 years) transition period in which both algorithms run in parallel.

    Anyone want to read upon it, here is the proposal

    #DNSSEC #rootservers #ecdsa

  4. At #ICANN, they currently discuss the rollover of a root KSK. They switch from an #RSA based key to an elliptic curve algorithm. From algorithm 8 to algorithm 13, a common observation in the past 2 or 3 years.

    There will be a multi-year (~3 years) transition period in which both algorithms run in parallel.

    Anyone want to read upon it, here is the proposal

    #DNSSEC #rootservers #ecdsa

  5. At #ICANN, they currently discuss the rollover of a root KSK. They switch from an #RSA based key to an elliptic curve algorithm. From algorithm 8 to algorithm 13, a common observation in the past 2 or 3 years.

    There will be a multi-year (~3 years) transition period in which both algorithms run in parallel.

    Anyone want to read upon it, here is the proposal

    #DNSSEC #rootservers #ecdsa

  6. Exploring some insights of the #DNS root servers, and I discovered this small bump of NOTIMP repsonse codes of a.root-servers.net, operated by #Verisign. I checked other server instances with public statistics, and also k.root-servers.net, operated by #RIPE observed an uptick in REFUSED responses at around that time.

    Does anyone have a clue what was going on last year shortly before the Christmas days?

    #DNS #rootservers

  7. Exploring some insights of the #DNS root servers, and I discovered this small bump of NOTIMP repsonse codes of a.root-servers.net, operated by #Verisign. I checked other server instances with public statistics, and also k.root-servers.net, operated by #RIPE observed an uptick in REFUSED responses at around that time.

    Does anyone have a clue what was going on last year shortly before the Christmas days?

    #DNS #rootservers

  8. Exploring some insights of the #DNS root servers, and I discovered this small bump of NOTIMP repsonse codes of a.root-servers.net, operated by #Verisign. I checked other server instances with public statistics, and also k.root-servers.net, operated by #RIPE observed an uptick in REFUSED responses at around that time.

    Does anyone have a clue what was going on last year shortly before the Christmas days?

    #DNS #rootservers

  9. Exploring some insights of the #DNS root servers, and I discovered this small bump of NOTIMP repsonse codes of a.root-servers.net, operated by #Verisign. I checked other server instances with public statistics, and also k.root-servers.net, operated by #RIPE observed an uptick in REFUSED responses at around that time.

    Does anyone have a clue what was going on last year shortly before the Christmas days?

    #DNS #rootservers

  10. Exploring some insights of the #DNS root servers, and I discovered this small bump of NOTIMP repsonse codes of a.root-servers.net, operated by #Verisign. I checked other server instances with public statistics, and also k.root-servers.net, operated by #RIPE observed an uptick in REFUSED responses at around that time.

    Does anyone have a clue what was going on last year shortly before the Christmas days?

    #DNS #rootservers

  11. Just noticed this report of June 2025 root server's IPv4 prefix hijack for 8/13 of the root server operators root-servers.org/media/news/20

    #rootservers #dns

  12. Just noticed this report of June 2025 root server's IPv4 prefix hijack for 8/13 of the root server operators root-servers.org/media/news/20

    #rootservers #dns

  13. Just noticed this report of June 2025 root server's IPv4 prefix hijack for 8/13 of the root server operators root-servers.org/media/news/20

    #rootservers #dns

  14. Just noticed this report of June 2025 root server's IPv4 prefix hijack for 8/13 of the root server operators root-servers.org/media/news/20

    #rootservers #dns

  15. Just noticed this report of June 2025 root server's IPv4 prefix hijack for 8/13 of the root server operators root-servers.org/media/news/20

    #rootservers #dns

  16. Do not read this as criticism of #ipinfo, but I am surprised to see that the b, i, k, l and m #DNS root servers have the "privacy" flag set, meaning the IPs attempted to "hide" themselves. IPInfo suggests methods such as #VPN services. I doubt that.

    Also, all 13 root server IPs are flagged as #anycast. I thought, there are still ~some~ servers not yet anycasted, but Wikipedia confirms otherwise. Well, well, well...

    #rootservers #routing #internet

  17. Do not read this as criticism of #ipinfo, but I am surprised to see that the b, i, k, l and m #DNS root servers have the "privacy" flag set, meaning the IPs attempted to "hide" themselves. IPInfo suggests methods such as #VPN services. I doubt that.

    Also, all 13 root server IPs are flagged as #anycast. I thought, there are still ~some~ servers not yet anycasted, but Wikipedia confirms otherwise. Well, well, well...

    #rootservers #routing #internet

  18. Do not read this as criticism of #ipinfo, but I am surprised to see that the b, i, k, l and m #DNS root servers have the "privacy" flag set, meaning the IPs attempted to "hide" themselves. IPInfo suggests methods such as #VPN services. I doubt that.

    Also, all 13 root server IPs are flagged as #anycast. I thought, there are still ~some~ servers not yet anycasted, but Wikipedia confirms otherwise. Well, well, well...

    #rootservers #routing #internet

  19. Do not read this as criticism of #ipinfo, but I am surprised to see that the b, i, k, l and m #DNS root servers have the "privacy" flag set, meaning the IPs attempted to "hide" themselves. IPInfo suggests methods such as #VPN services. I doubt that.

    Also, all 13 root server IPs are flagged as #anycast. I thought, there are still ~some~ servers not yet anycasted, but Wikipedia confirms otherwise. Well, well, well...

    #rootservers #routing #internet

  20. Do not read this as criticism of #ipinfo, but I am surprised to see that the b, i, k, l and m #DNS root servers have the "privacy" flag set, meaning the IPs attempted to "hide" themselves. IPInfo suggests methods such as #VPN services. I doubt that.

    Also, all 13 root server IPs are flagged as #anycast. I thought, there are still ~some~ servers not yet anycasted, but Wikipedia confirms otherwise. Well, well, well...

    #rootservers #routing #internet

  21. This one is a pretty long read, and it goes into details of observed #NXDOMAIN patterns with a bias towards the #DNS landscape in #China. I did not expect to see so much leakage of non-public TLDs, but I guess that - despite the bias towards Chinese networks- it probably looks similar in other parts of the world.

    After reading this pretty long article, I was still somewhat feeling that it should have gone deeper into query flood phenomena which might cause spikes in NXDOMAIN responses.

    No matter what, a well-spent 10 minutes on educating yourself on things that are often not illuminated on one of the #Internet core protocols.

    Have a nice weekend, everyone!

    #rootservers #infosec

  22. This one is a pretty long read, and it goes into details of observed #NXDOMAIN patterns with a bias towards the #DNS landscape in #China. I did not expect to see so much leakage of non-public TLDs, but I guess that - despite the bias towards Chinese networks- it probably looks similar in other parts of the world.

    After reading this pretty long article, I was still somewhat feeling that it should have gone deeper into query flood phenomena which might cause spikes in NXDOMAIN responses.

    No matter what, a well-spent 10 minutes on educating yourself on things that are often not illuminated on one of the #Internet core protocols.

    Have a nice weekend, everyone!

    #rootservers #infosec

  23. This one is a pretty long read, and it goes into details of observed #NXDOMAIN patterns with a bias towards the #DNS landscape in #China. I did not expect to see so much leakage of non-public TLDs, but I guess that - despite the bias towards Chinese networks- it probably looks similar in other parts of the world.

    After reading this pretty long article, I was still somewhat feeling that it should have gone deeper into query flood phenomena which might cause spikes in NXDOMAIN responses.

    No matter what, a well-spent 10 minutes on educating yourself on things that are often not illuminated on one of the #Internet core protocols.

    Have a nice weekend, everyone!

    #rootservers #infosec

  24. This one is a pretty long read, and it goes into details of observed #NXDOMAIN patterns with a bias towards the #DNS landscape in #China. I did not expect to see so much leakage of non-public TLDs, but I guess that - despite the bias towards Chinese networks- it probably looks similar in other parts of the world.

    After reading this pretty long article, I was still somewhat feeling that it should have gone deeper into query flood phenomena which might cause spikes in NXDOMAIN responses.

    No matter what, a well-spent 10 minutes on educating yourself on things that are often not illuminated on one of the #Internet core protocols.

    Have a nice weekend, everyone!

    #rootservers #infosec

  25. This one is a pretty long read, and it goes into details of observed #NXDOMAIN patterns with a bias towards the #DNS landscape in #China. I did not expect to see so much leakage of non-public TLDs, but I guess that - despite the bias towards Chinese networks- it probably looks similar in other parts of the world.

    After reading this pretty long article, I was still somewhat feeling that it should have gone deeper into query flood phenomena which might cause spikes in NXDOMAIN responses.

    No matter what, a well-spent 10 minutes on educating yourself on things that are often not illuminated on one of the #Internet core protocols.

    Have a nice weekend, everyone!

    #rootservers #infosec

  26. Amongst all root servers instances in India, seems like F-Root server by @iscdotorg has most locations, in total 15 locations. All major cities are covered.

    See root-servers.org/ (scroll down and click F) to see locations.

    #RootServers

  27. Amongst all root servers instances in India, seems like F-Root server by @iscdotorg has most locations, in total 15 locations. All major cities are covered.

    See root-servers.org/ (scroll down and click F) to see locations.

    #RootServers

  28. Amongst all root servers instances in India, seems like F-Root server by @iscdotorg has most locations, in total 15 locations. All major cities are covered.

    See root-servers.org/ (scroll down and click F) to see locations.

    #RootServers

  29. Amongst all root servers instances in India, seems like F-Root server by @iscdotorg has most locations, in total 15 locations. All major cities are covered.

    See root-servers.org/ (scroll down and click F) to see locations.

    #RootServers

  30. Amongst all root servers instances in India, seems like F-Root server by @iscdotorg has most locations, in total 15 locations. All major cities are covered.

    See root-servers.org/ (scroll down and click F) to see locations.

    #RootServers

  31. DNS glitch that threatened Internet stability fixed; cause remains unclear - Enlarge

    For more than four days, a server at the very core of... - arstechnica.com/?p=2026566 #domainnamesystem #rootservers #security #biz#dnssec #dns

  32. DNS glitch that threatened Internet stability fixed; cause remains unclear - Enlarge

    For more than four days, a server at the very core of... - arstechnica.com/?p=2026566 #domainnamesystem #rootservers #security #biz#dnssec #dns

  33. DNS glitch that threatened Internet stability fixed; cause remains unclear - Enlarge

    For more than four days, a server at the very core of... - arstechnica.com/?p=2026566 #domainnamesystem #rootservers #security #biz#dnssec #dns

  34. DNS glitch that threatened Internet stability fixed; cause remains unclear - Enlarge

    For more than four days, a server at the very core of... - arstechnica.com/?p=2026566 #domainnamesystem #rootservers #security #biz#dnssec #dns

  35. DNS glitch that threatened Internet stability fixed; cause remains unclear - Enlarge

    For more than four days, a server at the very core of... - arstechnica.com/?p=2026566 #domainnamesystem #rootservers #security #biz#dnssec #dns

  36. Ever wondered why 13 is such an oddly specific number for #DNS #rootservers? Turns out that you could at most cram 13 domain names and their corresponding #IPv4 addresses in a non-truncated #UDP response. As soon as DNS truncates, the resolver falls back to #TCP. To avoid this additional performance impact and stress to the servers, the number is limited to 13.

    blog.apnic.net/2017/02/15/the-

    #Internet #criticalinfrastructure #dnsrootserver

  37. Ever wondered why 13 is such an oddly specific number for #DNS #rootservers? Turns out that you could at most cram 13 domain names and their corresponding #IPv4 addresses in a non-truncated #UDP response. As soon as DNS truncates, the resolver falls back to #TCP. To avoid this additional performance impact and stress to the servers, the number is limited to 13.

    blog.apnic.net/2017/02/15/the-

    #Internet #criticalinfrastructure #dnsrootserver

  38. Ever wondered why 13 is such an oddly specific number for #DNS #rootservers? Turns out that you could at most cram 13 domain names and their corresponding #IPv4 addresses in a non-truncated #UDP response. As soon as DNS truncates, the resolver falls back to #TCP. To avoid this additional performance impact and stress to the servers, the number is limited to 13.

    blog.apnic.net/2017/02/15/the-

    #Internet #criticalinfrastructure #dnsrootserver

  39. Ever wondered why 13 is such an oddly specific number for #DNS #rootservers? Turns out that you could at most cram 13 domain names and their corresponding #IPv4 addresses in a non-truncated #UDP response. As soon as DNS truncates, the resolver falls back to #TCP. To avoid this additional performance impact and stress to the servers, the number is limited to 13.

    blog.apnic.net/2017/02/15/the-

    #Internet #criticalinfrastructure #dnsrootserver

  40. B-root is renumbering, to increase the RIR diversity (and therefore also RPKI diversity) of root server IP addresses. Announcement here in Spanish: lacnic.net/6868/1/lacnic/lacni

    #dns #icann #rootservers #rpki