RIPE Labs

For decades, the Domain Name System (DNS) has relied on UDP as its transport protocol of choice, mostly because of its simplicity. New transports such as DNS-over-TLS and DNS-over-HTTPS are now gaining popularity: they offer increased privacy while preventing the use of the DNS as a DDoS attack vector. What may be less obvious is that they can also provide increased performance compared to UDP.… Read more

In this article we describe the evaluation and selection of a new DNSSEC signer solution, along with a plan of how we intend to perform the migration.… Read more

As Ph.D. students, our typical encounter with the IETF community and their work is by stumbling over RFCs and Internet-Drafts that either relate to or are a fundamental basis for our research. Beyond that, for us, the Internet Engineering Task Force (IETF) has been a vague entity focused on standardisation. Therefore it was a great experience to attend the IETF 101 meeting in London earlier this year and to present our measurement results for TCP, HTTP/2 and QUIC at the Measurement and Analysis for Protocol Research Group (MAPRG)… Read more

Going online on unknown Internet hotspots - whether at a restaurant, an airport or in a restaurant - isn't actually very safe or secure for users. This is due to the open character of hotspots which makes it easy to impersonate legitimate hotspots and eavesdrop on traffic - or even serve malware. The main aim of the Let's Connect! project is to develop a secure, fast and usable open-source VPN solution that can be used by anybody on all types of devices. Thanks to the RIPE NCC Community Projects Fund this important goal is getting within reach.… Read more

In 2009, Google launched its Public DNS service, with its characteristic IP address 8.8.8.8. Since then, this service has grown to be the largest and most well-known DNS service in existence. Due to the centralisation that is caused by public DNS services, large content delivery networks (CDNs), such as Akamai, are no longer able to rely on the source IP of DNS queries to pinpoint their customers. Therefore, they are also no longer able to provide geobased redirection appropriate for that IP.… Read more

The RIPE Meeting Mentor programme makes it easy for seasoned community members to share their knowledge and expertise with the next generation of the RIPE community.… Read more

Blockchain technology is receiving a lot of attention these days as a solution in numerous application domains. Triggered by research proposals and discussions in a variety of forums, we got together with a number of RIPE NCC employees to look at blockchain and its applicability to registration of Internet number resources. From our analysis we conclude that there are a number of issues that, at least for now, mean there is no benefit to using blockchain technology in the registry system. … Read more

Is DNSSEC still needed when you get your DNS over TLS? DNSSEC's original design goals could also be met in a future DoT-only world. However, DNSSEC's aspirations have moved on with DANE. Unfortunately DNSSEC and DANE are hardly ever available at end-user devices. DoT brings liable delivery of DNS, which might make DNSSEC and DANE finally happen after all.… Read more

The main goal of CrypTech is to create an open-source design for a hardware cryptographic engine for Hardware Security Modules (HSMs). At the same time it also provides a associated reference implementation that allows anyone to develop, deploy and audit a secure, low-cost cryptographic engine in their chosen environment. … Read more

There are many flavours of BGP hijacks, misconfigurations or outdated implementations. Here are some examples and tips how to verify your announcements.… Read more