Anand Buddhdev

In this article we describe the evaluation and selection of a new DNSSEC signer solution, along with a plan of how we intend to perform the migration.… Read more

This is an experiment to see if we can increase the capacity and resiliency of the RIPE NCC's authoritative DNS service (AS197000). This service hosts all the reverse DNS zones, ripe.net and provides secondary service for various ccTLDs.… Read more

DNSSEC signing solutions and products have evolved greatly since we first began signing our zones. We are now exploring ways of doing it better and smarter.… Read more

On Thursday 16 March 2017, at around 20:00 UTC, a bug in a script caused an outage for some reverse DNS delegations registered in the RIPE Database. The effects of the bug were not immediate, but began a cascading failure, that persisted until 18:00 UTC on Friday 17 March. In the following article, you will find more information about what happened.… Read more

Rolling over the algorithm (usually to a stronger variant) used to sign a DNS zone isn't as easy as regular key roll-overs. This is because some DNSSEC validators are less forgiving than others, and fail validation unless the right combination of keys and signatures is present in a zone. This article describes our experiences with DNSSEC algorithm roll-over. We hope that our experience will help others who may be considering doing this.… Read more