Articles
Likes on articles
Geoff Huston AM is the Chief Scientist at APNIC, where he undertakes research on topics associated with Internet infrastructure, IP technologies, and address distribution policies. From 1995 to 2005, Geoff was the Chief Internet Scientist at Telstra, where he provided a leading role in the construction and further development of Telstra's Internet service offerings, both in Australia and as part of Telstra's global operations. Prior to Telstra, Mr Huston worked at the Australian National University, where he led the initial construction of the Internet in Australia in the late 1980s as the Technical Manager of the Australian Academic and Research Network. He has authored a number of books dealing with IP technology, as well as numerous papers and columns. He was a member of the Internet Architecture Board from 1999 until 2005 and served as its Executive Director from 2001 to 2005. He is an active member of the Internet Engineering Task Force, where he currently chairs two Working Groups. He served on the Board of Trustees of the Internet Society from 1992 until 2001 and served a term as Chair of the Board in 1999. He has served on the Board of the Public Internet Registry and also on the Executive Council of APNIC. He chaired the Internet Engineering and Planning Group from 1992 until 2005.
Website: http://www.potaroo.net/
• 26 min read
The design of IPv6 represented a relatively conservative evolutionary step of the Internet protocol. Mostly, it's just IPv4 with significantly larger address fields. Mostly, but not completely, as there were some changes. IPv6 changed the boot process to use auto-configuration and multicast to perf…
• 10 min read
We tend to make a number of assumptions about the Internet, and sometimes these assumptions don’t always stand up to critical analysis. We were perhaps ‘trained’ by the claims of the telephone service to believe that these communications networks supported a model of universal connectivity. Any tel…
• 24 min read
One of the more difficult design exercises in packet-switched network architectures is that of the design of packet fragmentation. In this article, I’d like to examine IP packet fragmentation in detail and look at the design choices made by IP version 4, and then compare that with the design choice…
• 17 min read
Every so often I hear the claim that some service or other does not support IPv6 not because of some technical issue, or some cost or business issue, but simply because the service operator is of the view that IPv6 offers an inferior level service as compared to IPv4, and by offering the service ov…
• 9 min read
Most of the time, mostly everywhere, most of the Internet appears to work just fine. Indeed, it seems to work just fine enough to the point that that when it goes wrong in a significant way then it seems to be fodder for headlines in the industry press.
• 22 min read
It has been observed that the most profound technologies are those that disappear. They weave themselves into the fabric of everyday life until they are indistinguishable from it, and are notable only by their absence.
• 23 min read
The Internet’s Domain Name System is a modern day miracle. It may not represent the largest database that has ever been built, but nevertheless it’s truly massive. And even if it’s not the largest database that’s ever been built, it’s perhaps one of the more intensively used. The DNS is consulted e…
• 28 min read
Much has been said over the pasts year or so about various forms of cyber spying. The United States has accused the Chinese of cyber espionage and stealing industrial secrets. A former contractor to the United States' NSA, Edward Snowden, has accused various US intelligence agencies of systematic e…
• 23 min read
Yes, that's a cryptic topic, even for an article that addresses matters of the use of cryptographic algorithms, so congratulations for getting even this far! This is a report of an experiment conducted in September and October 2014 by the authors to measure the extent to which deployed DNSSEC-valid…
• 7 min read
It has been a very busy period in the domain of computer security. With "shellshock", "heartbleed" and NTP monlink adding to the background of open DNS resolvers, port 445 viral nasties, SYN attacks and other forms of vulnerability exploits, it's getting very hard to see the forest for the trees. W…
There have been some refinements to BBR (see https://datatracker.ietf.org/meeting/102/materials/slides-102-iccrg-an-update-on-bbr-work-at-google-00) that appear to make it a more socially friendly flow control protocol. So if the RedHat release uses BBRv2 then its possible that you will see a protocol that attempts to balance its network pressures with those of loss-based protocols in a fairer manner.
“Hi Geoff, I already seen your presentation in APRICOT 2017 ( slide and youtube ) Can you tell me how to check the most active ipv6 prefixes for the last day,week or month? Thanks in advance,”
Thanks for your question. For IPv4 prefixes: http://bgpupdates.potaroo.net/instability/bgpupd.html For IPv6 it's: http://bgpupdates.potaroo.net/instability/v6-bgpupd.html Thee reports are updated every 24 hours
No, things have not changed tremendously. In fact, not much has changed at all over the past three years from the data set I have, so I'm unsure what data you have used to form that observation. Today, the overall use of Google's PDNS service in the Internet spans some 14% of the total user population. See http://stats.labs.apnic.net/dnssec/XA?c=XA&x=1&g=1&r=1&w=1&q=0 The level of use of this service is highest in Western, Middle and Eastern Africa, Oceania and Southern Africa. The lowest levels of use are found in western and northern Europe, East Asia, and Australia and New Zealand. (see the country table at the URL given above)
Hi Todd, It's always difficult to say what happened from a distance and probably only Dyn (or presumably the attackers) have direct knowledge of what happened and the rest of use can only speculate. It appears to be a pretty safe assumption that Mirai was used, and the source code of Mirai contains a smorgasbord of potential attacks, of which generating DNS queries is just one. So two weeks later it looks like its reasonable to assume that the attack contained a notable DNS component. More to the point, I was wondering if we could use the DNS (and potentially DNSSEC) to protect itself from DNS-based attack incidents and, if so, how we could do so.
Showing 4 comment(s)