DNS is Virtually Awesome
The RIPE DNS working group will be holding online sessions every few weeks. We have already had the first session, a talk from Kim Davies at PTI/ICANN about some of the challenges of DNSSEC KSK management for the root zone. This session went very well, and we are looking forward to many more in the…
One issue with cloud services is that they are mostly proprietary offerings. I suggest that the cost of moving off of a particular cloud provider (whether back to self-hosted or to another cloud vendor) be counted as a cost of that solution. For example, if a cloud service offers a particular service that no other company offers, the cost of doing without or building a replacement should be factored in as an additional cost of using that service. Often companies end up locked in because it costs too much to move off of a particular solution, but this is less likely to happen if the cost of "unlocking" a given service is accounted for the entire time.
I love this kind of follow-up study, thanks!
It's a pity that after all of this network engineering work there's still no IPv6 for GitHub. 😢
“Yes, I would really like CDS/CDNSKEY support :-) I wrote dnssec-cds so that I could support it for our delegated zones, and it would be really handy for them if they could also use CDS/CDNSKEY for their PI address space. (dnssec-cds is mentioned in the BIND 9.12 release notes https://deepthought.isc.org/article/AA-01532/0/BIND-9.12.0b1-Release-Notes.html and the man page is at https://ftp.isc.org/isc/bind9/9.12.0b1/doc/arm/man.dnssec-cds.html)”
Note that Jaromír Talíř will be giving a presentation about CDNSKEY in Knot DNS and the FRED registry tomorrow at the DNS working group at RIPE 75.
Thanks for this comprehensive overview! I especially like the specific recommendations for VPS vendors.
Showing 5 comment(s)