Based in Paris (France)
Articles
Likes on articles
I work at AFNIC (the registry of .fr domain names), in the R&D department, on, among other things, DNS, security, statistics.
• 8 min read
There have been several calls for Russian Internet networks to be shut down in one way or another and announcements that Russia is going to make such cuts. In this article, Stéphane Bortzmeyer explores the issue from a technical point of view.
• 22 min read
There are several ways to create RIPE Atlas measurements, thanks to its API. Here, we present Blaeu, a set of tools to create one-off measurements, mostly to debug temporary issues.
• 2 min read
On 17 October 2016, a website hosted by the French Ministry of the Interior went offline when a large number of customers of the Internet service provider, Orange, were redirected to the site. The problem occurred after Google, Wikipedia and cloud provider OVH were mistakenly placed on a terrorism …
• 15 min read
This article explains how I use RIPE Atlas probes, the official API and custom scripts to debug network issues.
• 23 min read
More and more governments, authorities and courts are requesting censorship of Internet content. It is often done via a lying DNS resolver. Can we use RIPE Atlas probes to see it, and how?
• 7 min read
If you monitor your external Internet connectivity, you may wonder which machine is the best to ping. Hesitate no more - you can use RIPE Atlas anchors as landmarks.
• 7 min read
The techniques used by the L-root DNS server are documented in RFC 7108 "A Summary of Various Mechanisms Deployed at L-Root for the Identification of Anycast Nodes". These techniques can be used by the RIPE Atlas probes to find the instance of L-root they are talking to.
• 6 min read
Each RIPE Atlas probe has at least one DNS resolver, indicated by a DHCP reply on the local network of the probe. Irrespective of the IP address of the resolver, this server may have IPv4 and IPv6 connectivity or only IPv4 connectivity. What is the percentage among RIPE Atlas probes?
• 8 min read
This article is intended to make RIPE Atlas users aware of ethical issues that could arise when using RIPE Atlas. We do not intend to propose any new formal processes or procedures to address the relevant ethical issues, but we do want to encourage members of the RIPE Atlas community to consider th…
Showing 1 article(s)
I'm not sure about the consequences. Does it mean that Afrinic could lose its accreditation?
I like the IP address 2610:a1:1072::1:42 since the name is an IDN. But, alas, no DNSSEC.
"They may also receive more spam and phishing e-mails, since modern e-mail security protocols rely on DNSSEC as well." I would like to see email servers use SPF, DKIM and DMARC records only if they have been validated with DNSSEC but I strongly doubt it is the case today.
Developping something new (no installed base) and mission-critical in C, today, is a bit strange. Why not using a safer language?
Nice and useful article. For OpenDNSSEC, the important parameter is named Jitter and is enabled by default. Check that you have something like "<Policy name="default">...<Signatures>... <Jitter>PT12H</Jitter>" It would be nice to document here how it is done for other signing programs.
Great survey, thanks for this work. Indeed, the variations in EDE are funny. For bogus.bortzmeyer.fr, Unbound (and 1.1.1.1) say "9 (DNSKEY Missing)", 9.9.9.9 say "10 (RRSIGs Missing)" and Knot-Resolver say "12 (NSEC Missing)"
"The IP to CO2 Intensity API allows you to query an IP address" The second link actually goes to a service that takes a host name, not an IP address.
A good thing about the IETF is that it is open and discussions are public so here is the link to the discussion inside the IETF about this article: https://mailarchive.ietf.org/arch/msg/ietf/M2vDMHuj063n5jvcUydcr0oRWy0/
I was at the same side meeting and had a different impression. My article in French: https://www.bortzmeyer.org/filtrage-vie-privee.html
Interesting and timely since, in the last two weeks, at least five domains of important public services in France have been down. At least four of them had poor DNS hosting (only two unicast authoritative name servers, sometimes in the same physical location). My report (in French): https://www.bortzmeyer.org/service-public-impots-dns.html
Showing 52 comment(s)