Blogs

It is often asked, “why can’t I have a CNAME at the zone apex?” This article explains why you can’t do that, and then continues with a discussion of potential alternatives. The use case for wanting a CNAME at a zone apex is typically one where an organization would like to have their web content hosted and provisioned by a

ISC’s training partner, Men & Mice, has announced public courses for September through November, in Amsterdam, Geneva, Denver, San Francisco area, and Zurich. ISC Support Customers are eligible for discounted or free training. The courses, originally jointly developed by Men & Mice and the ISC, are hands-on and have been highly reviewed by past students. In the first half of

The Kea team is participating in the Google Summer of Code (GSOC) for the first time.  The GSOC program pays University students to spend their summer working on an open source project. This year, according to Google, the GSOC program is sponsoring 1,264 students from 62 countries working with 206 open source organizations. Students are encouraged to take the lead in

Kea 1.4 is ready for download and use. This is a big release, with several significant new features.   For users who have adopted Kea because they love the database back end, for lease and host reservations storage, we have added a new database and improved our statistics:   Cassandra Kea has had experimental support for an Apache Cassandra database

The IETF standards community regards the possibility of pervasive monitoring as an attack on the Internet and there is strong consensus among IETF participants that we must protect Internet users’ privacy. We were wondering whether the people who are operating DNS services were feeling a similar sense of urgency, and if they had any significant concerns about obstacles to deployment.

We are excited to share our latest Kea release, Kea 1.4.  This is the beta test version, posted so users and prospective users can do some testing and give us feedback. We anticipate posting a final version on June 15th, so please get us your feedback in time to make any needed changes. New Features in 1.4 Database improvements Many

Like many responsible organizations with an on-line presence, we have been preparing to meet our new obligations under GDPR (General Data Protection Regulations – it’s an EU thing).  We are a small business with less than 30 employees and no business activities located in Europe. We are committed to transparency because we care about public trust in ISC: we also

ISC has a long history of participating in hackathons, starting a long time ago at Gdansk University, and continuing with IETF Hackathons. Every time the goal was similar: spend a day or two playing with a new technology, concept or idea to see whether it makes sense, how to possibly extend Kea to support it properly and gain some experience.

Extension Mechanisms for DNS were standardized in 2013 Despite this, there continue to be non-compliant implementations.  DNS software developers have tried to solve the problems with the interoperability of the DNS protocol and especially its EDNS extension (RFC 6891 standard) by various workarounds for non-standard behaviors. However, temporary workarounds are not a long-term solution. These workarounds excessively complicate DNS software and are

The 1H 2018 Schedule for DNS and BIND classes is posted.  There will be classes in Amsterdam, Redwood City, CA, New York City, and Zurich. These classes are delivered by Men and Mice, but cover the use of the BIND open source via CLI.  They are hands-on and have been very highly reviewed by past students. Here are the links

The Problem with DDNS and Dual Stack clients When clients obtain both and IPv4 and and IPv6 address, they generally wish that their hostname when added to DNS is the same, for both the v4 and the v6 address – i.e. they want, for the same name, for there to be both an A and a AAAA record. This is

We will be adding QNAME minimization in the next major version of named. QNAME minimization is described in IETF RFC #7816.  It is an important component of an overall DNS privacy strategy.  This project will make it possible for the operator of a BIND resolver to configure it to minimize unnecessary information leakage. Data leaked through DNS lookups is increasingly