APNIC's Chief Scientist, Geoff Huston joins us again on the show, this time to discuss three related presentations by Google, ISC and Mozilla that caught his attention during the recent IETF 114 and DNS-OARC 38 meetings on securing the DNS against spoofing. DNS spoofing involves third parties intercepting and responding to queries for benign or malicious purposes; recent studies show that DNS spoofing has more doubled since 2016. Google is protecting its DNS service against spoofing using multiple methods including using a combination of DNS cookies, randomizing the choice of name servers, stripping duplicate queries from the outbound queues, performing rate limiting and unilaterally probing for support of Authoritative DNS over TLS (ADoT); it projects that these measures will cover 99% of queries after the various rollouts are complete. While such results are impressive, Geoff and others argue that the widespread use of DNSSEC could do just as good as a job and with little impact on performance, as per ISC's and Mozilla's findings in their recent studies. Read more about DNS Spoofing and DNSSEC on the APNIC Blog. The views expressed by the featured speakers are their own and do not necessarily reflect the views of APNIC.

Today’s Internet is a Frankenstein’s monster of parts that have been bolted together. If it was a house, it would be a knock-down job — far easier to start from scratch. This is easier said than done or so many thought as we’ll come to learn in this episode featuring Nicola Rustignoli a founding engineer at the SCION Association, which is taking a clean-slate approach to overcoming the architectural limitations of today’s Internet, to provide route control, failure isolation, and explicit trust information for end-to-end communication. Read more about SCION projects on the APNIC Blog and the SCION website. The views expressed by the featured speakers are their own and do not necessarily reflect the views of APNIC.

In our eleventh episode, we are again talking to APNIC's Chief Scientist, Geoff Huston, this time about certificate revocation. This has been a hotly debated subject for some time, namely whether it still serves a purpose given that many web browsers give you the option to ignore revoked certificates or ignore them for you. We'll discuss this and possible solutions to addressing the revocation processes issues. You can read more about certificate revocation on the APNIC Blog, including a post from Geoff: What’s going on with certificate revocation? The views expressed by the featured speakers are their own and do not necessarily reflect the views of APNIC.