The Ask Mr. DNS Podcast

In this episode, Matt and Cricket are joined by Ulrich Wisser, a colleague of Matt’s at ICANN. Ulrich explains the latest efforts in the area of DNSSEC automation, including CDS, CDNSKEY and now even CSYNC records and how they’re used. Ulrich mentions a Github repo that includes a list of registries, registrars, DNS providers and software that support DNSSEC automation; and an SSAC report on DS record automation. This very informative section gradually devolves into amusing (for us, anyway) recollections of attempts to “tamper” various hardware security modules. Toward the end, as is their wont (and when do you ever hear the word “wont” except in that context?), Matt and Cricket profess their childlike excitement over the upcoming “Murderbot” series, and Matt admits (much to Cricket’s astonishment) that he has never read “Dune.”

In this episode, Matt and Cricket are joined by Renée Burton, Infoblox’s Vice President of Threat Intelligence. They briefly introduce Protective DNS and its advantages as a security mechanism, then talk about threat feeds and how they’re created, and finally discuss Renée’s team and their work on analyzing Passive DNS data and DNS metadata to detect–and in some cases predict–the malicious use of DNS. Toward the end, they segue (or perhaps “lapse”?) into a meandering discussion of Neal Stephenson’s “Polostan” (Cricket is, embarrassingly, stuck), Dennis E. Taylor’s Bobiverse series (which Matt recommends), von Neumann probes (which Cricket either had not heard of or did not remember, necessitating an explanation from Matt, and which illustrate John von Neumann’s incredible mind and remarkable versatility), “Silo” (because Cricket is still not over Rebecca Ferguson–see episode 63) and AppleTV+’s run of other worthwhile shows, including “Slow Horses,” “Bad Monkey,” and “For All Mankind.”

To make good on a new year’s resolution, Mr. DNS recently put on his system administrator hat and upgraded his creaky WordPress installation. (Why does Mr. DNS insist on running his own WordPress installation rather than putting it in the new-fangled cloud that’s so popular these days? Well, Mr. DNS is a creature of habit and stuck in his ways. He will not discuss this topic further.) The upgrade appeared to go without incident, but alas, it was not so. Mr. DNS is grateful to eagled-eyed listener Lyle Tagawa, who noticed that Mr. DNS’s beloved podcast logo no longer appeared in the feed. Mr. DNS dived back into the depths of WordPress and emerged victorious, or so he thought. The default logo remained in some obstinate podcast clients. His many seconds of Internet research leads him to believe that publishing a post will cause podcast clients of the world to fetch and once again display the beloved logo. Thus he writes this post and its accompanying sound file with…one second of silence. He hopes you are not terribly disappointed to find the written rather than spoken word in the feed. He promises another episode will arrive at some future date, but he has learned never to commit to a particular time: one cannot rush the process.

In this episode, Matt and Cricket are joined by Professor Casey Deccio, of DNSViz and now Brigham Young University fame. (Matt is embarrassed and sorry that he misremembered and called Casey’s magnum opus “DNSSECViz” by mistake.) They tackle a listener’s question about a recent “DNS outage,” examining the causes of both Facebook’s and Slack’s failures and how they might have been avoided. Then they dive into recent developments in sci-fi and fantasy, including “Dune” (thumbs-up from Cricket), “Foundation,” Charles Stross’s “The Merchant Princes” series, and Cixin Liu’s “Remembrance of Earth’s Past” trilogy.” (During this latter segment, Cricket might have gone on for a little too long about Rebecca Ferguson.)  

In this episode, Matt and Cricket are joined by Graeme Bunton, director of the newly formed DNS Abuse Institute.  Graeme describes his background and explains the mission of the institute and what they’re working on.  And we finally (sort of) answer a long-suffering listener’s question about producing a kind of “Compleat DNS Specifications RFC” and ramble on for a bit about two great new sci-fi books, Andy Weir’s Project Hail Mary (which Matt mistakenly called the “Hail Mary Project”…) and Martha Wells’s Fugitive Telemetry. Oh, and the lengthy hiatus? We shan’t speak of it.  

In this episode, Matt and Cricket are joined by Kim Davies of ICANN and PTI (you’ll have to tune in to find out what that stands for).  Kim edifies us on key ceremonies and the Herculean efforts required to keep a key ceremony secure and transparent during what Matt referred to as a “global pandemic,” immediately regretting his use of the redundant phrase.  Later, Cricket is embarrassed to learn that Matt has already read both of the new books he’s reading (John Scalzi’s “The Last Emperox” and Martha Wells’s latest in the Murderbot series, “Network Effect“), and Kim laments that the end of business travel leaves him with no time to watch anything.  Oh, and the guys (or Matt, really) answer a really good question from Swapneel Patnekar about an ICANN paper on the effects of COVID-19 on the root name servers. If you’ve already listened to the episode and are interested in the resources Kim referred to, here are the links: Attending a ceremony. Volunteering to be a Trusted Community Representative. ICANN’s blog post on the COVID-19-impacted ceremony.

We’re back with special guest Joe Abley, CTO of PIR, the registry for .ORG. We talk DNSSEC, research ideas, and more. Sadly, the mail bag was empty, but we still found more to talk about: DNS Flag Day 2020 is proposed to reduce fragmentation of DNS messages sent over UDP. Then Admiral Picard made an appearance, or was at least discussed. Finally, we urgently request your DNS questions at [email protected] to fill the mail bag!

In this episode, Matt and Cricket are joined by Cricket’s recent co-author, John Belamaric, to discuss CoreDNS, a DNS server built to act as a service discovery engine in containerized environments, particularly those managed by the ubiquitous Kubernetes.  They also answer a question from Shane Kerr about why certain RR types insist on using canonical names in RDATA, and Cricket expresses his displeasure at the mispronunciation of “bailiwick.” Finally, they discuss “The Mandalorian,” and Cricket once again strongly recommends Taika Waititi’s movies, especially “What We Do in the Shadows” and “Jojo Rabbit.”

Another year brings another Inside Baseball event, where an ad hoc group of DNS industry insiders get together for a day to talk about current issues and then go to a baseball game (really). So many DNS-knowledgeable folks in one place had the makings of a great podcast episode, so we got out the recording gear and dived into the mailbag to answer four questions. In addition to Cricket and Matt, you’ll also hear Alex Dupuy, Dave Lawrence, Matt Pounsett, Rob Seastrom and John Todd.

…in which Matt and Cricket, in a cunning bit of Tom Sawyering, take Rob Fleischman’s question about how recursive DNS servers handle TTLs of zero, and induce Rob to both a) join the podcast as a guest and 2) paint their fence by doing all the legwork to find the answer.  In the inevitable light banter segment at the end of the episode, Cricket highly recommends Taika Waititi’s What We Do in the Shadows, likely the funniest vampire mockumentary ever made.

We’re back with an emergency episode published just in time to inform your frantic preparations for DNS Flag Day on 1 February 2019. We’re delighted to welcome another special guest, Petr Špaček from CZ.NIC, to fill us in and let us know if we should stockpile food for an impending Internet collapse and the ensuing end of civilization as we know it. Or maybe it’s just the story of a few DNS developers whose patience has finally run out. Then Matt recommends the Netflix show Babylon Berlin, and Cricket and Matt lament their years-long study of German with not nearly as much to show for it as we’d like.  

We’re back after our longest hiatus yet. Alas, the mail bag was empty, so instead we invited special guest Paul Hoffman to talk about DNS over HTTPS (DoH), which has generated some buzz in the DNS community (to the extent that anything can generate buzz in the DNS community). We end with our usual pop culture consumption recap, this time focusing on what we’ve read recently (science fiction, unsurprisingly) and what shows we’ve watched in this new Golden Age of Television.

This isn’t exactly an episode, but Matt and Cricket recently recorded a short promo for Infoblox’s DNS Awareness Day campaign, and they decided to keep recording because Cricket wanted to hear about the recent DNSSEC Key Ceremony, in which Matt had served as the Ceremony Administrator.  So if you’re curious about how new root keys are generated and the sort of security that’s involved, tune in! Oh, and there’s video, for the first time!

In this episode, number 52 (cards in a deck! And just wait till we hit 53, which has special significance!), Matt and Cricket are joined by a pantheon of the gods of DNS.  However, since they neglected to ask any of the speakers to introduce themselves, you’ll just have to guess, Band Aid “Do They Know It’s Christmas”-style, who’s who.  (Olafur’s basically a gimme–our Boy George or Bono.)  We answer David Mar’s question about how to learn the basics of DNS and then recap some of the topics of the Inside Baseball meeting we’d been attending, graciously hosted by Salesforce and organized by Allison Mankin & company.

In this episode, number 51, Matt and Cricket are joined by Kyle York and Joe Abley, respectively the Chief Strategy Officer and we-don’t-know-what of Dyn.  Kyle and Joe ably (ha!) fill in some of the details on the DDoS attack against Dyn on October 21 of last year.  And Kyle brags about the Patriots “dynasty,” which for three quarters sure looked like the pride that cometh before a fall, but holy cow!  Oh, and the guys jointly answer a question from Grant Taylor about a clever-but-frankly-awful way of adding a CNAME record to the apex of your zone and read a correction from Håkan Lindqvist about using underscores in certain fields of a cert.

In this episode, the 50th–their golden episode!–Matt and Cricket are joined by Dan York of the Internet Society, who brings them up to date on DNSSEC adoption.  Then the trio answer questions from Matt’s former colleague Rick Andrews about the use of underscores in domain names and from Ben Dash about how some companies get around the prohibition against adding CNAME records to zone apexes.  Apices.  Whatever.

Cricket and Matt took advantage of being in the same place for once to record the podcast, though that doesn’t stop us from forgetting which episode number we’re actually recording.  We answer four questions on subjects relating to SPF, DNSSEC, /etc/host.conf and authoritative server selection by recursive name servers.  On that last topic, Matt refers to research on server selection he contributed to and promised a link to the paper in the show notes.  The paper is “Authority Server Selection of DNS Caching Resolvers” and was published in ACM SIGCOMM Computer Communication Review (CCR), April 2012.

In Episode 48, we are pleased to welcome Bert Hubert of PowerDNS fame to the show.  We reach into the mailbag to answer Nic Waller’s question about measuring which names in a zone are actually queried, Jesus Cea asked about proving domain ownership to obtain a Let’s Encrypt certificate (which caused us to do some actual research before recording!), and long-suffering listener Yiorgos Adamopoulos gamely sent in a question about using the block chain for name resolution.  As usual, we indulge in light banter completely unrelated to DNS, this time on outrageous cell phone roaming charges and Dutch pipe organs.  

In this episode, our 47th, we realize the mailbag is actually fuller than we thought, and work diligently to answer questions from a “long-term” Swedish listener about IPv6 reverse mapping, from Jeremy Laidman about BIND 9.11’s new catalog zones feature, and from (the also likely Swedish) Håkan Lindqvist about the credibility of DNS data, particularly NS records.  We also digress into ruminating over the possible deleterious effects of The Disney Channel on the attitudes of tween daughters, why the first four minutes of the forthcoming “Sully” are likely the highlight of the film, and what we’ve been watching on TV lately.  Don’t miss it!

This episode, number 46, features a guest appearance from Roy Arends of ICANN, whom Matt, Roy’s boss, swears wasn’t forced to participate in our forsaken podcast after midnight Oxford time.  Roy’s worked on Unbound, fpdns, DNSSEC, and Nominet’s Turing product.  We answer questions from Jacob Evans about mismatched SOA records and name server support for IPv6 anycast, and from long-suffering listener Evaggelos Balaskas about Response Policy Zones and why he sees different responses to queries for A records for google.com.  Along the way, Matt announces his new job, and while tracing the origin of Matt’s pet phrase, “There has been no time,” a discussion of the term “shirt-tail relatives” ensues, during which Cricket forgets the word “commutativity.”

We’re back again, scraping the bottom of the mailbag for questions.  Erik Radde helped us out with a question on the interaction of wildcards and the search list, and Lenny Tropiano tweeted a question at Mr. DNS about Dyn’s support for a feature that provides CNAME-like semantics at a zone apex.  Along the way there were detours into the three laws of thermodynamics and, more importantly as the AI revolution grows ever closer, the three laws of robotics.  

Well, we said we’d try to keep to a monthly schedule, and we arguably just made it!  This episode, number 44, features a special guest:  Andrew Sullivan, Matt’s colleague at Dyn and Chair of the Internet Architecture Board.  Now, if we’d planned ahead and let you know Andrew was going to be on the show, we could have let you know so that you could have submitted lots of thoughtful questions for him to answer, but by now you know not to expect that kind of forethought from us.  Instead, we asked him about stuff we’re interested in, including the IANA transition and ARCING, an IETF effort to identify alternative resolution contexts.  We also answer a question from Sheridan West about some suspicious-looking log messages from his name server and one from Jeff Helman about the right DNS configuration for handling multiple back-end web servers.

In this, our holiday episode, we’re joined by returning special guest, Duane Wessels, who discusses a recent event involving the root name servers and a lot of obviously spoofed traffic, as well as his ongoing work in the IETF around DNS privacy.  We reach into the mail bag and find a question from our friend, Rob Fleischman, musing about possible additional metadata that recursive servers could send to authoritative servers.  As it happens, Duane’s also working on a DNS protocol extension directly related to Rob’s question, which he tells us about.  Finally, we end with a brief and spoiler-free discussion about The Force Awakens.

In Episode 42, we discuss the meaning of life, the universe and everything with a very special guest, @dnsreactions, creator of the hit DNS Reactions Tumblr.  “DR”, as we call him or her (or it?), prefers to stay anonymous, so we have obscured his/her/its voice using the magic of technology.  Our long-suffering listeners submitted questions for DR, who was very accommodating.  Enjoy!

Welcome to our special Halloween episode!  Okay, not really, but we are recording in late October…  This time we answer a record-breaking three questions from the same listener, Grant Taylor, who single-handedly supplied the material for all our tangents in this show.  We remind everyone of the dangers of cache poisoning in a discussion about CNAMEs, we strain our memories back to the early days of DNSSEC to discuss SIG(0), and we explain and opine on EDNS Client Subnet, a recent and increasingly popular DNS protocol extension.  Considering the time of year, we also lapse into a discussion of candy, specifically peanut M&Ms.

In this 40th episode–a milestone!–Matt and Cricket answer long-suffering listener Grant Taylor’s question about sorting replies by type and wander into the Land of Happy Eyeballs, then explore an answer Joe Abley received from Mark Andrews of ISC.  Meanwhile, a discussion of the term G-job causes Matt to recount accidentally insulting a group of public servants, and both Matt and Cricket discuss their hope that the new AppleTV will lead to the end of their paying for streaming content they could have watched for free.

In this star-studded episode, Matt and Cricket take advantage of a meeting of the DNS Cabal–that is, the annual “Inside Baseball” event–to answer Donald Rudder’s question about whether synthesizing NXDOMAIN responses to avoid random subdomain attacks would work with NSEC3 as well as NSEC records.  This is followed by a wildly entertaining (by DNS standards, anyway) discussion of the future of DNS, new TLDs, communication in the event of attacks, and more. Guest-starring some of the brightest lights in DNS, including Kris Beevers, Brian Brady, David Dagon, Casey Deccio, Rob Fleischman, Olafur Gudmundsson, Shumon Huque, David “Tale” Lawrence, and Duane Wessels.

In this episode, long-time (and likely now sole) listener Yiorgos Adamopoulos asks about the the process of signing the root zone, which Mr. DNS has some experience with.  Matt also recaps some of the goings-on at the latest DNS-OARC meeting in Amsterdam, omitting that which must stay in Amsterdam, but revealing some lapses from his DNSSEC RFC-editing days.

Back after a long absence they try to avoid talking about, Cricket and Matt tackle some meat-and-potatoes questions: Why can’t one have a CNAME with other records at a domain name? Are registrars buying up expired domain names? How can one make a name server generate answers dynamically?  Listen as Matt embarrasses himself by forgetting the name of the Registry-Registrar Protocol (RRP), the predecessor to the Extensible Provisioning Protocol (EPP), used today between registrars and registries.  Cricket’s memory is working fine, though, as he dredges up a reference to lbnamed, a simple, Perl-based name server now remembered only by Google and DNS geeks.  And as usual, there are tangents: the episode winds up with an impromptu discussion of standing desks and how Matt is an effective but not-at-all-subtle choral conductor.

In this episode, Matt and Cricket respond to Tommi Nikkilä’s followup to his original question about the legality of multiple CNAME records in a DNS answer, and then react to (to claim they “answer” it is a reach) dedicated listener Yiorgos Adamopoulos’s question about registering domain names with underscores in them.  On the way, Matt describes his quest to set a personal record in his commute from his home in Bethesda to Dyn’s headquarters in Manchester, New Hampshire, and then (inadvertently?) disses Cricket’s manhood by suggesting that Real Men Drive with Standard Transmissions.  Finally, the guys bemoan their lack of questions, implying that this is somehow responsible for their sporadic production, when we know in fact it’s their own damn fault.

In this episode, Matt and Cricket wonder aloud whether they’ve lost their domestic audience, but then rally to answer questions from their remaining international listeners:  Evaggelos Balaskas’s question about SRV records, Joe’s questions about resolver and name server fallback to TCP, and Tommi Nikkilä’s question about multiple CNAME records attached to the same domain name.  And, oddly enough, they wrap up with a discussion of the joy of milk delivery.

In this episode, Matt and Cricket answer Harry Stein’s question about a DNSstuff search that turned up suspected cache poisoning, and Kirk Davis’s question about Google’s (somewhat crazy) recommendations on how to force the use their non-SSL-based services.

Here, at long last, is Episode 33, in which Matt announces a “Development with a capital D” (and a lowercase “yn”), and Matt and Cricket answer questions from Jason Weber about how to deal with web hosting and a hosted DNS zone; from Chuck Nelis about split DNS; from Michael Simoni about the (waning?) need for multiple zones; and from Matt Pounsett about the dangers of mixing recursion and authority on a single name server.

In this episode, Matt and Cricket answer questions (some posed on Twitter – please welcome Mr. DNS to the 21st Century) from ErrataRob about Verisign’s DNS infrastructure, from devoted listener Yiorgos Adamopoulos on the value of DNS certifications, and from Frederic Cambus about zone file access programs.  And you’ll hear some of Matt’s and Cricket’s thoughts on espresso if you stay till the bitter (ha!) end.

In this, their inaugural episode for 2013, Cricket and Matt answer a question from the mysterious “Joe” (if that is his real name) about the differences between BIND’s stub zone and conditional forwarding features, prompting some reminiscing about the good old days of BIND 8.  This episode is the third in which we tackle questions from apparent long-time listener Yiorgos Adamopoulos, who wonders about the various features of dig and if Mr. DNS still writes code.

In this latest episode of our evidently-now-quarterly podcast, Matt and Cricket answer Donald Rudder’s question about how common the A6 record is and its effect on DNSSEC.  Then they discuss the upcoming change of d.root-servers.net’s IPv4 address and the implications of that change.  And despite having only one question to answer, they manage to take up the usual 30 minutes!

In this episode, Matt and Cricket finally throw in the towel and give up on promising podcasts on any regular schedule.  But they do manage to clear Mr. DNS’s mailbag, answering questions from Ismael Lezcano about the availability of good programming APIs for working with DNS and why BIND doesn’t have a good mechanism for creating and deleting zones dynamically; and from William Brown  about how to induce major registrars to support DNSSEC.

In this (much delayed) episode, Matt and Cricket discuss the folly of trying to hew to a podcast-publishing schedule, and answer (or avoid) questions from Sevan Janiyan and Yiorgos Adamopoulos on what operating systems and software the root name servers run; from Kent Shuey on why a device that implements only part of the DNS specs seems to work okay on his network; and from Todd Larsen (apparently of Danish descent) on where he can go to meet like-minded souls discussing current issues with DNS and DNSSEC (God help him) and whether DANE’s TLSA record can coexist with a CNAME record.

In this episode, Matt and Cricket answer Alan Frabutt’s question about the existence of recursive name servers that don’t honor TTLs – the “yeti” of recursive name servers – and Joe Conlin’s question about the right way to deal with abuse of your name server, and try to assist Louis Sterchi in his quest to learn more about DNS, registries and registrars.  And this last leads them on a trip down the Internet’s memory lane, reminiscing about the old days of DNS, before registries and registrars, back when subdomains of com, net and org were free.

In this (recorded-just-before) Christmas episode, Matt and Cricket discuss the occupational hazards of church organists during the holidays, and then answer Ed Horley’s question about DNS64’s effect on DNSSEC, David Dunleap’s question about a special DNS setup that might be due to the use of load balancing, and Victor Tran’s question about whether he needs to sign all of his name server’s zones at once.  In the mean time, they reminisce over ancient and obscure methods of compressing and encoding files, and both react with dismay to the memory of driving in Cambridge, Massachusetts.

In this episode, Matt and Cricket attempt to answer all nine of Jorge Fábregas’s “couple of questions” in a lightning round.  Then they swap war stories about all the travel they’ve been doing and have yet to do (implicitly offering excuses for the long gap between episodes), and finally – and inevitably – discuss Neal Stephenson’s new book, REAMDE.

In this episode, Matt (having dodged Hurricane Irene) and Cricket (having recently returned from South America) grovel and scrape after a nearly-three-month hiatus, then answer questions from Jorge Fábregas about whether to allow ICMP to authoritative name servers; from Donnie Carvajal about how to resolve a private, internal domain name; and from Leo Vandewoestijne about mismatched NS RRsets.  Along the way, they learn a nice trick from Leo about how to convey proper pronunciation to fellow Mac owners, lament their inability to pronounce their own surnames correctly, and probably cause Olafur Gudmundsson to spit coffee all over his laptop.

In this star-studded episode, taped at Dyn Inc.‘s second annual “Inside Baseball” event, Matt and Cricket are joined by a “who’s who” of DNS luminaries.  They answer questions from Bob Harold (who previously received a tee shirt and does not want another) about whether CNAME records terminate a subtree of the namespace, from Warren Kumari about why a domain name that owns a CNAME record can’t own any other record types, from Wayne Ketterer about how to set up DNS so that a given domain name maps to one address internally and another externally, and from Canadian Todd about whether adding glue AAAA records is a good idea.  Then the collected luminaries throw a few “stump the chump”-style questions at Matt and Cricket – a little like shooting fish in a barrel. Tune in to see how well they fare. Note that the audio isn’t quite up to even our low standards, despite the best efforts of Matt and Tom Daly of Dyn to smuggle decent recording equipment across state lines, but it’s certainly listenable.

After a respite carefully timed to avoid the Ides of March, Matt and Cricket answer Brian Mazzocco’s question about the meaning of strange, possibly European symbols in zone data files; address John Shin’s question about how validating, recursive name servers handle aliases from signed zones to unsigned zones; and assess Gavin Brown’s suggestion for automatically bootstrapping DS records from a signed child zone into its parent.

In this mercifully digression-free episode – perhaps not coincidentally taped in-person in Cricket’s office in Santa Clara – Matt and Cricket answer Josh Baverstock’s umpteenth question, this one about storing certificates in DNS, as well as Dirck Copeland’s and Bob Harold’s related questions about bad delegations.  Josh, Dirck and Bob will each receive a handsome black Practice Safe DNS tee shirt courtesy the Public Interest Registry.  If we’ve got the right sizes, that is.

In this episode, Matt and Cricket answer Dana S’s question (submitted from Kurdistan!) about the wisdom (or folly) of implementing an OpenDNS-like system using multiple views, as well as Alex Wilkinson’s questions about what all those SRV records that Domain Controllers register are for and whether BIND name servers can serve them, and which tools they recommend for troubleshooting DNS problems.  Along the way, they plug several web-based troubleshooting tools, including VeriSign’s http://www.dnssec-debugger.com/, Casey Deccio’s http://www.dnsviz.net/ and Infoblox’s http://www.dnsadvisor.com/. But most importantly, they extend an offer of a free black tee shirt (and you can’t have enough of those!) to anyone submitting a question to Mr. DNS that’s answered on a forthcoming podcast!  And if that’s not enough, listeners can also hear Matt best Cricket’s knowledge of Bay Area trivia with an obscure fact about the Westin St. Francis.

In this episode, Matt and Cricket beseech their legion of listeners to submit more questions, then turn Jeremy Laidman’s question about conditionally forwarding a subzone into an exhaustive (and somewhat exhausting) discussion of the history of BIND and conditional forwarding, and how to use conditional forwarding to build robust name resolution architectures.  Then they address Jesus Cea’s question about how to goad his provider of secondary name service into supporting DNSSEC.  In the process, they digress into the influence of “Top Gear” on impressionable youth, somewhat impractical advice on how HP could improve route aggregation through strategic acquisitions, and a comparison of various syndicated advice columnists.

In this podcast, Matt and Cricket answer Leen Besselink’s question about the viability of Dan Kaminsky’s proposed use of a clever DNSCurve concept in DNSSEC, and Matt offers his high opinion of the Dutch people (surely risking retribution by his Swedish countrymen).  Then they turn to Josh Baverstock’s question about why the LOC record failed to catch on, despite its obvious utility to cruise missiles with stub resolvers.  Finally, in yet another of their “Why, back in my day…” sessions, they lament the loss of summer vacations that lasted through Labor Day.

In this episode, Matt and Cricket reveal the first R-rated movies they saw and the circumstances in which they saw them. Oh, and they answer Rob Szarka’s question about the maximum number of NS records a zone can contain and Matt’s unnamed colleague’s question about why we need intrazone NS records at all. Then Matt gives us an insider’s look at the Root Zone’s Key Ceremony.

In this episode, for the first time ever, Matt and Cricket are joined by a dozen DNS dignitaries to answer a question from Alejandro Acosta about when to plug trust anchors into his name servers’ configurations and begin validating, and Bob Lee’s question about which tools to use to check his zone data and his name server’s configuration.  Then they discuss DENIC’s recent Worst Day Ever after they published a truncated zone data file for .DE.  And Mr. DNS is amazed to learn how many dynamic zone hosting services are blocked from China. Mr. DNS sends special thanks to Dyn Inc. for their support of this Ask Mr. DNS episode.  Dyn provided the venue, the equipment and their famous New England hospitality.  Thanks also to all of the panelists for their good humor and participation.