Welcome to the DNS Institute

Thank you for following the Linkedin link and giving us the opportunity to introduce our services.

For over a decade, we have ran automated DNS research with focus on DNSSEC and DNS anomalies. This has been enhanced to identify over 90 conditions based on IETF/RFC standards and best practices, registry policies, US government mandates and requirements, and popular software specifications. This includes tests for IPv6, TCP, EDNS, DNSSEC, lame delegations, plus many other tests in development. The test results include annotated explanations and bibliographic citations.

This audit suite has identified problems with TLDs and leading name service providers and thousands of minor to critical issues from thousands of domains owned by Fortune 500 companies, S&P 100 Global Banks, US government entities, and universities. (Examples of critical issues actually found and reported include: DNSSEC signatures not getting re-signed until expiration time; nameserver delegation addresses that fail to resolve due to DNSSEC signatures missing corresponding DNSKEYs; MX/NS/SRV targets pointing to domains available for reuse by third-parties; NS delegations using non-routable addresses; multiple delegated nameservers timing out or returning REFUSED or SERVFAIL at the same time; and many many others. As far as we know, we have the most exhaustive DNS suite available and it continues to be improved.)

We have identified and published novel approaches in finding possible DNS highjacking vector points for hundreds of domains. We have found DNS-based security vulnerabilities for General Motors, Walmart, L'Oreal, Fandango, SEB Bank, Kaspersky, and several other companies.

Please have a look at our research and learn more about our DNS analysis. Upcoming research will include more SERVFAIL examples and explanations, five types of DNS delegation loops, further Dangling DNS results, and updated DNSSEC and IPv6 coverage reports.

Please connect with us. Follow us on Twitter and Facebook. Please let others know about our services, research, and educational opportunities. Please share.

Please let us work with you. Contact us for free evaluations or to hire us for DNS system audits and ongoing DNS monitoring.

The consulting researcher has over 20 years of professional DNS experience. Starting as a ISP/Unix system admin running BIND, his experiences have included: taught over 30 courses covering DNS system administration using BIND under Unix, including multiple full week courses in advanced DNS and DNSSEC; lectures and presentations introducing DNSSEC; edited and co-authored two DNS book editions; published three DNS books; edited DNS administration chapters for a popular sysadmin book; managed and edited a DNSSEC ebook; provided high-end support and software vendor (tier 4) DNS support for some of the world's largest ISPs and Fortune 500 companies; participated in development and design work for popular DNS server, clients, and tools; participated in development and design work for new DNS implementation; developed and managed multi-vendor and multi-platform DNS build farm and performance suite; provided feedback and edits for various IETF drafts; provided numerous DNS reports and DNS fixes to many government entities, Fortune 500 companies, universities, and banks. He has extensive DNS research experience.