Hedge 309: DNS Persist

As DNS is more widely used to distribute certificate information, proving ownership of a resource becomes more critical. The constant challenges required to prove resource ownership, however, increase delay in connecting or using a resource. DNS persists–as the name implies–creates a persistent connection between a resource and a certificate authority. Henry Birge-Lee, Michael Slaughter, and Shiloh Heurich join Russ and Tom to explain how this new record type works and it’s importance to DNS.
 

 
download

Worth Reading 061926


In this post, I discuss our recent work that models and analyses the resilience of authoritative DNS infrastructure that supports individual domain names on the Internet.

 


The RIPE NCC made its all-powerful single sign-on tokens available to over 1000 third parties. From a single link click, any logged-in RIPE NCC user would leak their session token.

 


Identifying active IPv6 addresses is a challenging task, but it’s also an important one. As researchers and network operators, it helps us understand the current deployment, identify weak spots that need strengthening, and detect vulnerable devices for disclosure.

 


The fundamental bubble barometer is that speculators buy an asset because they expect the price to keep rising, not because they want the income generated by the asset. Indeed, most speculators don’t plan on holding the asset long enough receive any income.

 


Recently, there has been a surge in progress in quantum computing that has shortened the hypothetical timeline on which quantum computers can ‘break’ traditional public-key cryptography that uses the RSA scheme.

Worth Reading 061026


When business volume and market capitalization cross a critical threshold, vertically integrating infrastructure ceases to be merely a cost-cutting financial tactic; it becomes an existential imperative for computational resilience and commercial survival.

 


It looks like industry mergers and acquisition activity is in high gear lately.

 


Building multi-agent systems right now feels painfully identical to the early, chaotic days of the micro services gold rush.

 


The standard is called DNS-AID (Domain Name System for AI Discovery). Its premise is that the internet already solved the problem of finding things at scale forty years ago with DNS — and that the same infrastructure should handle AI agents.

 


Mythos is real. I know a big chunk of the industry thinks it’s a marketing stunt, and I get why. I get it. But I’ve seen the findings, and they’re bad.

Worth Reading 060826


In a paper published late in 2025, Østergaard and colleagues reported on their examination of almost 40 psychiatric referrals across Denmark that implicated AI chatbots in harmful interactions, including suicidal thoughts, eating disorders, and fostering delusions

 


Since its deployment in 2011, the adoption of RPKI by Internet Service Providers has shown continuous growth, a trend that persists to this day. As this growth continues it is important to measure its effect on BGP stability.

 


AI companies, AI influencers and famous professors have been making extraordinary claims for years about AI.

 


A robotic system that can produce a rubbery pancake is a true technical and logistic achievement, but why all this work to automate the production of mediocrity?

 


The greatest risk we face today isn’t that AI is becoming “too smart”; it’s that we are beginning to treat this technology as an infallible “oracle” rather than a capable, yet fundamentally fallible, “intern.”

Best of the Hedge: Episode 15, Supporting Open Source

Many companies rely on open source, regardless of whether or not they realize it. In this best of the Hedge episode, Alistair Woodman joins Russ White and Tom Ammon to talk about not only why you should support the open source projects you use, but how you can.
 

@nbsp;
download
$nbsp;
Reposting a classic episode this week because I was out of town and didn’t get around to editing an episode.

Worth Reading 060526


A BBC journalist recently performed a silly experiment to prove a very serious point. In just 20 minutes, he manipulated ChatGPT and Google into telling the public he was a world-champion competitive hot dog eater.

 


Many (perhaps most) of the BGP route leaks reported on Cloudflare Radar (as with its predecessors) are what I term ‘ephemeral leaks‘, brief routing anomalies that exist only momentarily during convergence and have little to no operational impact.

 


In this episode of PING, APNIC Chief Scientist Geoff Huston and I discuss the Network Time Protocol (NTP). NTP is one of the oldest systems we rely on today.

 


The Gentlemen ransomware is a ransomware-as-a-service (RaaS) threat that is distinguished by its ability to pair its strong per-file encryption with an aggressive self-propagation capability designed to enable broad network compromise.

 


LLMs can help tame the complexity at the root of many of today’s software security challenges.