Search | Running | Sailfish OS | All Posts | About Me

RIPE 92 in Edinburgh

May 25, 2026 — Nico Cartron

Context

The last RIPE meeting I attended was RIPE 89 in Prague, in October 2024.
Back then I was still at F5, but now with a new job (still in DNS), it was time to attend a new one!

This time in Edinburgh, and even though we had some rain, we also had some lovely weather, as you can see:

DNS Session

I attended the DNS Working Group on Thursday, with the following talks:

  • "DNS, Transitive Trust and How Many is Many", by Ondřej Surý (ISC).
    A very interesting talk about the insane number of DNS queries it takes for some CNAME chains, with e.g. 247 queries to resolve teams.microsoft.com (that's on a cold cache).
    I'm not making it up, judge by yourself:

  • "Black Holes and Prisoners: Understanding AS112 Deployment Characteristics", by Elizabeth Boswell (University of Glasgow).
    Takeaway: AS112, which is a run by volunteers (hello, Hivane Network!), performs as well or even better than regularly-ran Root deployments!
  • "DNS TAPIR POP – Managing Multiple RPZ Inputs", by Lars-Johan Liman (Netnod)
    TAPIR is an open source project, whose goal is to allow sharing knowledge about DNS threats between DNS operators. I wasn't aware of this project, and like the idea, even though having folks participating might require work.
  • "Overdoing NSEC3 Hurts" by Petr Špaček (ISC).
    As usual, Petr delivers a very nice and fun talk (even with a broken voice!) and breaks some common misconceptions about NSEC3.
    Spoiler alert: do NOT use NSEC3.
    I liked the opening slides, with "what people think NSEC3 does" (with a picture of Edinburgh Castle) vs. "what it actually does" - meaning, in the end, a false sense of security.
    The takeaway for me are:
    • NSEC3 is costly in terms of performances
    • Use NSEC instead!

Catching up with old friends

As usual, a RIPE Meeting also means bumping into many people you haven't seen in a while.
I was especially happy to have a few beers with Pieter (from PowerDNS), or catch up with Denesh (previously UKNOF/DNS-OARC), Cathy, Petr and Greg (ISC), or Benno (NLnet Labs).

Running

While Edinburgh is not in the mountains, it's still more hilly than where I live, so I took advantage of it to get some elevation.

On Day 2, I even ran with Lucas (a Swiss fella) up to Arthur's seat:

RIPE Dinner

The RIPE Dinner social happened at "Dynamic Earth", which was literally a few meters away from where Lucas and I ran in the morning, up to "Arthur's Seat in Holyrood Park.

Also, we were at a full French-speaking table, with folks from Hivane, Infomaniak, OVH, Wifirst, France-IX, AFNIC, OpsMill and Nimag Networks.

Conclusion

I usually stay only 2 days at RIPE, and this one was very good and busy!

Tags: DNS

I don't have any commenting system, but email me (nicolas at ncartron dot org) your comments!
If you like my work, you can buy me a coffee!