Research at supports research through participation in standardization, academic research, and providing datasets to researchers in academia and industry.



We participate in the IETF standardization process and have contributed to a number of DNS-related RFCs.

Selected RFCs:

  • RFC9276: W. Hardaker, V. Dukhovni. August 2022. Guidance for NSEC3 Parameter Settings.
  • RFC9199: G. Moura, W. Hardaker, J. Heidemann, M. Davids. March 2022. Considerations for Large Authoritative DNS Server Operators.
  • RFC8914: W. Kumari, E. Hunt, R. Arends, W. Hardaker and D. Lawrence 2020. Extended DNS Errors.
  • RFC7858: Z. Hu, L. Zhu, J. Heidemann, A. Mankin, D. Wessels and P. Hoffman 2016. Specification for DNS over Transport Layer Security (TLS).

Academic Research

Many questions around providing DNS and operating critical infrastructure lead to interesting academic questions. When appropriate, we work with students and researchers at USC and elsewhere and publish the results to share with the world.

Selected Research Projects

  • DIINER supports new new research in Internet naming and trust. Our goal is to support research and ease transition from research to operational deployment, while preserving stability. We support an accessible DNS Root testbed for use by researchers and hold annual “DINR” research workshops.
  • LocalRoot allows you to serve a cached copy of the DNS Root Zone from your recursive resolver, similar to RFC8806.
  • CLASSNET will develop a framework for collaborative, community-driven enrichment and labeling of data, enabling use of our datasets for machine learning in networking and security.
  • DDIDD (concluded) will apply existing and develop new defenses against Distributed-Denial-of-Service attacks for operational DNS infrastructure, and make these tools available as open source.

Selected publications

  • A S M Rizvi, Jelena Mirkovic, John Heidemann, Wes Hardaker, and Robert Story 2023. Defending Root DNS Servers Against DDoS Using Layered Defenses. Proceedings of the IEEE International Conference on Communications Systems and Netorwks (COMSNETS) (Bengaluru, India, Jan. 2023).
  • Tarang Saluja, Johnh Heidemann and Yuri Pradkin 2022. Differences in Monitoring the DNS Root Over IPv4 and IPv6. Proceedings of the National Symposium for NSF REU Research in Data Science, Systems, and Security (Portland, OR, USA, Dec. 2022), 194–203.
  • Liang Zhu, Zi Hu, John Heidemann, Duane Wessels, Allison Mankin and Nikita Somaiya 2015. Connection-Oriented DNS to Improve Privacy and Security. Proceedings of the 36th IEEE Symposium on Security and Privacy (San Jose, Californa, USA, May 2015), 171–186.
  • Moritz Müller, Matthew Thomas, Duane Wessels, Wes Hardaker, Taejoong Chung, Willem Toorop, Roland Rijswijk-Deij. Roll, roll, roll your root: A comprehensive analysis of the first ever DNSSEC root KSK rollover. Proceedings of the internet measurement conference, IMC 2019, 1–14.