Jeff Westhead

At Microsoft, Jeff worked on DNS in both Windows and Azure. With his 28 years of experience in network engineering, he is an expert on DNS and DNSSEC. Jeff now works as a technical writer for NsLookup.

Jeff Westhead

Work on DNS at Microsoft

From 2015 to 2021 Jeff worked on Azure DNS. He designed and implemented many core features in Azure DNS. He was part of the initial Redmond team created to deliver this long-overdue feature to Azure customers. Jeff increased the original implementation's DNS query throughput by over 100x, and later helped integrate these performance improvements into Azure Traffic Manager to increase throughput by over 10x.

Jeff was a key contributor in DNS DDoS response and mitigation for Microsoft. As part of the response to Mirai, he collaborated with an external DDoS hardware vendor and helped architect a global DNS DDoS system for Azure DNS. He designed and implemented the control plane for this system.

He also designed an Azure cloud-based DNS query test platform capable of generating millions of queries per second and leveraged this to provide DNS stress and fuzz testing for many DNS services at Microsoft.

Jeff was the primary DNS subject-matter expert at Microsoft for two decades. He provided DNS reviews, advice, and expertise to O365, Bing, MSIT, Hotmail, and teams across Azure. He was the Azure DNS protocols team lead in 2018-2019.

He was deeply involved in numerous DNS vulnerability incidents with collegues in MSRC (Microsoft Security Response Center). He was continually involved in DevOps for the Azure DNS platform as a whole. In 2020, he authored the roadmap and full end-to-end architecture for DNSSEC in Azure DNS, and began implementation in 2021.

Prior to Azure, Jeff worked on the Windows DNS Server including three patents and architecture, design, and implementation of DNSSEC. He also worked on Windows Networking components including EAP, Connection Manager, and Windows Phone.

DNS patents

Jeff holds four US patent, which he co-authored during his time at Microsoft.

  • US 7567582 — Branch Office DNS Storage and Resolution
  • WO2007100426A1 — Global Names Zone
  • US 8681995 — Supporting DNS Security in a Multimaster Environment
  • EP2077028A4 — Name challenge enabled zones

Education

Jeff completed his Bachelor of Applied Science in Computer Engineering at the University of Waterloo (Canada) in 1993.