12-13 May 2013
Increasing DS queries for JP DNS servers and a proposal for its countermeasures

12 May 2013, 10:20
Mr Kazunori Fujiwara (Japan Registry Services Co., Ltd)


JPRS observed that DS queries for JP registered domain names have been increasing and 3.5% of queries are qtype DS now. This report presents current status of JP queries, the reason of increasing DS queries, possible situations in the future and some idea of countermeasures for this phenomena. The reason of increasing DS queries is the following. An unsigned domain name does not have a DS RR in its TLD zone. NCACHE TTL is smaller than normal RR TTL in many TLDs. DNSSEC validators need to know DS RR existence for each query name. As a result, each DNSSEC validator may send DS queries for TLD DNS servers one zone cut per NCACHE TTL seconds.

