OARC Fall 2013 Workshop (Phoenix)

America/Phoenix
Komatke E/F (Wild Horse Pass Resort)

Komatke E/F

Wild Horse Pass Resort

www.wildhorsepassresort.com 5594 W. Wild Horse Pass Boulevard Chandler, Arizona 85226 USA
Keith Mitchell (DNS-OARC)
Description
DNS-OARC is pleased to announce that its 2013 Fall Workshop and Member AGM will take place in Phoenix, Arizona, USA on the 5th and 6th October, and is sponsored by:

Gold Sponsor

 


ARIN

Silver Sponsor

 


CIRA

This will be held in co-operation with the subsequent NANOG59 meeting, and we are grateful to and ICANN for their support of our workshop.

OARC Workshop meetings are open to OARC members, presenters, and to all other parties interested in DNS operations and research, subject to available space. NANOG and ARIN attendees are particularly welcome this time around.

We are seeking sponsors for this meeting and potential social events - if your organization is interested in sponsorship, please see our Sponsor Benefits or e-mail sponsor@dns-oarc.net for more information.

Meeting registration is free, with priority given to OARC Members, Speakers and Sponsors in the event of limited space.

Participants
  • Aaron Hughes
  • Amanda Constant
  • Anand Buddhdev
  • Andree Toonk
  • Andrew Simpson
  • Andrew Sullivan
  • Anthony Williams
  • Antoin Verschuren
  • Aziz Mohaisen
  • Benjamin Bowen
  • Brian Conry
  • Brian Dickson
  • Brian King
  • Bruce Van Nice
  • Chae Chung
  • Chip Marshall
  • Chris Cowherd
  • Chris Griffiths
  • Christian Petrasch
  • Christopher Ferraro
  • Colin Petrie
  • Danillo Antonio Roncoleta
  • Dave Knight
  • David Conrad
  • Don Blumenthal
  • Drake Pallister
  • Duane Wessels
  • Ed Lewis
  • Eddy Winstead
  • Eduardo Mercader
  • Eric Brunner-Williams
  • Eric Ziegast
  • Eytan Urbas
  • Fearghas McKay
  • Florian Maury
  • Geoff Huston
  • Gerard White
  • Gino Doucet
  • Gregory Patrick
  • Isaiah Connell
  • Jacques Latour
  • Jason Hughes
  • Jeff Schmidt
  • Jim Reid
  • Joe Abley
  • John Crain
  • John Haytas
  • Jonathan Spring
  • Kazunori Fujiwara
  • Keith Mitchell
  • Lei Long
  • Leif Sawyer
  • Liam Hynes
  • Manuel Mejia
  • Marcelo Gardini
  • Marco Diaz
  • Mark Kosters
  • Matthew Pounsett
  • Mehmet Akcin
  • Merike Kaeo
  • Michael Sinatra
  • Ondrej Filip
  • Ondrej Sury
  • Paul Ebersman
  • Peter Koch
  • Peter Losher
  • R.P. (Adi) Aditya
  • Ralf Weber
  • Ray Bellis
  • Rock Chantigny
  • Roy Hooper
  • Sam Bretheim
  • Samuel Weiler
  • Stephan Lagerholm
  • Stéphane Bortzmeyer
  • Tonny Yu
  • Warren Kumari
  • Wayne MacLaurin
  • William Sotomayor
  • Saturday, 5 October
    • OARC AGM and Member-only Session Komatke E/F

      Komatke E/F

      Wild Horse Pass Resort

      www.wildhorsepassresort.com 5594 W. Wild Horse Pass Boulevard Chandler, Arizona 85226 USA

      https://www.dns-oarc.net/files/workshop-201310/agm-agenda.html

      Convener: Mr Keith Mitchell (DNS-OARC)
      Agenda
      • 1
        OARC President's Report Komatke E/F

        Komatke E/F

        Wild Horse Pass Resort

        www.wildhorsepassresort.com 5594 W. Wild Horse Pass Boulevard Chandler, Arizona 85226 USA
        Progress update on the OARC Development Plan.
        Speaker: Mr Keith Mitchell (DNS-OARC)
        Slides
      • 2
        Treasurer's Report Komatke E/F

        Komatke E/F

        Wild Horse Pass Resort

        www.wildhorsepassresort.com 5594 W. Wild Horse Pass Boulevard Chandler, Arizona 85226 USA
      • 11:10
        Morning Coffee Break Komatke Foyer (Wild Horse Pass Resort)

        Komatke Foyer

        Wild Horse Pass Resort

        www.wildhorsepassresort.com 5594 W. Wild Horse Pass Boulevard Chandler, Arizona 85226 USA
      • 3
        Chairman's Report Komatke E/F

        Komatke E/F

        Wild Horse Pass Resort

        www.wildhorsepassresort.com 5594 W. Wild Horse Pass Boulevard Chandler, Arizona 85226 USA
        Speaker: Ondrej Filip (NIC.CZ)
      • 4
        Member Resolutions Komatke E/F

        Komatke E/F

        Wild Horse Pass Resort

        www.wildhorsepassresort.com 5594 W. Wild Horse Pass Boulevard Chandler, Arizona 85226 USA
      • 5
        Board Elections Komatke E/F

        Komatke E/F

        Wild Horse Pass Resort

        www.wildhorsepassresort.com 5594 W. Wild Horse Pass Boulevard Chandler, Arizona 85226 USA
    • 09:30
      Registration Komatke Foyer

      Komatke Foyer

      Wild Horse Pass Resort

      www.wildhorsepassresort.com 5594 W. Wild Horse Pass Boulevard Chandler, Arizona 85226 USA
    • 12:30
      Lunch Komatke Foyer/Patio

      Komatke Foyer/Patio

      Wild Horse Pass Resort

      www.wildhorsepassresort.com 5594 W. Wild Horse Pass Boulevard Chandler, Arizona 85226 USA
    • 6
      PGP Signing Session Komatke G

      Komatke G

      Wild Horse Pass Resort

      www.wildhorsepassresort.com 5594 W. Wild Horse Pass Boulevard Chandler, Arizona 85226 USA
      Speaker: Peter Losher (ISC)
    • High Risk Strings Collisions Komatke E/F

      Komatke E/F

      Wild Horse Pass Resort

      www.wildhorsepassresort.com 5594 W. Wild Horse Pass Boulevard Chandler, Arizona 85226 USA
      • 7
        DITL crunching for ICANN's gTLD collision study
        The DITL data sets for 2012 and 2013 were analysed this summer to get quantitative data on how often queries for new gTLDs appeared at the root servers. Processing this data in the time available presented a number of challenges. Here's an overview of what was done, how it was done and the initial findings. Some of these identify potential subjects for further study and these are explained too.
        Speaker: Jim Reid (RTFM LLP)
        Slides
      • 8
        Abusing Resources to Process 7.5TB of PCAP Data
        The publication of the Interisle report on "Name Collisions in the DNS" created significant challenges for anybody wishing to respond to the study itself or to analysis possible mitigation strategies. A donation of additional hardware was made to facilitate the analysis of the data used in the Interisle report by DNS-OARC members. Extracting and analyzing the data from DITL data sets is an involved exercise and is a major bottleneck in any study. The newly donated hardware made it possible to pre-process the 2012 and 2013 datasets. This, in turn, allowed for multiple studies and repeated analysis by the contributing teams in a much more efficient manner.
        Speaker: Roy Hooper (Demand Media)
        Slides
      • 9
        Regional Affinity for Applied for gTLD Strings
        Using new generic Top Level Domains (gTLDs) to add semantics to the DNS root is a semantic enhancement to the Internet's oldest namespace. However, it is because DNS is such a trusted resource that prudence is warranted in any major change. To this end, we have conducted a preliminary study of potential implications of the introduction of new gTLDs. This presentation will focus on specific patterns in the A+J root DNS queries that highlight certain regional affinities for specific gTLDs that have applied for delegation. Studying these regional affinities has given us insights into possible systemic dependencies that may be prompting namespace collisions for applied-for gTLD strings. This presentation will take an in-depth look at a set of data that Verisign collected and analyzed from the root for the applied-for strings. We will use this data as a basis for explaining a methodology, used in the paper "New gTLD Security, Stability, Resiliency Update: Exploratory Consumer Impact Analysis", for determining that any one of the applied for strings is more likely to be relevant in a particular region.
        Speaker: Andrew Simpson (Verisign)
        Slides
      • 10
        A possible methodology for evaluating new TLD delegations for risk
        In the current round of expansion of the root zone, a number of applications appear to conflict with private name spaces that are actually in use on the Internet. This talk presents an overview of a procedure that allows evaluation of when it is "safe" to delegate a name, given that risk of conflict. The procedure begins with the assumption that the Interisle report to ICANN ("Name Collision in the DNS") reveals roughly three categories of potential conflicts: those of no substantial risk, those of considerable risk, and those of extreme risk. Using that assumption, the procedure offers a way to measure the point at which candidate labels can move to the category of "no substantial risk". For a given candidate label, the procedure requires delegation of the candidate to specially-instrumented name servers that will respond only to queries consistent with the procedure. Advertisements are to be placed on the Internet that include a URI with a host part inside the candidate namespace. As a control, another URI with a host part inside a normally-delegated namespace is also included in the advertisement. By comparing the frequency of queries inside the candidate namespace to the frequency of queries inside the normal delegation, it is possible to determine whether queries inside the candidate namespace has reached the level of noise. At that point, the candidate label can move to the category of "no substantial risk".
        Speaker: Andrew Sullivan (Dyn)
        Slides
    • 15:30
      Afternoon coffee break Komatke Foyer

      Komatke Foyer

      Wild Horse Pass Resort

      www.wildhorsepassresort.com 5594 W. Wild Horse Pass Boulevard Chandler, Arizona 85226 USA
    • 11
      DNSViz - Monitoring, Analysis, and Visualization Komatke E/F

      Komatke E/F

      Wild Horse Pass Resort

      www.wildhorsepassresort.com 5594 W. Wild Horse Pass Boulevard Chandler, Arizona 85226 USA
      DNSViz was developed for the purpose of analyzing, reporting, monitoring, and visualizing DNS zones, particularly for DNSSEC. It has primarily been used for analysis and troubleshooting of DNSSEC deployment. Although it is several years old, it is still undergoing changes to incorporate additional enhancements in the way of functionality, stability, and historical archival. We describe the current state of the DNSViz platform and architecture and community involvement in its future.
      Speaker: Dr Casey Deccio (Sandia National Laboratories)
      Slides
    • 12
      DNS workbench update Komatke E/F

      Komatke E/F

      Wild Horse Pass Resort

      www.wildhorsepassresort.com 5594 W. Wild Horse Pass Boulevard Chandler, Arizona 85226 USA
      SIDNLabs has a DNS workbench (http://workbench.sidnlabs.nl/) open to the world to test DNS cornercases or bugs on a variety of nameserver software. This talk will give an update on new features, software and results of the DNS workbench, and invites other DNS experts to supply us with feedback on features they would like to be able to test on the SIDNLabs DNS workbench.
      Speaker: Mr Antoin Verschuren (SIDN)
      Slides
    • 13
      Introducing Hedgehog Komatke E/F

      Komatke E/F

      Wild Horse Pass Resort

      www.wildhorsepassresort.com 5594 W. Wild Horse Pass Boulevard Chandler, Arizona 85226 USA
      Hedgehog is a replacement for DSC, developed for ICANN by Sinodun Internet Technologies Ltd. It's development was motivated by a need to match the growing deployment of the L root nameserver. ICANN intends to release Hedgehog under a free software license.
      Speaker: Mr Dave Knight (ICANN)
      Slides
  • Sunday, 6 October
    • 14
      OARC Systems Update Komatke E/F

      Komatke E/F

      Wild Horse Pass Resort

      www.wildhorsepassresort.com 5594 W. Wild Horse Pass Boulevard Chandler, Arizona 85226 USA
      As part of the OARC Development Plan, Q2 and Q3 of 2013 have seen significant rationalization, upgrade and development of OARC's Systems and Services. This presentation in conjunction with the OARC Infrastructure Plan details the changes and improvements made to date and planned for the future.
      Speaker: Mr William Sotomayor (DNS-OARC)
      Slides
    • 15
      Analysis of DITL root data and comparison with jp data Komatke E/F

      Komatke E/F

      Wild Horse Pass Resort

      www.wildhorsepassresort.com 5594 W. Wild Horse Pass Boulevard Chandler, Arizona 85226 USA
      The number and characteristics of full resolvers are presumed in analyzing DITL data and JP packet capture data. This report presents number of IP addresses which send root DNSKEY queries, EDNS0 queries, DO queries, non-existing name queries, JP queries, updates, and others. Then, it compares root data and JP data.
      Speaker: Mr Kazunori Fujiwara (Japan Registry Services Co., Ltd)
      Slides
    • 10:20
      Morning coffee break Komatke E/F

      Komatke E/F

      Wild Horse Pass Resort

      www.wildhorsepassresort.com 5594 W. Wild Horse Pass Boulevard Chandler, Arizona 85226 USA
    • 16
      An Open Resolver view of the New York Times Very Bad Day Komatke E/F

      Komatke E/F

      Wild Horse Pass Resort

      www.wildhorsepassresort.com 5594 W. Wild Horse Pass Boulevard Chandler, Arizona 85226 USA
      The New York Times suffered a high-profile attack to its domain name via a compromised DNS registrar. Within 6 hours of the attack we initiated an "open resolver scan" of the IPv4 Internet, asking for the address nytimes.com. The results highlight the difficulties faced by organizations trying to purge incorrect data from DNS caches around the Internet.
      Speaker: Duane Wessels (Verisign)
      Slides
    • 17
      Blocking DNS Messages is Dangerous Komatke E/F

      Komatke E/F

      Wild Horse Pass Resort

      www.wildhorsepassresort.com 5594 W. Wild Horse Pass Boulevard Chandler, Arizona 85226 USA
      Internet entities are regularly affected by Distributed Denial of Service (DDoS) on various scales. Several methods can be leveraged to perform such attacks, but the most recent incidents were caused by throughput amplification via DNS servers. Improving the overall security of the French segment of the Internet is one of the missions of ANSSI (the French Network and Information Security Agency), which has led us to perform an analysis of the various DDoS mitigation techniques available to DNS operators. This research work shows that some of the most popular anti-DDoS strategies, currently deployed by prominent actors of the DNS community, could, under certain circumstances, make DNS cache poisoning attacks much easier, most often resulting in successful attacks taking less than a day.
      Speaker: Mr Florian Maury (ANSSI/FNISA)
      Slides
    • 18
      Herzberg/Shulman IP Fragmentation Attack Komatke E/F

      Komatke E/F

      Wild Horse Pass Resort

      www.wildhorsepassresort.com 5594 W. Wild Horse Pass Boulevard Chandler, Arizona 85226 USA
      Amir Herzberg & Haya Shulman has presented a new DNS vulnerability based on IP fragmentation. This presentation will dive into the practical aspects of implementing working PoC as done by CZ.NIC Labs and other parties.
      Speaker: Mr Ondrej Sury (CZ.NIC)
      Slides
    • 12:15
      Lunch Komatke E/F

      Komatke E/F

      Wild Horse Pass Resort

      www.wildhorsepassresort.com 5594 W. Wild Horse Pass Boulevard Chandler, Arizona 85226 USA

      On your own

    • 19
      A Question of DNS Protocols Komatke E/F

      Komatke E/F

      Wild Horse Pass Resort

      www.wildhorsepassresort.com 5594 W. Wild Horse Pass Boulevard Chandler, Arizona 85226 USA
      There has been some recent interest in the use of TCP for DNS queries as a means of mitigating some of the issues with DNS reflection attacks. However, it is not clear how many clients use DNS resolvers that are capable of asking queries using TCP. This presentation reports on a large scale exercise of presenting clients with DNS names whose resolution generated a truncated UDP response from the authoritative name server, and measuring the number of clients who were capable of performing the query using TCP. The presentation also looks at the performance issues this raises in terms of time to resolve a name, as measured in this experiment.
      Speaker: Mr Geoff Huston (APNIC)
      Slides
    • 20
      Needles in a Quadrillion-Straw Haystack Komatke E/F

      Komatke E/F

      Wild Horse Pass Resort

      www.wildhorsepassresort.com 5594 W. Wild Horse Pass Boulevard Chandler, Arizona 85226 USA
      We describe the construction of Nominum's system for large-scale analysis of DNS security data, some of the challenges involved in building that system, and some interesting things that we've found in the data. Particular points of interest include malware command-and-control detection and classification, detection of vulnerabilities and bugs in widespread DNS implementations, and a mysterious global pattern of unusual machine-generated queries.
      Speaker: Sam Bretheim (Nominum)
      Slides
    • 14:40
      Afternoon coffee break Komatke Foyer

      Komatke Foyer

      Wild Horse Pass Resort

    • 21
      DNS: Useful tool or just a hammer? Komatke E/F

      Komatke E/F

      Wild Horse Pass Resort

      www.wildhorsepassresort.com 5594 W. Wild Horse Pass Boulevard Chandler, Arizona 85226 USA
      The DNS has become a piece of the critical infrastructure of the internet; without it most users would be unable to do anything. However, both the scale of use and how it's being used (and abused) were not things imagined when the DNS was originally designed. This tutorial will go over various threats to your servers, how to mitigate these threats, information on how the DNS is being abused in DDOS attacks and how you can help to not be part of the problem.
      Speaker: Paul Ebersman (Infoblox)
      Slides