Dr Arnoldo Muller-Molina (simMachines)
The day in the life (DITL) data-set is collected to study and improve the integrity of the root server system. Among the different properties recorded in the data-set, we focus on second level domain (SLD) strings. In this study, we introduce a method that automatically infers regular expressions from over-represented SLD strings. At first, we identify random strings and remove them from the...
Mr Keith Mitchell (DNS-OARC)
Mr Stéphane Bortzmeyer (AFNIC)
At the IETF 88 meeting in Vancouver, the first one which took into account the Snowden revelations, there was a lot of enthusiasm on action to improve the privacy on the Internet http://www.ietf.org/blog/2013/11/strengthening-the-internet/. This was summarized in a press release http://www.ietf.org/media/2013-11-07-internet-privacy-and-security.html claiming that "all of the working groups...
Mr John Heidemann (USC/Information Sciences Institute)
This talk will discuss _connection-oriented DNS_ to improve DNS security and privacy. DNS is the canonical example of a connectionless, single packet, request/response protocol, with UDP as its dominant transport. Yet DNS today is challenged by eavesdropping that compromises privacy, source-address spoofing that results in denial-of-service (DoS) attacks on the server and third parties,...
Bruce van Nice (Nominum)
The presentation will cover findings from a Terabyte of anonymized DNS data collected every day from around the world. We’ll present data and analysis techniques and discuss how we’re automating the cycle of identifying and validating behaviors such as the ones described below to zero in quickly on zero days and minimize their damage. - Appearances of new “purpose built” domains registered...
Mr Nat Morris (Esgob Ltd)
Over 6 months I built out a distributed DNS service around the world consisting of 11 nodes, whilst at the same time trying to keep it under the radar of the wife - costing less than $1000/yr. I'll talk about how I built it, what tools I used (RethinkDB, Beanstalkd, CollectD, Python etc), the problems I faced, details I learnt about how other "budget" anycast services are built and the fun...
David Cates (Microsoft)
DNS Server in Windows has been enhanced significantly through recent releases of Windows Server. One of the main areas of capability augmentation of Windows DNS has been in the area of DNSSEC. This session will mainly focus on acclimatizing the user with DNSSEC capabilities in Windows DNS Server. It will demonstrate how to setup DNSSEC in Windows DNS server, online zone signing support and...
Dr Casey Deccio (Verisign Labs)
Analyzing a DNS deployment is a complex challenge. There are several roles of DNS service, of which a single server may play multiple. Additionally, there are various vantage points from which an address might be queried, and each might result in a different response, or none at all. Finally, there are multiple query options and diverse ways handling the responses that result. There are...
Mr Willem Toorop (NLnet Labs)
Verisign and NLnet Labs have recently announced the first beta release (0.1.0) of an open source implementation of the getdns API specification. The project's home page is at http://getdnsapi.net. getdns is a modern asynchronous DNS API. It implements DNS entry points from a design developed and vetted by application developers, in the specification at http://www.vpnc.org/getdns-api/...
Robert Edmonds (Farsight Security, Inc.)
dnstap is a flexible, structured binary log format for DNS software. This presentation will introduce the core concepts and data model and summarize recent progress in implementing dnstap support in existing DNS software. dnstap's motivating use case is to enable an advanced form of forgery resistant passive DNS replication that can perform bailiwick verification of data received from DNS...
Mr Sebastian Castro (.nz Registry Services)
On this presentation we explore the journey NZRS took to deploy and use a Big Data cluster using Hadoop. From assembling servers, to racking, deploying software, developing UDFs and running jobs on the cluster, we go over the many alternatives of Hadoop for data analysis, and how it can be used for DNS analysis in particular.
Mr Joseph Abley (Dyn, Inc.)
Increasing numbers of Internet-connected fridges and grandparents, together with cloud-based service delivery hysteria, are pushing availability requirements for web-accessible services through the roof. Subscribers are less interested in the reasons for failure, and are largely disinclined to try and call anybody for help (who would they call?) Service unavailability leads to lost...
Mr Qi Zhao (CNNIC)
I will introduce DNSSEC deployment in .CN in my talk, it mainly include the preparations, deployment, monitoring and observations. In the end, I will analyze a small DDoS attack occurred in .CN recently, and point out the challenges which .CN will be faced in the future.
Matthijs Mekking (NLnet Labs)
A DNSSEC audit is the process of structural examination of a DNSSEC infrastructure. DNSSEC adoption is increasing and becomes more and more a system we rely on. As the protocol becomes more critical, the level of assurance of the system and its evaluation also becomes more important. NLnet Labs in collaboration with SWITCH created a framework that assists auditors in performing a DNSSEC...
Mr Sebastian Castro (.nz Registry Services)
Mr Keith Mitchell (DNS-OARC)
Mr Christopher Baker (Dyn)
Along side all of the new TLDs which have come into being, there is a dark horse: .bit. .bit isn't one of ICANN's most recently blessed TLDs, such as .guru, .democrat or .sexy, it is the top level domain which is served by the Namecoin infrastructure. The Namecoin platform seeks to provide an alternative (read as non-ICANN regulated TLD) decentralized domain name system built on a modified...
Matthew Thomas (Verisign)
In this paper we focus on detecting and clustering distinct groupings of domain names that are queried by numerous sets of infected machines. We propose to analyze domain name system (DNS) traffic, such as Non-Existent Domain (NXDomain) queries, at several premier Top Level Domain (TLD) authoritative name servers to identify strongly connected cliques of malware related domains. We...
Mr Joao Damas (Dyn Inc) , Mr Knight Dave (Dyn Inc)
Operational flexibility and deployment are increasingly managed through VMs or similar environments. In the past it has been reported that certain VM environments have a very negative impact in DNS server performance. Here, we present the results of QPS performance of several current authoritative DNS servers running in traditional and contained or virtualised environments to evaluate their...
Mr Matt Pounsett
Mr Mehmet Akcin (Microsoft)
Mr Jim Martin, Mr Lars-Johan Liman
Mr Kazunori Fujiwara (Japan Registry Services Co., Ltd)
The past analysis reported numbers of queries sent from each address to root DNS servers. There are 30,000 IP addresses which send over 100,000 queries in 48 hours. 100,000 queries per 48 hours seem to be too much. However, a full-resolver managed appropriately sent 110,000 queries in 48 hours at 2012 DITL timing. It served 180 queries per second from thousands of clients. The author...
Duane Wessels (Verisign)
While open resolvers provide various benefits by answering DNS requests from external sources for anything, today they pose a significant threat to the stability and security of the Internet. For example, open resolvers have been recently utilized for launching amplification attacks, calling for initiating a systematic study on their population, use, and distribution, and raising the awareness...