Mr
Ondrej Filip
(CZ.NIC)
11/10/2014, 14:00
Mr
Keith Mitchell
(DNS-OARC)
11/10/2014, 14:15
Matthew Pounsett
(Rightside)
11/10/2014, 14:45
Duane Wessels
(Verisign)
12/10/2014, 09:00
Public Workshop
The historical archive of DITL data is analyzed for trends in TCP traffic, answering some of the following questions: are TCP sources representative of UDP sources? Does TCP always follow a UDP TC=1 response? Do TCP and UDP sources have similar query type distributions? Are response sizes increasing over time, leading to more TCP? What do TCP connections indicate regarding latency?
Francisco Arias
(ICANN)
12/10/2014, 09:30
Public Workshop
Starting August 2014, new gTLDs have been required to insert certain records in their DNS zone to manage name collision risks. This presentation provides a description of the mitigation measures and operational experiences regarding the management of risks related to name collisions in the DNS associated with the introduction of new TLDs.
Bradley Huffaker
(CAIDA/UCSD)
12/10/2014, 10:00
Public Workshop
I would like to present an analysis of a country level breakdown of the DNS traffic captured by the OARC members on the DITL traces between 2009 and 2014.
Mr
Kazunori Fujiwara
(Japan Registry Services Co., Ltd)
12/10/2014, 10:20
Public Workshop
The presentation reports statistics of 2014 DITL root dataset and differences from previous data.
And tries to show popularities of each TLD.
The data may show the share of usage of TLDs in each country.
Mr
Geoff Huston
(APNIC)
12/10/2014, 11:00
Public Workshop
The presentation provides some measurements on the incremental cost of signing a domain name. It looks at the profile of additional time taken to resolve a signed name by a dnssec-validating resolver and from the perspective of the authoritative name server quantifies the additional query and traffic load when serving a signed zone as distinct from an unsigned zone. The presentation also...
Mr
William Sotomayor
(DNS-OARC)
12/10/2014, 11:30
Public Workshop
Report from William Sotomayor about the work being done by OARC Technical team since last workshop.
Dr
Jonathan Tuliani Tuliani
(Microsoft)
12/10/2014, 12:00
Public Workshop
A challenge in DNSSEC is that the ‘NSEC3’ records used to assert the non-existence of a given domain name can create a significant computational load on the DNS servers. This document describes an application of a cryptographic technique known as a ‘time-lock puzzle’ to the calculation of NSEC3 records. This provides a means of reducing this load whilst simultaneously increasing the security...
Dr
Maciej Korczynski
(Delft University of Technology)
12/10/2014, 13:30
Public Workshop
In this presentation, we describe security metrics for Top-Level Domains (TLDs) and we measure their operational values using DNS query data and other data sources such as botnet and phishing feeds. They can serve as publicly available signals to different classes intermediaries such as registries, registrars, or hosting providers and can offer the option to benchmark themselves against their...
Liang Zhu
(USC/Information Sciences Institute)
12/10/2014, 14:00
Public Workshop
As adoption of DNS Security Extensions (DNSSEC) grows, DNS-based Authentication of Named Entities (DANE) provides an alternative to traditional CA-based certificate authentication. The DANE TLSA protocol specification was published in 2012. It's generally unknown to the DNS community how widely DANE TLSA has been deployed and how TLSA records are used. In this talk, we present a survey of...
victoria risk
(isc)
12/10/2014, 14:20
Lightning Presentations
In early 2014 a BIND user encountered a problem with some SIP phones, that turned out to be due to the fact that, while compressing zone updates, we were not preserving case-sensitivity. We determined that CamelCasing is allowed, and thus case should be preserved by IETF specification. We then consulted with a number of operating system publishers and agreed on a solution. This brief...
Prof.
Sharon Goldberg
(Boston University)
12/10/2014, 14:40
Public Workshop
DNSSEC is designed to prevent network attackers from tampering with domain name system (DNS) messages. The cryptographic machinery used in DNSSEC, however, also creates a new vulnerability--zone enumeration, where an adversary launches a small number of online DNSSEC queries and then uses offline dictionary attacks to learn which domain names are present or absent in a DNS zone.
We propose...
Mr
Ralf Weber
(Nominum)
12/10/2014, 15:30
Public Workshop
DNS DDoS attacks continue, fueled by open DNS proxies. Now they're stressing resolvers and authorities worldwide using pseudo random subdomains. In June of 2014 there was a 400% increase in this traffic and popular domains continue to be targeted. Analysis of recent DNS data reveals other interesting details. For instance, Response Rate Limiting in authorities appears to aggravate attacks. ...
Mr
Sandoche Balakrichenan
(Afnic)
12/10/2014, 16:00
Public Workshop
In Internet of Things (IoT), the "Things" could be anything from refrigerators to human to books. These "things" should be identified at least by one unique way of identification, for the capability of addressing and communicating with each other. This is made possible by attaching/embedding different data carrier devices such as barcodes,RFID, Sensors etc with the 'things'.
Sensors, for...
Mr
Adrian Beaudin
(Nominum)
12/10/2014, 16:30
Public Workshop
Column store databases are a newer entry to the big data realm. They handle structured data like DNS queries exceptionally well and work best with minimal data normalization. Queries execute significantly faster than RDBMS technology (~ 100 times faster).
This talk will outline the technology at a high level and walk through examples of data loading, compression, and reporting using a freely...
Mats Dufberg
(.SE (The Internet Infrastructure Foundation))
12/10/2014, 17:00
Public Workshop
Zonemaster is an upcoming tool for controlling DNS zones. It is designed to replace the .SE DNSCheck and the .FR ZoneCheck with better performance, modularity and scalability. One of the design goals is to have explicit test cases for the tool. I.e. exactly what are the requirements of the tested zone that tools should test? What outcomes should return pass and what outcomes should return...
Dr
Eberhard Wolfgang Lisse
(Namibian Network Information Centre)
13/10/2014, 10:30
Mr
Sandoche Balakrichenan
(Afnic)
13/10/2014, 10:40
Dr
Casey Deccio
(Verisign Labs)
13/10/2014, 11:30
Joint OARC/Tech Day
DNSViz has been developed as a Web-based tool for analysis, visualization, education, and troubleshooting DNS and DNSSEC. The tool has recently been reworked for extensibility and portability, including a downloadable library and tool suite available via an open source license--and a revamped Web site. We discuss the new features available with DNSViz, future plans, and how to get involved.
Mr
Francisco Cifuentes
(NIC Chile Research Labs)
13/10/2014, 11:50
Joint OARC/Tech Day
The DNS Security Extensions (DNSSEC) add a new layer of security based on public-key infrastructure: each DNS record is digitally signed to verify the authenticity of the answer. However, the introduction of DNSSEC has an impact in the operational workflow of DNS systems: (i) signatures have an expiration date, hence the records must be periodically signed and (ii) key management tasks can be...
Dr
Aziz Mohaisen
(Verisign Labs)
13/10/2014, 12:10
Joint OARC/Tech Day
The Tor project provides individuals with a mechanism of communicating anonymously on the Internet. Furthermore, Tor is capable of providing anonymity to servers, which are configured to receive inbound connections only through Tor (more commonly called hidden services). In order to route requests to these hidden services, a namespace is used to identify the resolution requests to such...
Mr
Marx Peter
(Los Angeles City Council)
13/10/2014, 12:30
Joint OARC/Tech Day
Mr
Kumar Ashutosh
(Microsoft)
13/10/2014, 14:00
Alex Rousskov
(The Measurement Factory)
13/10/2014, 15:00
Joint OARC/Tech Day
DNS Rex: Do you need an aggressive benchmarking tool?
I would like to present DNS Rex, an open source performance benchmark for DNS servers, with a focus on busy DNS caching resolvers. DNS Rex was created to address several known (and rumored) problems with existing DNS testing tools. Our goals included:
* reliable generation of high query rates,
* reproducibility of test results,
*...
