OARC 2014 Fall Workshop (Los Angeles)

US/Pacific
Westside (Hyatt Regency Century Plaza)

Westside

Hyatt Regency Century Plaza

2025 Avenue of the Stars Los Angeles California 90067 USA
Eberhard Wolfgang Lisse (Namibian Network Information Centre), Keith Mitchell (DNS-OARC), Sebastian Castro (.nz Registry Services)
Description
OARC's Fall 2014 Workshop and AGM will take place in Los Angeles, California, in conjunction with the ICANN51 meeting, and is sponsored by:

Diamond and Social Sponsor

Microsoft

Meeting Host

ICANN

Silver Sponsor

Nominet

Bronze Sponsor

Dyn

The OARC AGM and member-only session will be held on Saturday 11th October, the main workshop on Sunday 12th, and a joint session with ICANN's Tech Day on Monday 13th.

OARC Workshop meetings are open to OARC members and to all other parties interested in DNS operations and research, with ICANN attendees particularly welcome this time around. Meeting registration is free, with priority given to OARC Members, Speakers and Sponsors in the event of limited space, or please consider donating some funds toward the Workshop running costs at this Donation Link.

Webcast Audio Archive

Remote participation of this meeting is being supported by ICANN:

Our agenda is now full and all submissions are closed at this point.

If your organization is interested in sponsoring this workshop, please see our Sponsor Benefits or e-mail sponsor@dns-oarc.net for more information.

OARC has arranged for attendee accommodation at the nearby Beverly Hills Crowne Plaza.

Please also see the ICANN51 Meeting Site for further venue/travel details.

Participants
  • Abibu Ntahigiye
  • Adrian Beaudin
  • Alain Bidron
  • Alejandro Bolivar
  • Alex Rousskov
  • Allison Mankin
  • Amanda Constant
  • Andi Budimansyah
  • Andrew Strohman
  • Ashwin Mathew
  • Assis Guerreiro
  • AYAOVI OLEVIE KOUAMI
  • Aziz Mohaisen
  • Bill Manning
  • Brad Verd
  • Bradley Huffaker
  • Brett Carr
  • Brian Dickson
  • Bruce Van Nice
  • Bruno Duarte Coscia
  • Carsten Schiefner
  • Casey Deccio
  • Cees Toet
  • Chris Cowherd
  • Chris Donovan
  • Chris Griffiths
  • Christian Petrasch
  • Christopher Davis
  • Cole Quinn
  • Cricket Liu
  • Dan Durrer
  • Daniel Migault
  • Daniel Negari
  • Dave Chiswell
  • Davey Song
  • David Cates
  • David Jonas
  • David Soltero
  • Denesh Bhabuta
  • Dirk Krischenowski
  • Dmitrii Kovalenko
  • Dmitry Burkov
  • Dmitry Kohmanyuk
  • Don Blumenthal
  • Don Hollander
  • Doug Barton
  • Dr. Balaji Rajendran
  • Duane Wessels
  • Eberhard Lisse
  • Eddy Winstead
  • Edgardo Krell
  • Eduardo Mercader
  • Edward Lewis
  • Eric Ziegast
  • Erwin Lansing
  • Evan Hunt
  • Feng Han
  • Filiz Yilmaz
  • Francisco Obispo
  • Frederico Neves
  • Gabriel Brenta
  • Gary Murton
  • Geoff Huston
  • Gregory Lindsay
  • Gustavo Ibarra
  • Heiki Sibul
  • Hossein Lotfi
  • Izumi Okutani
  • Jaap Akkerhuis
  • Jacques Latour
  • James Galvin
  • Jaromír Talíř
  • Jason Livingood
  • Jay Daley
  • Jeff Schmidt
  • Jim Martin
  • Jim Reid
  • Joe Abley
  • John Crain
  • John Demco
  • John Heidemann
  • John McFadden
  • Jonathan Severy
  • Jonathan Tuliani
  • Josh Jenkins
  • Joshua Kuo
  • José Urzúa
  • Kazunori Fujiwara
  • KC Claffy
  • Keith Mitchell
  • Kensuke Fukuda
  • Kevin Thomas
  • Kim Davies
  • Kumar Ashutosh
  • Lars-Johan Liman
  • Liam Hynes
  • Liang Zhu
  • Luis Muñoz
  • Maciej Korczynski
  • Marcelo Martinez
  • Marco Díaz
  • Mats Dufberg
  • Matt Larson
  • Matt Weinberg
  • Matthew Pounsett
  • Mauricio Vergara Ereche
  • Mehmet Akcin
  • Merike Kaeo
  • Michael Ambrose
  • Michael McNally
  • Michael Rayhelson
  • Mick Begley
  • Mitsuru Shimamura
  • Mohammad Aslam Popal
  • Nick Whitworth
  • Norm Ritchie
  • Ondrej Filip
  • Ondřej Surý
  • Patrick Jones
  • Paul de Weerd
  • Paul Ebersman
  • Paul Hoffman
  • Paul Mockapetris
  • Peter Hagopian
  • Peter Janssen
  • Peter Losher
  • Piet Barber
  • Rajiv Kumar
  • Ralf Weber
  • Rick Lamb
  • Robert Guerra
  • Robert Martin-Legene
  • Robert Nagy
  • Rock Chantigny
  • Rod Rasmussen
  • Ross Dunthorne
  • Roy Arends
  • Roy Hooper
  • Russ Mundy
  • Sandoche Balakrichenan
  • Scott McMullen
  • Sean Stuart
  • Sebastian Blasco
  • Sebastian Castro
  • Sharon Goldberg
  • Simon McCalla
  • Sree Raghu Harsha Yalamati
  • Stephan Lagerholm
  • Stephen Deerhake
  • Susan Graves
  • Tim April
  • Tim McGinnis
  • Tomofumi Okubo
  • Tonny Yu
  • Toshio Tachibana
  • Vicky Risk
  • Warren Kumari
  • Wayne MacLaurin
  • Werner Staub
  • Wes Hardaker
  • Will Pressly
  • William Sotomayor
  • William Yang
  • Zhiwei Yan
    • 13:00 17:50
      Saturday Members-only/AGM Westside

      Westside

      Hyatt Regency Century Plaza

      2025 Avenue of the Stars Los Angeles California 90067 USA
      Conveners: Mr Keith Mitchell (DNS-OARC), Mr Ondrej Filip (CZ.NIC)
      • 13:00
        Member Lunch, Registration 1h Hyatt Regency Century Plaza

        Hyatt Regency Century Plaza

        2025 Avenue of the Stars Los Angeles California 90067 USA
      • 14:00
        Introduction from OARC Chairman 15m Westside

        Westside

        Hyatt Regency Century Plaza

        2025 Avenue of the Stars Los Angeles California 90067 USA
        Speaker: Mr Ondrej Filip (CZ.NIC)
      • 14:15
        OARC President's Report 30m Westside

        Westside

        Hyatt Regency Century Plaza

        2025 Avenue of the Stars Los Angeles California 90067 USA
        Speaker: Mr Keith Mitchell (DNS-OARC)
        Slides
      • 14:45
        OARC Treasurer's Report 15m Westside

        Westside

        Hyatt Regency Century Plaza

        2025 Avenue of the Stars Los Angeles California 90067 USA
        Speaker: Matthew Pounsett (Rightside)
        Paper
        Slides
      • 15:00
        Coffee Break 30m Westside (Hyatt Regency Century Plaza)

        Westside

        Hyatt Regency Century Plaza

        2025 Avenue of the Stars Los Angeles California 90067 USA
      • 15:30
        Revised OARC Participation Agreement 45m Westside

        Westside

        Hyatt Regency Century Plaza

        2025 Avenue of the Stars Los Angeles California 90067 USA
        AGM Documents
      • 16:15
        OARC Board Elections 45m Westside

        Westside

        Hyatt Regency Century Plaza

        2025 Avenue of the Stars Los Angeles California 90067 USA
        Web Page
      • 17:00
        SECIR Trust Platform Support 15m Westside

        Westside

        Hyatt Regency Century Plaza

        2025 Avenue of the Stars Los Angeles California 90067 USA
        Speaker: Jacques Latour (CIRA)
        Slides
      • 17:15
        Bumblebee Demonstration 30m Westside

        Westside

        Hyatt Regency Century Plaza

        2025 Avenue of the Stars Los Angeles California 90067 USA
        This demonstration-based talk will cover various results of Nominet's analytics efforts over the last four years. The talk will discuss various incidents, misconfigurations, bugs, attacks and malware behaviour we have uncovered by visualizing and interacting with DNS data. I’ll go through a few stories: 1) The limitations we had using existing tools, and the requirements we had when building our analytics tool. 2) How we found CVE-2011-2464 (BIND bug) by understanding how a secondary nameserver should behave, and subsequently looking for abnormalities. 3) How we spot suspicious behaviour and subsequently track a botnet. 4) How we spot abnormal behaviour and subsequently track crypto locker. 5) How two bugs in different implementations amplify eachother. A story about Google and BIND. 6) The effect of RRL during an attack. 7) How OpenDNS improved on their shutter time. 8) The importance of interaction _and_ visualisation (and as a natural consequence, timeliness).
        Speaker: Roy Arends (Nominet)
    • 20:00 23:00
      Evening Social Trader Vics (Beverley Hilton)

      Trader Vics

      Beverley Hilton

    • 09:00 17:50
      Sunday Workshop (Public) Westside

      Westside

      Hyatt Regency Century Plaza

      2025 Avenue of the Stars Los Angeles California 90067 USA
      Convener: Mr Sebastian Castro (.nz Registry Services)
      Audio Archive
      • 09:00
        Analysis of TCP traffic in DITL data 30m
        The historical archive of DITL data is analyzed for trends in TCP traffic, answering some of the following questions: are TCP sources representative of UDP sources? Does TCP always follow a UDP TC=1 response? Do TCP and UDP sources have similar query type distributions? Are response sizes increasing over time, leading to more TCP? What do TCP connections indicate regarding latency?
        Speaker: Duane Wessels (Verisign)
        Slides
      • 09:30
        DNS Name Collision Risk Mitigation 30m
        Starting August 2014, new gTLDs have been required to insert certain records in their DNS zone to manage name collision risks. This presentation provides a description of the mitigation measures and operational experiences regarding the management of risks related to name collisions in the DNS associated with the introduction of new TLDs.
        Speaker: Francisco Arias (ICANN)
        Slides
      • 10:00
        A country level Analysis of the OARC DITL root traces 2009-2014 20m
        I would like to present an analysis of a country level breakdown of the DNS traffic captured by the OARC members on the DITL traces between 2009 and 2014.
        Speaker: Bradley Huffaker (CAIDA/UCSD)
        Slides
      • 10:20
        2014 Root DITL Data analysis and TLD popularity analysis 20m
        The presentation reports statistics of 2014 DITL root dataset and differences from previous data. And tries to show popularities of each TLD. The data may show the share of usage of TLDs in each country.
        Speaker: Mr Kazunori Fujiwara (Japan Registry Services Co., Ltd)
        Slides
      • 10:40
        Coffee Break 20m
      • 11:00
        Measuring the cost of DNSSEC 30m
        The presentation provides some measurements on the incremental cost of signing a domain name. It looks at the profile of additional time taken to resolve a signed name by a dnssec-validating resolver and from the perspective of the authoritative name server quantifies the additional query and traffic load when serving a signed zone as distinct from an unsigned zone. The presentation also extrapolates this load to the situation when all resolvers perform DNSSEC-validation
        Speaker: Mr Geoff Huston (APNIC)
        Slides
      • 11:30
        OARC's Technical Report 30m
        Report from William Sotomayor about the work being done by OARC Technical team since last workshop.
        Speaker: Mr William Sotomayor (DNS-OARC)
        Slides
      • 12:00
        Improved NSEC3 performance in DNSSEC 30m
        A challenge in DNSSEC is that the ‘NSEC3’ records used to assert the non-existence of a given domain name can create a significant computational load on the DNS servers. This document describes an application of a cryptographic technique known as a ‘time-lock puzzle’ to the calculation of NSEC3 records. This provides a means of reducing this load whilst simultaneously increasing the security against DNS record enumeration offered by NSEC3.
        Speaker: Dr Jonathan Tuliani Tuliani (Microsoft)
        Slides
      • 12:30
        Lunch Break 1h
      • 13:00
        PGP Signing Session 30m
        Speaker: Matthew Pounsett (Rightside)
        notes
      • 13:30
        Reputation Metrics Design to Improve Intermediary Incentives for Security of TLDs 30m
        In this presentation, we describe security metrics for Top-Level Domains (TLDs) and we measure their operational values using DNS query data and other data sources such as botnet and phishing feeds. They can serve as publicly available signals to different classes intermediaries such as registries, registrars, or hosting providers and can offer the option to benchmark themselves against their market. There currently exists very little empirical information about the security performance of TLDs and of the overall DNS ecosystem. We distinguish three types of security metrics, each at a different layer of ab- straction. The top-layer involves the security metrics of an entire TLD such as .nl, .com, or .amsterdam. The second layer of abstraction consists of security metrics for market players under TLDs. These are Internet infrastructure providers, registries, registrars, and hosting providers. Examples of security metrics at this layer include concentration of malicious domains across players and their up-times. The third layer is a break-down of the second layer and involves security metrics for network resources managed by each of the players, such as DNS resolvers, or authoritative name servers. In this presentation, we pay a special attention to the second layer and we develop reputation metrics for registries, registrars, and hosting providers with the respect to the TLD layer. In our future work, we plan to correlate the abuse rate reflected in the here-proposed reputation metrics with registry policy, such as pricing, the correctness of the whois data, security monitoring of the DNS infrastructure, etc.
        Speaker: Dr Maciej Korczynski (Delft University of Technology)
        Slides
      • 14:00
        A Survey of Current DANE/TLSA Deployment 20m
        As adoption of DNS Security Extensions (DNSSEC) grows, DNS-based Authentication of Named Entities (DANE) provides an alternative to traditional CA-based certificate authentication. The DANE TLSA protocol specification was published in 2012. It's generally unknown to the DNS community how widely DANE TLSA has been deployed and how TLSA records are used. In this talk, we present a survey of current deployment of DANE TLSA. We developed PryDane, a tool for actively probing names possibly having TLSA records validating those records with the server certificates. Based on the data we collected, we conclude that DANE TLSA is not widely deployed at this time. Our probing data shows the most common (>80%) usage of TLSA record is: domain-issued cert matching full cert with SHA-256. Our validation results show there are consistently about 7%-10% of DANE-enabled names having invalid TLSA records. We explored the reasons for these mismatches, such as wrong certs and incorrect parameters in TLSA records.
        Speaker: Liang Zhu (USC/Information Sciences Institute)
        Slides
      • 14:20
        Preserving case-sensitivity in zone names 20m
        In early 2014 a BIND user encountered a problem with some SIP phones, that turned out to be due to the fact that, while compressing zone updates, we were not preserving case-sensitivity. We determined that CamelCasing is allowed, and thus case should be preserved by IETF specification. We then consulted with a number of operating system publishers and agreed on a solution. This brief presentation will explain how BIND handles this situation and introduce others to the issue.
        Speaker: victoria risk (isc)
        Slides
      • 14:40
        NSEC5: Provably Preventing DNSSEC Zone Enumeration 30m
        DNSSEC is designed to prevent network attackers from tampering with domain name system (DNS) messages. The cryptographic machinery used in DNSSEC, however, also creates a new vulnerability--zone enumeration, where an adversary launches a small number of online DNSSEC queries and then uses offline dictionary attacks to learn which domain names are present or absent in a DNS zone. We propose a new cryptographic construction that solves the problem of DNSSEC zone enumeration while remaining faithful to the operational realities of DNSSEC. NSEC5 can be thought of as a variant of NSEC3 in which the unkeyed hash function is replaced with a deterministic RSA-based keyed hashing scheme. We also show that a public-key operation is necessary to prevent zone enumeration. Specifically, we prove that security against network attackers and privacy against zone enumeration cannot be satisfied simultaneously unless the DNSSEC server performs online public-key cryptographic operations.
        Speaker: Prof. Sharon Goldberg (Boston University)
        Slides
      • 15:10
        Coffee Break 20m
      • 15:30
        The GIft that Keeps on Giving: Open DNS Proxies 30m
        DNS DDoS attacks continue, fueled by open DNS proxies. Now they're stressing resolvers and authorities worldwide using pseudo random subdomains. In June of 2014 there was a 400% increase in this traffic and popular domains continue to be targeted. Analysis of recent DNS data reveals other interesting details. For instance, Response Rate Limiting in authorities appears to aggravate attacks. This presentation will cover the latest attack data as well as tests of the major resolvers showing the impact of capabilities to mitigate them, ranging from changes in recursive behaviors to filtering traffic at ingress.
        Speaker: Mr Ralf Weber (Nominum)
        Slides
      • 16:00
        DNS - the glue in the IoT 30m
        In Internet of Things (IoT), the "Things" could be anything from refrigerators to human to books. These "things" should be identified at least by one unique way of identification, for the capability of addressing and communicating with each other. This is made possible by attaching/embedding different data carrier devices such as barcodes,RFID, Sensors etc with the 'things'. Sensors, for example could be identified by MAC or IPv6 address. Similarly barcodes, RFID tags are encoded with an identifier based on different identification schemes such as Universal Product Code, (UPC), Electronic Product Code (EPC), ucode etc. The basic feature of these identifiers are : they are allocated hierarchically, control is decentralised and the nature of allocation makes sure that there is no duplicity. The identifier properties described in the previous paragraph are similar to the domain name allocation and management, and thus, identifiers in IoT could leverage the DNS infrastructure and software for allocation and resolution. Leveraging DNS for other uses started with ENUM for telephone numbers, and for IoT, there exists already overlay mechanisms services such as Object Naming Service (ONS) [EPCglobal standard] and Object Directory Service (ODS) [ITU-T standard] which uses the DNS to resolve the IoT identifiers (their respective identification schemes) to its related digital information. As DNS acts as a "glue" in the current Internet, where its basic feature is to resolve "human-friendly" host names to their corresponding "machine-friendly" IP addresses, in IoT also it is proved, that DNS could be a glue for certain identification schemes. This talk will concentrate on [1] How DNS could be leveraged for resolving a 'thing' associated with an RFID based on our experiences in working on the WINGS [WINGS] project and contributing to the ONS 2.0 standard [EPCglobal standard] [2] The issues involved in using DNS for resolution in the Wireless sensor network (i.e using Sensor devices) based on a recently started collaborative project [WSNProject]. [3] If time permits, IoT standardisation activities at the IETF relating to DNS [WINGS] http://www.wings-project.fr/ [EPCglobal standard] http://www.gs1.org/gsmp/kc/epcglobal/ons/ons_2_0_1-standard-20130131.pdf [ITU-T standard] Object Directory Service for Mobile AIDC services (ISO/IEC 29177) [WSNProject] http://www.labfab.fr/portfolio/lora-fabian/
        Speaker: Mr Sandoche Balakrichenan (Afnic)
        Slides
      • 16:30
        Orient data vertically for faster analysis 30m
        Column store databases are a newer entry to the big data realm. They handle structured data like DNS queries exceptionally well and work best with minimal data normalization. Queries execute significantly faster than RDBMS technology (~ 100 times faster). This talk will outline the technology at a high level and walk through examples of data loading, compression, and reporting using a freely available Column Store DB as well as Nominum’s experiences and findings analyzing large amounts of DNS data. No normalization, fast data loading, no indexing, fast queries and SQL... what's not to like?
        Speaker: Mr Adrian Beaudin (Nominum)
        Slides
      • 17:00
        Test cases for domain checks -- a step towards a best practice 20m
        Zonemaster is an upcoming tool for controlling DNS zones. It is designed to replace the .SE DNSCheck and the .FR ZoneCheck with better performance, modularity and scalability. One of the design goals is to have explicit test cases for the tool. I.e. exactly what are the requirements of the tested zone that tools should test? What outcomes should return pass and what outcomes should return fail? Those explicit specifications, i.e. the test cases, will at the same time be the ground the validation of the tool. The goal of the test cases is more than being the requirements for Zonemaster, our ambition is to develop a best practice for zone delegations by having transparent and publically available specifications that are independent of the test tool. The Zonemaster test tool could be seen as one implementation of those specifications. The test cases should not only capture a completely valid delegation, but they should also be ground for meaningful error messages when things are more or less bad. I will in my presentation present the major test cases for the tool and some test cases where the outcome need considerations and where discussions and suggestions could help the development. The material for the project is publicly available at Github, https://github.com/dotse/zonemaster
        Speaker: Mats Dufberg (.SE (The Internet Infrastructure Foundation))
        Slides
    • 10:25 17:50
      Monday Joint OARC/Tech Day Westside

      Westside

      Hyatt Regency Century Plaza

      2025 Avenue of the Stars Los Angeles California 90067 USA
      Convener: Mr Sebastian Castro (.nz Registry Services)
      slides
      • 10:30
        TechDay Opening Remarks 10m Westside

        Westside

        Hyatt Regency Century Plaza

        2025 Avenue of the Stars Los Angeles California 90067 USA
        Speaker: Dr Eberhard Wolfgang Lisse (Namibian Network Information Centre)
      • 10:40
        Disturbance in the DNS 20m Westside

        Westside

        Hyatt Regency Century Plaza

        2025 Avenue of the Stars Los Angeles California 90067 USA
        Speaker: Mr Sandoche Balakrichenan (Afnic)
        Slides
      • 11:00
        Keynote Address 30m Westside

        Westside

        Hyatt Regency Century Plaza

        2025 Avenue of the Stars Los Angeles California 90067 USA
        Speaker: Paul Mockapetris
      • 11:30
        DNSViz - powerful and extensible DNS analysis 20m Westside

        Westside

        Hyatt Regency Century Plaza

        2025 Avenue of the Stars Los Angeles California 90067 USA
        DNSViz has been developed as a Web-based tool for analysis, visualization, education, and troubleshooting DNS and DNSSEC. The tool has recently been reworked for extensibility and portability, including a downloadable library and tool suite available via an open source license--and a revamped Web site. We discuss the new features available with DNSViz, future plans, and how to get involved.
        Speaker: Dr Casey Deccio (Verisign Labs)
        Slides
      • 11:50
        Low-Cost Threshold Cryptography HSM for OpenDNSSEC 20m Westside

        Westside

        Hyatt Regency Century Plaza

        2025 Avenue of the Stars Los Angeles California 90067 USA
        The DNS Security Extensions (DNSSEC) add a new layer of security based on public-key infrastructure: each DNS record is digitally signed to verify the authenticity of the answer. However, the introduction of DNSSEC has an impact in the operational workflow of DNS systems: (i) signatures have an expiration date, hence the records must be periodically signed and (ii) key management tasks can be overwhelming. These are problems specially for DNS zones with several records (for instance a Top Level Domain). The adoption of Hardware Security Module (HSM) is an option to provide highly secured keys and signature management. Nevertheless HSM is expensive and hardware can fail. We present a novel system based on threshold cryptography to support the operational signing workflow of DNSSEC. This approach significantly improves security and availability of the overall system since the secret key is never stored in a single place; it is spread among the nodes of the system.
        Speaker: Mr Francisco Cifuentes (NIC Chile Research Labs)
        Slides
      • 12:10
        Measuring the Leakage of Onion at the DNS Root 20m Westside

        Westside

        Hyatt Regency Century Plaza

        2025 Avenue of the Stars Los Angeles California 90067 USA
        The Tor project provides individuals with a mechanism of communicating anonymously on the Internet. Furthermore, Tor is capable of providing anonymity to servers, which are configured to receive inbound connections only through Tor (more commonly called hidden services). In order to route requests to these hidden services, a namespace is used to identify the resolution requests to such services. A namespace under a non-delegated (pseudo) top-level-domain (TLD) of .onion was elected. Although the Tor system was designed to prevent .onion requests from leaking into the global DNS resolution process, numerous requests are still observed in the global DNS. In this talk I propose to present the state of .onion requests received at the global public DNS A and J root nodes, and a complementary measurement from the DITL (day in the life of the Internet) data repository. I will also present potential explanations of the leakage, and highlights of trends associated with global censorship events.
        Speaker: Dr Aziz Mohaisen (Verisign Labs)
        Slides
      • 12:30
        Host Presentation 20m Westside

        Westside

        Hyatt Regency Century Plaza

        2025 Avenue of the Stars Los Angeles California 90067 USA
        Speaker: Mr Marx Peter (Los Angeles City Council)
      • 12:50
        IDNA 2008 & Unicode 20m Westside

        Westside

        Hyatt Regency Century Plaza

        2025 Avenue of the Stars Los Angeles California 90067 USA
        Speaker: Patrick Faltstrom
      • 13:10
        Lunch 50m Hyatt Regency Century Plaza

        Hyatt Regency Century Plaza

        2025 Avenue of the Stars Los Angeles California 90067 USA

        On your own.

      • 14:00
        MS DNS Server Data Mine 20m Westside

        Westside

        Hyatt Regency Century Plaza

        2025 Avenue of the Stars Los Angeles California 90067 USA
        Speaker: Mr Kumar Ashutosh (Microsoft)
        Slides
      • 14:20
        Facebook CSIO Update 20m Westside

        Westside

        Hyatt Regency Century Plaza

        2025 Avenue of the Stars Los Angeles California 90067 USA
      • 14:40
        Yahoo CSIO Update 20m Westside

        Westside

        Hyatt Regency Century Plaza

        2025 Avenue of the Stars Los Angeles California 90067 USA
        Speaker: Alex Stamos (Yahoo)
      • 15:00
        DNS Rex: Do you need an aggressive benchmarking tool? 20m Westside

        Westside

        Hyatt Regency Century Plaza

        2025 Avenue of the Stars Los Angeles California 90067 USA
        DNS Rex: Do you need an aggressive benchmarking tool? I would like to present DNS Rex, an open source performance benchmark for DNS servers, with a focus on busy DNS caching resolvers. DNS Rex was created to address several known (and rumored) problems with existing DNS testing tools. Our goals included: * reliable generation of high query rates, * reproducibility of test results, * ability to sustain any configurable cache hit ratio, * support for long tests without reliance on trace replay, * independence from a 3rd-party authoritative server, * DNSSEC support. DNS Rex has been successfully used for private tests, and is publicly available[1], but we have not promoted its wider use. Besides describing what DNS Rex can do today, I would like to gauge audience interest in continued development of the tool. Is there a genuine need for a better DNS benchmark? What missing features are the most important? [1] http://rex.measurement-factory.com/
        Speaker: Alex Rousskov (The Measurement Factory)
      • 15:20
        DNS Bake-off 1h 40m Westside

        Westside

        Hyatt Regency Century Plaza

        2025 Avenue of the Stars Los Angeles California 90067 USA
        Speaker: Jacques Latour (CIRA)
      • 17:00
        PKI News 20m Westside

        Westside

        Hyatt Regency Century Plaza

        2025 Avenue of the Stars Los Angeles California 90067 USA
        Speaker: Jeremy Rowley (Digicert)
      • 17:20
        Closing Remarks 10m Westside

        Westside

        Hyatt Regency Century Plaza

        2025 Avenue of the Stars Los Angeles California 90067 USA
        Speaker: Mr Ondrej Filip (CZ.NIC)