9-10 May 2015
Okura Hotel
Europe/Amsterdam timezone
Home > Contribution List

Confirmed Speakers

Displaying 30 contributions out of 30
Session: Members Session
Track: Members-only
It is common wisdom that DNS server implementations must not respond to responses to prevent a denial of service by spoofed traffic injection. We will share an observation of a system that accidentally turned responses into new requests, generating a "loop" that might go unnoticed.
Presented by Mr. Peter KOCH on 9 May 2015 at 11:55
Session: Members Session
Track: OARC Business
This is a retrospective talk to cover how DNS-OARC has evolved in the past decade.
Presented by Mr. Keith MITCHELL on 9 May 2015 at 10:40
Track: Public Workshop
Analysis of high resolution DNS data reveals intricate patterns. This presentation offers visualizations of 24 hours of query data for provider resolvers across time, type, TLDs, and names for both legitimate and malicious traffic. Drill downs into threat details – such as bot, DDoS, and malware will be presented. Other query data will also be evaluated and displayed.
Presented by Mr. Bruce VAN NICE on 10 May 2015 at 10:45
Track: Public Workshop
Random sub-domain attacks (also called as "Water Torture" attacks) send many non-existent queries to full resolvers. Negative cache does not work well because query names vary. However, NSEC resource records contain non-existent name ranges. Aggressive negative caching using NSEC resource records may be a countermeasure of random sub-domain attacks for signed domains. The presenta ... More
Presented by Mr. Kazunori FUJIWARA on 9 May 2015 at 13:50
Track: Lightning Presentations
ANSSI published in May 2014 a document written in French, which lists a set of best current practices to improve the resiliency of the DNS. This document target audience is the French administration, the French companies and the general public. The guidelines cover the organizational, juridical and technical aspects that a domain name holder should consider when choosing a domain name and the ... More
Presented by Mr. Florian MAURY on 10 May 2015 at 14:45
Track: Public Workshop
This presentation is an overview of current AS112 happenings as well as the latest survey of detected AS112 nodes with a focus on research networks and AS112.
Presented by Mr. William SOTOMAYOR on 10 May 2015 at 16:30
Track: Public Workshop
Negative caching is a functionality within DNS that is being described in RFC 2308. Negative caching follows the same basic idea and principles as positive caching. That is that a record, or lack thereof, should be allowed to be cached by a recursive resolver and used for consecutive queries for the same QNAME and QCLASS. Since a negative response does not carry any record that can be used to indi ... More
Presented by Mr. Stephan LAGERHOLM on 9 May 2015 at 14:20
Track: Public Workshop
DDoS attacks against DNS providers have been on the increase over the last few years. They have been growing in size and complexity, taking many prominent DNS providers offline. Today these attacks are a major concern to anyone running DNS servers. Operators are in a continual arms race against attackers. CloudFlare, one of the largest authoritative non-TLD providers, has had to learn th ... More
Presented by Mr. Marek MAJKOWSKI on 9 May 2015 at 16:00
Track: Public Workshop
Dissection and observation of traffic at a residential ISP We analyse the DNS traffic from residential and SOHO customers of a en eye-balls ISP over a 24h period. We will describe the observed query patterns, correlating to different types of usage such as CDNs and popular sites using DNS to manage their traffic engineering and different observed uses of DNS describing what are the actual, ... More
Presented by Mr. Joao Luis SILVA DAMAS on 10 May 2015 at 11:15
Track: Public Workshop
Drawing upon high resolution worldwide resolver data this presentation will cover changes in attack vectors, intensity, duration and domains targeted. In mid march yet another twist on the attacks appeared - hybrid queries using randomized labels querying for names that amplify. This has numerous implications and tests of mitigation techniques will also be presented, comparing and contrasting alt ... More
Presented by Mr. Ralf WEBER on 9 May 2015 at 17:00
Track: Public Workshop
The effects of increasing the root zone KSK size are studied by replaying trace data from a.root-servers.net to different name server processes with different ZSK (and KSK) parameters. This work explores how differing key sizes might affect root server operations in terms of (a) percent of UDP responses with TC bit set; (b) the distribution of response sizes over both UDP and TCP; (c) the amount ... More
Presented by Duane WESSELS on 10 May 2015 at 09:30
Track: Public Workshop
Verisign operates two root servers (A.root-servers.net, J.root-servers.net), the authoritative name servers for .com, .net, .edu and many other ccTLD and gTLDs. Alongside those TLD name services, Verisign offers a managed DNS service and DDoS attack mitigation platform for many big-name companies. Over the years, Verisign's infrastructure has been targeted for various volumetric attacks, and Veris ... More
Presented by Mr. Matt WEINBERG, Mr. Piet BARBER on 9 May 2015 at 16:30
Track: Lightning Presentations
[Hedgehog][http://dns-stats.org/] is a replacement front-end for DSC datasets. In this talk we will present the latest version of Hedgehog and our future plans for its development. Future enhancements may include new graphs, visualization of anycast nodes and the origin of their queries and statistical analysis ideas. There will also be a discussion of requirements for a new DNS data collector, th ... More
Presented by Mr. John DICKINSON on 9 May 2015 at 15:45
Track: Public Workshop
It's said that the load to DNS is still increasing and queries to root and TLD DNS servers are still increasing. However, there is no materlal which indicates the increase of queries to root and TLD DNS servers. This presentation tries to show the increase of root and JP TLD DNS server queries and appeales evidence gathering about the increase of queries to DNS servers. (about 10 ... More
Presented by Mr. Kazunori FUJIWARA on 10 May 2015 at 16:50
Session: Members Session
Track: OARC Business
Report from Keith Mitchell, OARC's President, about the state of OARC.
Presented by Mr. Keith MITCHELL on 9 May 2015 at 11:00
Session: Members Session
Track: OARC Business
An overview of OARC systems, services & projects and their status.
Presented by Mr. William SOTOMAYOR, Ms. Dalini KHEMLANI on 9 May 2015 at 11:30
Track: Public Workshop
This is a followup to a previous presentation to DNS OARC on the use of ECC as a digital signature algorithm. We report on the findings of a large scale field test of presentation of a DNS name signed using ECDSA, looking at the level of support in resolvers for DNSSEC validation and the behaviour when given a badly signed name.
Presented by Mr. Geoff HUSTON on 10 May 2015 at 09:00
Presented by Matthew POUNSETT on 10 May 2015 at 13:00
Track: Lightning Presentations
ISC has been operating the DNSSEC Look-aside validation registry for several years now. DLV allows a DNSSEC domain to validate before its parent is DNSSEC signed. We believe that the time has come to wean people off of this transition mechanism, and back onto using the chain of trust to the root.
Presented by Mr. Jim MARTIN on 10 May 2015 at 14:30
Track: Lightning Presentations
This will be a lightning talk to present a technique from text mining applied to DNS traffic. By using the TF-IDF method, it's possible to identify which domain names are more relevant to a set of IP addresses, and comparing a large volume of DNS traffic can provide insights of general domain name behaviour. This is a PoC, and there will be visualizations.
Presented by Mr. Sebastian CASTRO on 10 May 2015 at 15:00
Track: Public Workshop
This talk will provide an overview of DNS query name minimization algorithms (an approach to DNS privacy), and discuss the behavior of some authoritative DNS servers in the presence of a resolver that performs qname minimization. I'll provide a survey of results of the Alexa top 1000 domains, and discuss some observed defective behavior of a few CDNs and DNS hosting providers that will need to be ... More
Presented by Mr. Shumon HUQUE on 9 May 2015 at 14:50
Track: Lightning Presentations
An overview of RSSAC-002 metrics and OARC's efforts to collect them from various root server operators. Also include a preliminary analysis of the content.
Presented by Mr. William SOTOMAYOR on 10 May 2015 at 16:15
Track: Lightning Presentations
DNS stream analysis is an appropriate environment to work with real time analytics due to the extremely large amount of queries that needs to be processed per second. There are some tools used to analyze DNS traffic, such as DSC, DSCng or Bumblebee, but they focus in statistical analysis, mainly providing visualization of data aggregations. We will show our system design for a filtering a ... More
Presented by Mr. Francisco CIFUENTES on 10 May 2015 at 15:10
Track: Public Workshop
CloudFlare operates a DNS servers in a non traditional way: there are no zone files and answers can be assembled from multiple sources on the fly. This prevented us from using existing DNSSEC tools. In order to provide a reliable and scalable solution that is friendly to the Internet we started questioning every assumption ever made on DNSSEC deployment. The resulting design will hopefully be ... More
Presented by Mr. Ólafur GUÐMUNDSSON, Mr. Filippo VALSORDA on 10 May 2015 at 10:00
Track: Public Workshop
ANSSI identified that several popular DNS resolver implementations could be led into following a large number of delegations. By doing so, these resolvers could inflict a denial of service either of the resolver itself by excessive resource consumption or its hosting network by flooding it with packets. Vulnerable implementations can also be enticed into sending to a victim ten times the n ... More
Presented by Mr. Florian MAURY on 10 May 2015 at 12:00
Track: Lightning Presentations
Unusual DNS query patterns have been the focus of many recent talks that have examined the sources, targets and intent of this traffic, as well as the impact seen by authoritative servers and resolvers alike. Over the past year ISC has been trialling experimental recursive client rate limiting techniques in BIND to limit impact of this unwanted traffic on both servers and DNS clients. This ... More
Presented by Ms. Cathy ALMOND on 10 May 2015 at 11:45
Track: Public Workshop
Ed Lewis from ICANN will be presenting about the status of the work led by ICANN to execute a Root Zone KSK rollover. There will be space for discussion and feedback.
Presented by Mr. Edward LEWIS on 10 May 2015 at 17:05
Session: Members Session
Presented by Mr. Ondrej FILIP, Mr. Jelte JANSEN, Mr. Keith MITCHELL on 9 May 2015 at 10:30
Track: Public Workshop
Testing DNS delegations has a long history. Some TLD registries used to do pre-delegation testing before delegating a new or reconfigured domain, some do testing for statistics, but most people do it to find errors in their DNS configuration. Zonemaster is a new tool created by .SE and AFNIC, and builds on our previous experience on working with DNS delegation checking tools such as DNSCheck and Z ... More
Presented by Mr. Patrik WALLSTRÖM on 10 May 2015 at 14:00
Track: Lightning Presentations
Recently, DNS systems have been under sustained attack via open relays or dedicated sources of malicious traffic. Simultaneously, many operators note poor support for DNS within their existing load balancing solutions. It has been noted that load balancing DNS is not like load balancing HTTP. For example, one highly loaded server delivers better response times than 10 lightly loaded servers. ... More
Presented by Mr. bert HUBERT on 10 May 2015 at 15:50