Mr
Jelte Jansen
(SIDN), Mr
Keith Mitchell
(DNS-OARC), Mr
Ondrej Filip
(CZ.NIC)
5/9/15, 10:30 AM
Mr
Keith Mitchell
(DNS-OARC)
5/9/15, 10:40 AM
OARC Business
This is a retrospective talk to cover how DNS-OARC has evolved in the past decade.
Mr
Keith Mitchell
(DNS-OARC)
5/9/15, 11:00 AM
OARC Business
Report from Keith Mitchell, OARC's President, about the state of OARC.
Ms
Dalini Khemlani
(DNS-OARC), Mr
William Sotomayor
(DNS-OARC)
5/9/15, 11:30 AM
OARC Business
An overview of OARC systems, services & projects and their status.
Mr
Peter Koch
(DENIC eG)
5/9/15, 11:55 AM
Members-only
It is common wisdom that DNS server implementations must not respond to responses to prevent a denial of service by spoofed traffic injection. We will share an observation of a system that accidentally turned responses into new requests, generating a "loop" that might go unnoticed.
Mr
Kazunori Fujiwara
(Japan Registry Services Co., Ltd)
5/9/15, 1:50 PM
Public Workshop
Random sub-domain attacks (also called as "Water Torture" attacks)
send many non-existent queries to full resolvers. Negative cache
does not work well because query names vary. However, NSEC resource
records contain non-existent name ranges. Aggressive negative
caching using NSEC resource records may be a countermeasure of
random sub-domain attacks for signed domains. The...
Mr
Stephan Lagerholm
(Microsoft)
5/9/15, 2:20 PM
Public Workshop
Negative caching is a functionality within DNS that is being described in RFC 2308. Negative caching follows the same basic idea and principles as positive caching. That is that a record, or lack thereof, should be allowed to be cached by a recursive resolver and used for consecutive queries for the same QNAME and QCLASS. Since a negative response does not carry any record that can be used to...
Mr
Shumon Huque
(Research Scientist)
5/9/15, 2:50 PM
Public Workshop
This talk will provide an overview of DNS query name minimization algorithms (an approach to DNS privacy), and discuss the behavior of some authoritative DNS servers in the presence of a resolver that performs qname minimization. I'll provide a survey of results of the Alexa top 1000 domains, and discuss some observed defective behavior of a few CDNs and DNS hosting providers that will need...
Mr
John Dickinson
(Sinodun)
5/9/15, 3:45 PM
Lightning Presentations
[Hedgehog][http://dns-stats.org/] is a replacement front-end for DSC datasets. In this talk we will present the latest version of Hedgehog and our future plans for its development. Future enhancements may include new graphs, visualization of anycast nodes and the origin of their queries and statistical analysis ideas. There will also be a discussion of requirements for a new DNS data...
Mr
Marek Majkowski
(CloudFlare)
5/9/15, 4:00 PM
Public Workshop
DDoS attacks against DNS providers have been on the increase over the
last few years. They have been growing in size and complexity, taking
many prominent DNS providers offline.
Today these attacks are a major concern to anyone running DNS servers.
Operators are in a continual arms race against attackers.
CloudFlare, one of the largest authoritative non-TLD providers, has
had to...
Mr
Matt Weinberg
(Verisign), Mr
Piet Barber
(Verisign)
5/9/15, 4:30 PM
Public Workshop
Verisign operates two root servers (A.root-servers.net, J.root-servers.net), the authoritative name servers for .com, .net, .edu and many other ccTLD and gTLDs. Alongside those TLD name services, Verisign offers a managed DNS service and DDoS attack mitigation platform for many big-name companies. Over the years, Verisign's infrastructure has been targeted for various volumetric attacks, and...
Mr
Ralf Weber
(Nominum Inc)
5/9/15, 5:00 PM
Public Workshop
Drawing upon high resolution worldwide resolver data this presentation will cover changes in attack vectors, intensity, duration and domains targeted. In mid march yet another twist on the attacks appeared - hybrid queries using randomized labels querying for names that amplify. This has numerous implications and tests of mitigation techniques will also be presented, comparing and contrasting...
Mr
Geoff Huston
(APNIC)
5/10/15, 9:00 AM
Public Workshop
This is a followup to a previous presentation to DNS OARC on the use of ECC as a digital signature algorithm. We report on the findings of a large scale field test of presentation of a DNS name signed using ECDSA, looking at the level of support in resolvers for DNSSEC validation and the behaviour when given a badly signed name.
Duane Wessels
(Verisign)
5/10/15, 9:30 AM
Public Workshop
The effects of increasing the root zone KSK size are studied by replaying trace data from a.root-servers.net to different name server processes with different ZSK (and KSK) parameters. This work explores how differing key sizes might affect root server operations in terms of (a) percent of UDP responses with TC bit set; (b) the distribution of response sizes over both UDP and TCP; (c) the...
Mr
Filippo Valsorda
(CloudFlare Inc.), Mr
Ólafur Guðmundsson
(CloudFlare Inc.)
5/10/15, 10:00 AM
Public Workshop
CloudFlare operates a DNS servers in a non traditional way: there are no zone files and answers can be assembled from multiple sources on the fly. This prevented us from using existing DNSSEC tools.
In order to provide a reliable and scalable solution that is friendly to the Internet we started questioning every assumption ever made on DNSSEC deployment. The resulting design will hopefully...
Mr
Bruce Van Nice
(Nominum)
5/10/15, 10:45 AM
Public Workshop
Analysis of high resolution DNS data reveals intricate patterns. This presentation offers visualizations of 24 hours of query data for provider resolvers across time, type, TLDs, and names for both legitimate and malicious traffic. Drill downs into threat details – such as bot, DDoS, and malware will be presented. Other query data will also be evaluated and displayed.
Mr
Joao Luis Silva Damas
(Bond Internet Systems)
5/10/15, 11:15 AM
Public Workshop
Dissection and observation of traffic at a residential ISP
We analyse the DNS traffic from residential and SOHO customers of a en eye-balls ISP over a 24h period.
We will describe the observed query patterns, correlating to different types of usage such as CDNs and popular sites using DNS to manage their traffic engineering and different observed uses of DNS describing what are the...
Ms
Cathy Almond
(Internet Systems Consortium)
5/10/15, 11:45 AM
Lightning Presentations
Unusual DNS query patterns have been the focus of many recent talks that have examined the sources, targets and intent of this
traffic, as well as the impact seen by authoritative servers and resolvers alike.
Over the past year ISC has been trialling experimental recursive client rate limiting techniques in BIND to limit impact of this unwanted traffic on both servers and DNS...
Mr
Florian Maury
(ANSSI/FNISA)
5/10/15, 12:00 PM
Public Workshop
ANSSI identified that several popular DNS resolver implementations could
be led into following a large number of delegations. By doing so, these
resolvers could inflict a denial of service either of the resolver
itself by excessive resource consumption or its hosting network by
flooding it with packets.
Vulnerable implementations can also be enticed into sending to a victim
ten times...
Mr
Patrik Wallström
(.SE)
5/10/15, 2:00 PM
Public Workshop
Testing DNS delegations has a long history. Some TLD registries used to do pre-delegation testing before delegating a new or reconfigured domain, some do testing for statistics, but most people do it to find errors in their DNS configuration. Zonemaster is a new tool created by .SE and AFNIC, and builds on our previous experience on working with DNS delegation checking tools such as DNSCheck...
Mr
Jim Martin
(ISC)
5/10/15, 2:30 PM
Lightning Presentations
ISC has been operating the DNSSEC Look-aside validation registry for several years now. DLV allows a DNSSEC domain to validate before its parent is DNSSEC signed. We believe that the time has come to wean people off of this transition mechanism, and back onto using the chain of trust to the root.
Mr
Florian Maury
(ANSSI/FNISA)
5/10/15, 2:45 PM
Lightning Presentations
ANSSI published in May 2014 a document written in French, which lists a set of best current practices to improve the resiliency of the DNS.
This document target audience is the French administration, the French companies and the general public.
The guidelines cover the organizational, juridical and technical aspects that a domain name holder should consider when choosing a domain name and...
Mr
Sebastian Castro
(.nz Registry Services)
5/10/15, 3:00 PM
Lightning Presentations
This will be a lightning talk to present a technique from text mining applied to DNS traffic. By using the TF-IDF method, it's possible to identify which domain names are more relevant to a set of IP addresses, and comparing a large volume of DNS traffic can provide insights of general domain name behaviour. This is a PoC, and there will be visualizations.
Mr
Francisco Cifuentes
(NIC Chile Research Labs)
5/10/15, 3:10 PM
Lightning Presentations
DNS stream analysis is an appropriate environment to work with real
time analytics due to the extremely large amount of queries that needs
to be processed per second.
There are some tools used to analyze DNS traffic, such as DSC, DSCng
or Bumblebee, but they focus in statistical analysis, mainly providing
visualization of data aggregations. We will show our system design
for a...
Mr
bert hubert
(PowerDNS)
5/10/15, 3:50 PM
Lightning Presentations
Recently, DNS systems have been under sustained attack via open relays or dedicated sources of malicious traffic. Simultaneously, many operators note poor support for DNS within their existing load balancing solutions.
It has been noted that load balancing DNS is not like load balancing HTTP. For example, one highly loaded server delivers better response times than 10 lightly loaded...
Mr
William Sotomayor
(DNS-OARC)
5/10/15, 4:15 PM
Lightning Presentations
An overview of RSSAC-002 metrics and OARC's efforts to collect them from various root server operators. Also include a preliminary analysis of the content.
Mr
William Sotomayor
(DNS-OARC)
5/10/15, 4:30 PM
Public Workshop
This presentation is an overview of current AS112 happenings as well as the latest survey of detected AS112 nodes with a focus on research networks and AS112.
Mr
Kazunori Fujiwara
(Japan Registry Services Co., Ltd)
5/10/15, 4:50 PM
Public Workshop
It's said that the load to DNS is still increasing and queries to
root and TLD DNS servers are still increasing. However, there is no
materlal which indicates the increase of queries to root and TLD DNS
servers. This presentation tries to show the increase of root and
JP TLD DNS server queries and appeales evidence gathering about the
increase of queries to DNS servers. (about...
Mr
Edward LEWIS
(ICANN)
5/10/15, 5:05 PM
Public Workshop
Ed Lewis from ICANN will be presenting about the status of the work led by ICANN to execute a Root Zone KSK rollover. There will be space for discussion and feedback.