from 31 March 2016 to 1 April 2016
Intercontinental Buenos Aires
America/Buenos_Aires timezone
Home > Contribution List

Contribution List

Displaying 29 contributions out of 29
Session: Public Workshop: Data Analysis
Track: Public Workshop
Much has been written about IPv6 adoption and its performance. One thing that has not been explored is how IPv6 DNS resolution contributes to overall user experience. What impact does transport, authoritative server configuration and other factors have on the “long tail” of domains queried over IPv6? This talk will present experimental results using a data set of approximately 35 million uniq ... More
Presented by Mr. Ralf WEBER on 31 Mar 2016 at 13:30
Session: Public Workshop: DNSSEC Algorithm Rollover
Track: Lightning Presentations
Algorithm roll-overs are part of any security system, because older algorithms lose their strength, and stronger and newer algorithms come along. At the RIPE NCC we recently rolled our algorithm from SHA1 and to SHA256. We had some interesting issues, and I'd like to talk about them, especially as more people may want to consider rolling their algorithms now. Amongst these issues were things li ... More
Presented by Anand BUDDHDEV on 1 Apr 2016 at 16:30
Presented by Mr. Matt WEINBERG on 1 Apr 2016 at 15:25
Session: Public Workshop: Data Analysis
Track: Public Workshop
At the end of 2015 the Continuous Data-driven Analysis of Root Server System Stability (CDAR)[1] study was started by the consortium partners NLnet Labs, SIDN and TNO. The objective of the CDAR study is to analyze the technical impact of the introduction of New gTLDs in the root zone on the stability and security of the root server system. With this in mind, we engaged in the collection and an ... More
Presented by Mr. Bart GIJSEN on 31 Mar 2016 at 14:30
Session: Public Workshop
Track: Public Workshop
NIC Chile, .CL ccTLD registry, started to offer a secondary name service to its customers as a way to improve the overall internet robustness in Chile more than 10 years ago. We are going to show the evolution of a free of charge service from an unicast ip server to an anycast cloud, and using a sort of "meta-slave" daemon for provisioning the nodes.
Presented by Mr. Diaz MARCO on 1 Apr 2016 at 14:30
Presented by Sara DICKINSON on 1 Apr 2016 at 15:15
Session: Public Workshop
Track: Public Workshop
A generic testing framework was produced as a part of developing the Knot Resolver. This framework is written in python and can use UNIX domain sockets to bypass the underlying physical network and fake time using libfaketime. Apart from short introduction I will show the audience some real-life scenarios for testing the recursive and authoritative DNS servers and how to integrate Deckard into yo ... More
Presented by Mr. Ondrej SURY on 1 Apr 2016 at 14:00
Session: Public Workshop
Track: Lightning Presentations
This is intended to be an update to an earlier presentation on the extent to which DNS resolvers are able to performance validation on ECDSA-signed data
Presented by Mr. Geoff HUSTON on 1 Apr 2016 at 14:50
Presented by Mr. Mark ANDREWS on 1 Apr 2016 at 15:20
Session: Public Workshop: Data Analysis
Track: Public Workshop
SIDN, the registry for the .nl ccTLD, managing 5,6 million .nl domain names, has recently made significant changes to its zone file publication policy: - A new zone file is now available every hour, instead of every 2 hours. - The delegation TTL value has been decreased to match the new publishing interval. - The SOA minimum TTL value has been decreased from 900 to 600 seconds. We used ENT ... More
Presented by Mr. M WULLINK on 31 Mar 2016 at 14:00
Session: Public Workshop: First Session
Track: Public Workshop
Many new and developing DNS features have emerged in recent years to improve both the security and privacy of DNS ( e.g. DNSSEC/DANE and DNS-over-TCP/TLS). A major reason for the lack of uptake and deployment of these features by applications is that existing DNS APIs either do not support the features or do not provide an application friendly interface. To solve this problem the getdns API was de ... More
Presented by Sara DICKINSON, Mr. Willem TOOROP on 31 Mar 2016 at 11:00
Session: Public Workshop: Research
Track: Public Workshop
Verisign, in its role as Root Zone Maintainer, plans to increase the size of the root zone Zone Signing Key (ZSK) in 2016. The ZSK has been a 1024-bit RSASHA256 key since the initial deployment of DNSSEC to the root zone in 2010. In the latter half of 2016, the ZSK size will be increased to 2048-bits. In this presentation we will outline the schedule for the change, describe various technical ... More
Presented by Duane WESSELS on 1 Apr 2016 at 12:00
Session: Public Workshop: Tools & Measurements
Track: Public Workshop
Knot DNS Resolver is a new CZ.NIC project that builds a fully DNSSEC-validating DNS resolver. But it's more it's a powerful platform for building resolver service due its extensibility via modules and configuration in Lua.
Presented by Mr. Ondrej SURY on 1 Apr 2016 at 09:00
Session: Public Workshop: Tools & Measurements
Track: Public Workshop
The ability to measure network and server behaviors from different network vantage points is important for understanding the general health of a network ecosystem. There are various platforms, frameworks, and APIs designed and built to accommodate this need. In this talk we discuss a new DNS looking glass framework designed for low-overhead deployment and great flexibility, and available for use ... More
Presented by Dr. Casey DECCIO on 1 Apr 2016 at 10:00
Session: Members Session
It has been another busy 6 months for the OARC Team. In particular, we're well down the path of executing a plan which will re-locate our primary infrastructure hosting site to multiple new locations. We also have a new staff member recently joined as Software Engineer, and are gearing up for our DITL2016 data gathering exercise shortly after the workshop. This presentation will update OARC Mem ... More
Presented by Mr. Keith MITCHELL on 31 Mar 2016 at 10:10
Presented by Mr. Ondrej SURY
Session: Public Workshop: DNSSEC Algorithm Rollover
Track: Public Workshop
This is a proposal to have a discussion panel with DNS vendors (ISC, NlNetLabs, PowerDNS, CZ.NIC, Nominum, Microsoft) and people from operating systems and Linux distros (Microsoft, Debian, Ubuntu, RedHat, SuSE) to come and discuss challenges of introducing new and deprecating old DNS(SEC) algorithms. The proposed moderators are Dan York and Olaf Kolkman as neutral moderators. Also invited to ... More
Presented by Dan YORK, Jan VČELÁK, Mr. Ralf WEBER, Dr. Benno OVEREINDER, Evan HUNT, Paul WOUTERS, Mr. Ondrej SURY on 1 Apr 2016 at 17:00
Session: Public Workshop: Privacy
Track: Public Workshop
Data stored in the DNS is publicly visible. DNS transactions, on the other hand, contain privacy sensitive information. The Snowden revelations about pervasive monitoring are seen as a wake up call for the internet community to increase the focus on privacy protection. One of the privacy threat mitigation methods mentioned in RFC6973, is the principle of data minimisation[0]. The RFC states that: ... More
Presented by Ralph DOLMANS on 31 Mar 2016 at 16:30
Presented by Mr. Stéphane BORTZMEYER on 1 Apr 2016 at 15:25
Session: Public Workshop: First Session
Track: Public Workshop
In OARC 22 (Amsterdam) we gave a lightning talk about the possibilities and prospects of using Apache Storm for real-time analytics of DNS packets. Now, after a year of work, we are glad to present RaTA-DNS, our modular system for realtime analytics. RaTA-DNS was designed as a set of self-contained modules aiming to an easy integration with existing systems such as DSC and Hedgehog, and new sy ... More
Presented by Dr. Javier BUSTOS-JIMÉNEZ on 31 Mar 2016 at 11:30
Session: Members Session
Track: Member Business
In the last several weeks, the RIPE NCC's DNS infrastructure has experienced some DDoS events. In this presentation, I would like to talk about what we experienced, and how we tried to mitigate the attacks. I will talk about the nature of the attacks, and specifically what kind of methods and tools we used to try and defence our infrastructure.
Presented by Anand BUDDHDEV on 31 Mar 2016 at 10:35
Session: Public Workshop: Research
Track: Public Workshop
On November 30 and December 1, 2015, some of the Internet's Domain Name System (DNS) root name servers received large amounts of anomalous traffic. The twelve root operators jointly published a report of the incident ([http://www.root-servers.org/news/events-of-20151130.txt][1]). The event also generated spirited discussion and speculation on public mailing lists, website forums, and blog postings ... More
Presented by Mr. Matt WEINBERG, Duane WESSELS on 1 Apr 2016 at 11:00
Session: Public Workshop: DNSSEC Algorithm Rollover
Track: Public Workshop
This is a report of one member's perspectives on the work of the Root Key Roll Design Team, looking at the various operational tradeoffs that were involved in preparing the plan to roll the root key. I would also like to make some comments on the state of standards and implementations of resolvers and the lack of clear standard specifications about how to signal a key roll. Where possible I will i ... More
Presented by Mr. Geoff HUSTON on 1 Apr 2016 at 16:00
Session: Public Workshop: Privacy
Track: Public Workshop
The "DNS privacy" project started at the IETF meeting in Vancouver a few months after the Snowden revelations. What is its current state? A problem statement has been published, RFC 7626. Two directions are followed: QNAME minimisation, to decrease the amount of data sent to the name servers. And encryption, to prevent a sniffer to get the data. This talk will present the state of standardisati ... More
Presented by Mr. Stéphane BORTZMEYER on 31 Mar 2016 at 16:00
ICANN has recently begun testing live authoritative servers for conformance to the DNS protocols, particularly for TCP and EDNS(0) compliance. We do this by collecting registered names from the zone files of all gTLDs, as well as a representative sampling of names registered in the ccTLDs. This paper shows the test methodology, the levels of compliance found, and suggests avenues for further testi ... More
Presented by Paul HOFFMAN on 31 Mar 2016 at 15:30
Session: Public Workshop: Research
Track: Public Workshop
In an effort to create all possible 64K keytags for a DNSSEC signing key, an anomaly surfaced that caused 75% of the possible keytags to never appear. This effort to generate certain cryptographic keys became an adventure in itself that included beautiful discrete math, flawed functions, carefully crafted primes, multiple cryptographic libraries, and some brilliant people. The result of this ... More
Presented by Roy ARENDS on 1 Apr 2016 at 11:30
Session: Public Workshop: Tools & Measurements
Track: Public Workshop
In the 20th DNS-OARC workshop, we showed a virtual HSM based on threshold cryptography. This system has the purpose to be used with OpenDNSSEC in order to provide a low cost solution to DNS record signing automation. But that system had a single point of failure: the key manager. Single points of failure are undesirable, even more in a fault tolerant distributed system. After a reengineering durin ... More
Presented by Mr. Francisco CIFUENTES on 1 Apr 2016 at 09:30
Session: Members Session
Presented by Mr. Ondrej FILIP on 31 Mar 2016 at 10:00
Presented by Mr. Geoff HUSTON on 1 Apr 2016 at 15:10