Mr
Ondrej Filip
(CZ.NIC)
15/10/2016, 10:00
Mr
Jerry Lundström
(DNS-OARC), Mr
William Sotomayor
(DNS-OARC)
15/10/2016, 10:35
Mr
Ondrej Filip
(CZ.NIC),
Paul Ebersman
(Comcast)
15/10/2016, 11:15
OARC AGM
Mr
Christopher Baker
(Dyn)
15/10/2016, 11:30
Public Workshop
Shane Kerr
(BII)
15/10/2016, 12:15
IDN is fun! And not just for boring things like modern languages.
Build a domain name to stand the test of time...
Shane Kerr
(BII)
15/10/2016, 14:00
An look at the first experimental results of the Yeti DNS project, which is an experimental root server testbed.
Dr
Casey Deccio
(Verisign Labs)
15/10/2016, 15:00
Both the DNS and its security extensions (DNSSEC) are often met with deployment challenges that can affect the quality of (or the very possibility of) resolution. Various tools have been developed to test DNS services, both pre- and post-deployment. DNSViz, available both as a Web-based tool and as a command-line suite, introduces functionality to identify problems with a DNS deployment and...
Mr
Ondrej Sury
(CZ.NIC)
15/10/2016, 16:00
CZ.NIC is preparing to switch the DNSSEC Signing Algorithm for .CZ TLD from RSA/SHA-512 to ECDSAP256SHA256. In this presentation I will focus on the reasoning, the preparation, the plan and operational obstacles with changing the DNSSEC Algorithm to Elliptic Curves for the TLD (for the first time ever - if nobody beats us till Dallas).
Mr
Ralf Weber
(Nominum Inc)
16/10/2016, 09:30
On August 3rd around 12:40 UTC the name servers for wd2go.com stopped answering queries. As this domain is used by a lot of Western Digital software devices for cloud backup these devices stopped functioning. In addition to this they issued lots of DNS queries to get to their servers. This talk looks into what burden these devices put on recursive resolvers and what in turn the different...
Mr
Sebastian Castro
(NZRS)
16/10/2016, 10:00
From data collected at the authoritative side and with machine learning algorithms in our side, we embark in the effort to see if we can identify traffic patterns matching known resolver addresses.
Mr
John Heidemann
(USC/Information Sciences Institute)
16/10/2016, 11:00
Today service and content providers often use IP anycast to replicate
instances of their services, improving reliability and lowering latency
to their users. In IP anycast a single logical address associated to a
service is announced from multiple physical locations (*anycast sites*).
Anycast then uses BGP routing to divide the Internet into different
*catchments*, each associating some...
Mr
Vincent Levigneron
(AFNIC)
16/10/2016, 11:30
Dear program commitee members,
We had to deal with NSEC3 validation issues on NSD and Google Public DNS service. From the alert to the solutions we found, process modifications and lessons learned, we would like to share with the community and give them clues if they have that kind of configuration (NSEC3+opt-out+ENT+...) to fix it because Google public DNS does not handle it correctly...
Mr
John Heidemann
(USC/Information Sciences Institute)
16/10/2016, 12:00
Distributed Denial-of-Service (DDoS) attacks continue to be a major
threat in the Internet today. DDoS attacks overwhelm target services
with requests or other "bogus" traffic, causing requests from legitimate users
to be shut out. A common defense against DDoS is to replicate the
service in multiple physical locations or sites. If all sites
announce a common IP address, BGP will...
Matthew Pounsett
(Rightside)
16/10/2016, 14:00
In the last year, Rightside has transferred in two signed TLDs: REISE in June of 2015, and JETZT in May of 2016. We believe these were the first two signed TLDs to ever go through a full inter-operator transfer (including NS change and key rolls). We anticipate this type of transfer will become more common in the next few years, and would like to share our experiences with the community.
Mr
Christopher Baker
(Dyn)
16/10/2016, 14:30
There are a number of free and commercial DNS performance comparison platforms publishing rankings and metrics. From free offerings such as DNSPerf and SolveDNS to commercial platforms such as CloudHarmony or Catchpoint. Each of these platforms measure DNS performance in their own way producing different results. What exactly are they measuring? When you look at a time series, where did the...
Ms
Jaime Cochran
(CloudFlare Inc.), Mr
Marek Vavrusa
(CloudFlare Inc.)
16/10/2016, 15:00
Earlier this year we investigated a buffer overflow error in GNU libc DNS stub resolver code known as CVE-2015-7547. Similar to *"Ghost"* vulnerability in `gethostbyname()`, this vulnerability allows RCE in every application calling it, from SSH to browsers. This made it very dangerous in theory, but the exploitability was still an enigma. The disclosure mentioned a back of the envelope...
Mr
Andrew White
16/10/2016, 16:00
Lightning Presentations
Mr
David Conrad
(ICANN)
16/10/2016, 16:05
Mr
Ciprian Dan Cosma
(Amazon)
16/10/2016, 16:15
**Background:**
The size of the UDP buffers has a significant impact on nameserver performance and, as such, is a decision that has to be taken for all DNS deployments. Due to the interaction between operating system memory allocation strategies, TCP/IP stack implementation, buffer accounting, and application software there are a lot of misunderstandings about what is the appropriate value...
Mr
Sebastian Castro
(NZRS)
16/10/2016, 16:45
This is a short presentation about forensic digging into DNS data to understand when and why the Internet went crazy querying for the same record again and again. Cooperation with a provider and rapid action helped to mostly fix the problem.
Mr
Kazunori Fujiwara
(Japan Registry Services Co., Ltd)
16/10/2016, 17:00
Public Workshop
Referrals (parent side NS RRset at zone cut) and glue are important.
However, the importance is not well described in DNS standards. RFC
2181 Section 5.4.1 "Ranking data" shows that referrals ranking is
lowest. However, the referrals make zones and specify name servers
that serve authoritative data for the zones. The glue specifies IP
addresses of the name servers that serve...
