15-16 October 2016
The Fairmont Dallas
US/Central timezone
Home > Contribution List

Contribution List

Displaying 30 contributions out of 30
Type: Standard Presentation Session: Public Workshop: Measurement and Testing
Track: Public Workshop
The need for a private Domain Name System (DNS) has become increasingly important in recent years. There are several different proposals to address this growing problem, including DNS-over-TLS and DNSCurve. The former enables clients to create ephemeral sessions with either their resolver or authoritative (stub) servers in which queries can be issued. The latter uses per-query encryption to p ... More
Presented by Christopher WOOD on 15 Oct 2016 at 11:45
Type: Standard Presentation Session: Public Workshop: Anycast
Track: Public Workshop
Today service and content providers often use IP anycast to replicate instances of their services, improving reliability and lowering latency to their users. In IP anycast a single logical address associated to a service is announced from multiple physical locations (*anycast sites*). Anycast then uses BGP routing to divide the Internet into different *catchments*, each associating some users ... More
Presented by Mr. John HEIDEMANN on 16 Oct 2016 at 11:00
Type: Standard Presentation Session: Public Workshop: Anycast
Track: Public Workshop
Distributed Denial-of-Service (DDoS) attacks continue to be a major threat in the Internet today. DDoS attacks overwhelm target services with requests or other "bogus" traffic, causing requests from legitimate users to be shut out. A common defense against DDoS is to replicate the service in multiple physical locations or sites. If all sites announce a common IP address, BGP will associate ... More
Presented by Mr. John HEIDEMANN on 16 Oct 2016 at 12:00
Type: Standard Presentation Session: Public Workshop: DNS Testing
Track: Public Workshop
Most tests of authoritative DNS servers are done on those serving the root and TLDs. Yet there are millions of name servers listed for the level under the TLDs, and the reliability and capabilities those name servers are also important for end users. In order to test properties of these authoritative servers, we collect all of the name servers from the gTLD zones and ccTLDs that make their zone ... More
Presented by Paul HOFFMAN on 15 Oct 2016 at 14:30
Presented by Mr. Terry MANDERSON on 16 Oct 2016 at 16:10
Type: Standard Presentation Session: Public Workshop: Security and Privacy
Track: Public Workshop
There are a number of free and commercial DNS performance comparison platforms publishing rankings and metrics. From free offerings such as DNSPerf and SolveDNS to commercial platforms such as CloudHarmony or Catchpoint. Each of these platforms measure DNS performance in their own way producing different results. What exactly are they measuring? When you look at a time series, where did the obser ... More
Presented by Mr. Christopher BAKER on 16 Oct 2016 at 14:30
Type: Standard Presentation Session: Public Workshop: Measurement and Testing
Track: Public Workshop
IDN is fun! And not just for boring things like modern languages. Build a domain name to stand the test of time...
Presented by Shane KERR on 15 Oct 2016 at 12:15
Type: Standard Presentation Session: Public Workshop: Anycast
Track: Public Workshop
Dear program commitee members, We had to deal with NSEC3 validation issues on NSD and Google Public DNS service. From the alert to the solutions we found, process modifications and lessons learned, we would like to share with the community and give them clues if they have that kind of configuration (NSEC3+opt-out+ENT+...) to fix it because Google public DNS does not handle it correctly yet. ... More
Presented by Mr. Vincent LEVIGNERON on 16 Oct 2016 at 11:30
Type: Standard Presentation Session: Public Workshop: Security and Privacy
Track: Public Workshop
Earlier this year we investigated a buffer overflow error in GNU libc DNS stub resolver code known as CVE-2015-7547. Similar to *"Ghost"* vulnerability in `gethostbyname()`, this vulnerability allows RCE in every application calling it, from SSH to browsers. This made it very dangerous in theory, but the exploitability was still an enigma. The disclosure mentioned a back of the envelope analysis t ... More
Presented by Ms. Jaime COCHRAN, Mr. Marek VAVRUSA on 16 Oct 2016 at 15:00
Presented by Mr. David CONRAD on 16 Oct 2016 at 16:05
Type: Standard Presentation Session: Public Workshop: Security and Privacy
Track: Public Workshop
In the last year, Rightside has transferred in two signed TLDs: REISE in June of 2015, and JETZT in May of 2016. We believe these were the first two signed TLDs to ever go through a full inter-operator transfer (including NS change and key rolls). We anticipate this type of transfer will become more common in the next few years, and would like to share our experiences with the community.
Presented by Matthew POUNSETT on 16 Oct 2016 at 14:00
Type: Standard Presentation Session: Members Session
Track: OARC AGM
Presented by Mr. Ondrej FILIP on 15 Oct 2016 at 10:00
Type: Standard Presentation Session: Public Workshop: DNSSEC
Track: Public Workshop
CZ.NIC is preparing to switch the DNSSEC Signing Algorithm for .CZ TLD from RSA/SHA-512 to ECDSAP256SHA256. In this presentation I will focus on the reasoning, the preparation, the plan and operational obstacles with changing the DNSSEC Algorithm to Elliptic Curves for the TLD (for the first time ever - if nobody beats us till Dallas).
Presented by Mr. Ondrej SURY on 15 Oct 2016 at 16:00
Type: Standard Presentation Session: Public Workshop
Track: Public Workshop
**Background:** The size of the UDP buffers has a significant impact on nameserver performance and, as such, is a decision that has to be taken for all DNS deployments. Due to the interaction between operating system memory allocation strategies, TCP/IP stack implementation, buffer accounting, and application software there are a lot of misunderstandings about what is the appropriate value and ... More
Presented by Mr. Ciprian Dan COSMA on 16 Oct 2016 at 16:15
Session: Members Session
Track: OARC AGM
Presented by Mr. Ondrej FILIP, Paul EBERSMAN on 15 Oct 2016 at 11:15
Session: Members Session
Presented by Mr. William SOTOMAYOR, Mr. Jerry LUNDSTRÖM on 15 Oct 2016 at 10:35
Session: Members Session
Track: OARC AGM
Presented by Mr. William SOTOMAYOR on 15 Oct 2016 at 10:05
Session: Members Session
Track: OARC AGM
Presented by Duane WESSELS on 15 Oct 2016 at 11:05
Type: Standard Presentation Session: Public Workshop: Data Analysis
Track: Public Workshop
From data collected at the authoritative side and with machine learning algorithms in our side, we embark in the effort to see if we can identify traffic patterns matching known resolver addresses.
Presented by Mr. Sebastian CASTRO on 16 Oct 2016 at 10:00
Type: Standard Presentation Session: Public Workshop: Data Analysis
Track: Public Workshop
CIRA designed an engine to overlay DNS queries with customer relevant information and save into a Hadoop cluster in order to provide detailed traffic information and serve as the Machine Learning R&D projects foundation. The engine was built on top of the SIDN Entrada library to leverage its efficient PCAP decoding feature. In order to easily allow concurrent processing, the engine was impleme ... More
Presented by Mr. Elson OLIVEIRA on 16 Oct 2016 at 09:00
Presented by Mr. Joseph ABLEY on 16 Oct 2016 at 13:00
Type: Standard Presentation Session: Public Workshop: DNS Testing
Track: Public Workshop
Both the DNS and its security extensions (DNSSEC) are often met with deployment challenges that can affect the quality of (or the very possibility of) resolution. Various tools have been developed to test DNS services, both pre- and post-deployment. DNSViz, available both as a Web-based tool and as a command-line suite, introduces functionality to identify problems with a DNS deployment and pres ... More
Presented by Dr. Casey DECCIO on 15 Oct 2016 at 15:00
Session: Public Workshop
Track: Public Workshop
Referrals (parent side NS RRset at zone cut) and glue are important. However, the importance is not well described in DNS standards. RFC 2181 Section 5.4.1 "Ranking data" shows that referrals ranking is lowest. However, the referrals make zones and specify name servers that serve authoritative data for the zones. The glue specifies IP addresses of the name servers that serve authoritative d ... More
Presented by Mr. Kazunori FUJIWARA on 16 Oct 2016 at 17:00
Session: Members Session
Track: Public Workshop
Presented by Mr. Christopher BAKER on 15 Oct 2016 at 11:30
Type: Standard Presentation Session: Public Workshop: DNSSEC
Track: Public Workshop
IANA/ICANN/PTI has prepared a plan to change the Root Zone DNSSEC KSK. This talk will present highlights of the plan to explain what will be happening, why this is important to follow, and what the audience needs to do as a result. One of the IANA Functions that ICANN performs is the management of the Key Signing Key (KSK) for the Root Zone’s DNS Security Extensions (DNSSEC). Knowing what t ... More
Presented by Mr. Matt LARSON on 15 Oct 2016 at 16:45
Session: Public Workshop: Lightning Talks
Track: Lightning Presentations
Presented by Mr. Andrew WHITE on 16 Oct 2016 at 16:00
Type: Standard Presentation Session: Public Workshop
Track: Public Workshop
This is a short presentation about forensic digging into DNS data to understand when and why the Internet went crazy querying for the same record again and again. Cooperation with a provider and rapid action helped to mostly fix the problem.
Presented by Mr. Sebastian CASTRO on 16 Oct 2016 at 16:45
Type: Standard Presentation Session: Public Workshop: DNSSEC
Track: Public Workshop
Validating resolvers need a way to get the DNSSEC root trust anchors. Today, most use one of the tools built into the popular resolvers, such as unbound-anchor. Some systems want to get and validate the trust anchors independently of any existing resolver software. We have created a system that only requires Python 2.7 or 3.x with no additional modules, plus any recent OpenSSL command line bina ... More
Presented by Paul HOFFMAN on 15 Oct 2016 at 16:30
Type: Standard Presentation Session: Public Workshop: Data Analysis
Track: Public Workshop
On August 3rd around 12:40 UTC the name servers for wd2go.com stopped answering queries. As this domain is used by a lot of Western Digital software devices for cloud backup these devices stopped functioning. In addition to this they issued lots of DNS queries to get to their servers. This talk looks into what burden these devices put on recursive resolvers and what in turn the different resolver ... More
Presented by Mr. Ralf WEBER on 16 Oct 2016 at 09:30
Type: Standard Presentation Session: Public Workshop: DNS Testing
Track: Public Workshop
An look at the first experimental results of the Yeti DNS project, which is an experimental root server testbed.
Presented by Shane KERR on 15 Oct 2016 at 14:00