Mr
Jerry Lundström
(DNS-OARC), Mr
Keith Mitchell
(DNS-OARC)
14/05/2017, 10:15
OARC Business
Mr
Keith Mitchell
(DNS-OARC)
14/05/2017, 10:55
OARC Business
Mr
Pavel Odintsov
(Cloudflare)
14/05/2017, 11:30
Cloudflare hosts managed DNS infrastructure for over 5 million zones. In 2016 we began work on re-building a core part of our DNS Nameserver (rrDNS) and data provisioning software to better handle the scale as well as to improve reliability and performance, and pave the way for new features. DNS operations and systems are not immune from scaling bumps; things that work great for 100K domains...
Mr
Ondrej Sury
(CZ.NIC)
14/05/2017, 12:00
I would like to study and present the effect of parent (TLD) zone TTL changes based on behavior of different DNS resolvers implementations and how they handle the delegation NS TTLs. The presentation will include different scenarios where TTL matter, might matter, might not matter, or doesn't matter at all related to the DNS resolver implementations.
Santiago Ruano Rincón
(IMT Atlantique)
14/05/2017, 15:00
In this presentation we show our ongoing work to develop a testbed --based on software and commodity hardware-- to research on flooding attacks against DNS infrastructure. We have currently developed two prototype components: a flooding DNS query generator, able to saturate 10GbE links with 11Mrps, and an online detector of overabundant queried domains at reception. Relying on DPDK and...
Mr
Bert Hubert
(PowerDNS)
14/05/2017, 15:30
Using techniques inspired by the HyperLogLog counting algorithm, it has proven possible to rapidly measure the number of DNSSEC-signed delegations worldwide for both NSEC and NSEC3 zones, using around 4096 queries per zone.
In this presentation, I will briefly describe HyperLogLog & then how this maps to NSEC names and NSEC3 hashes. I will also discuss how reliable results from measuring...
Mr
Ondrej Sury
(CZ.NIC)
14/05/2017, 16:30
The DNS Violations effort has been kicked off few days ago. In this presentation, I am going to cover the most common types of DNS protocol violations with real world examples, recommendations, workarounds. I would also like to initiate a discussion about possible way how to move forward and whether we need and want to take a stand.
Mr
Ray Bellis
(Internet Systems Consortium, Inc.)
14/05/2017, 17:00
I will describe (and hopefully demonstrate) ISC's Performance Lab System, which we intend to release as Open Source by the time of the workshop.
This system performs continuous builds and tests of multiple configurations of BIND9 and other DNS software for the purpose of tracking long term trends, identifying performance regressions, and for testing the effects on performance of...
David Lawrence
(Akamai Technologies),
Jan Včelák
(NS1),
Shumon Huque
(Salesforce)
15/05/2017, 09:45
NSEC5 is a proposed enhancement to DNSSEC that provably prevents zone enumeration. It does this by replacing the hashes used in NSEC3 with hashes computed by a verifiable random function (VRF), and requiring authoritative servers to perform a small amount of online cryptography for negative responses. This talk will give an overview of the latest NSEC5 protocol specification, and describe the...
Shane Kerr
(Oracle / Dyn)
15/05/2017, 10:30
EDNS Key Tag promises to provide much-needed information about the DNSSEC configuration of recursive resolvers. Sadly, this technology is not yet standardized or implemented. Luckily, we can fake it in a useful way.
This presentation very briefly covers the EDNS Key Tag as well as a hack built to provide EDNS Key Tag functionality for systems that do not support it. Also, we learn that awk...
Mr
Ólafur Guðmundsson
(CloudFlare)
15/05/2017, 11:15
Cloudflare operates multiple DNS services in over 100 data centers around the globe, which makes troubleshooting with unstructured logs or packet captures impractical due to its storage and computational costs. In the first part of this talk we’ll go over our current data analytics architecture and how we got there, after a few false starts.
This will cover logging infrastructure, that...
Merike Kaeo
(Farsight Security)
15/05/2017, 11:45
This talk will provide updates on dnstap, including the latest code developments and operational use cases. It will detail the results of tests that compare performance characteristics of a dnstap enabled pDNS sensor versus those of a BPF pDNS sensor.
Mr
Alexander Mayrhofer
(nic.at GmbH)
15/05/2017, 12:15
Many DNS operators, particularly those of high volume authoritative servers (such as TLD operators) perform operational monitoring of incoming (and outgoing) DNS query load. Often, this entails capturing (and subsequently storing and analyzing) the query/response stream.
With DNS query rates (and hence traffic) increasing year by year, operators face the challenge that capture, transport...
Dr
Maciej Korczynski
(Deflt University of Technology)
15/05/2017, 14:15
Domain names are a critical resource for legitimate users, but also for criminals. This has led to a variety of attacks on the underlying technology, the Domain Name System (DNS) infrastructure. Registrars have been hacked, attackers have set up malicious domain name resolution services and DNS caches have been poisoned. What most attacks share in common is that they compromise the resolution...
Dr
Giovane Moura
(SIDN Labs)
15/05/2017, 14:45
Please see paper at[1] ,and blogpost at [2]
But in short, this is a concise survey paper on the forms of DNS abuse and their relation with TLD operators. We show how we can use the datasets we have in hand to detect these sorts of abuse, and how each of them have different business models that leave distinct traces on our datasets.
IMHO, I think other TLD operators may benefit from that....
Mr
Jaeson Schultz
(Cisco Systems)
15/05/2017, 15:00
1. **Data exfiltration using the DNS**
A. Multigrain malware, and other examples of the use of DNS for data exfiltration
1. Detecting subdomain-type data exfiltration through statistical analysis of subdomain lengths
B. Use of DNS 0x20 / XQID / IDN as a covert channel
1. Cisco Talos stats on malware’s use of mixed-case, XQID, and other queries
C....
Dr
Sara Dickinson
(Sinodun IT)
15/05/2017, 15:30
The DPRIVE Working Group has recently produced several standards relating to DNS-over-TLS as a method for encrypting Stub to recursive communications. Whilst there are several implementations available, deployment is still in the early stages.
Several experiment DNS-over-TLS servers have been running since 2016 and the dnsprivacy.net project is aiming to
- Increase DNS-over-TLS...
Mr
Willem Toorop
(NLnet Labs)
15/05/2017, 15:45
Many transactions that need to be trustworthy, and possibly encrypted, start with a DNS query. If we consider security from the ground-up, we need to include end users DNS transactions with resolvers in the security realm. The minimal step is DNSSEC where the received data can be verified and validated to be correct and authentic. But if we want to take security and privacy a step further,...
Paul Hoffman
(ICANN)
15/05/2017, 16:35
Lightning Presentations
Dr
Sara Dickinson
(Sinodun IT)
15/05/2017, 16:45
Lightning Presentations
Ralph Dolmans
(NLnet Labs)
15/05/2017, 16:55
Lightning Presentations
Mr
Peter van Dijk
(PowerDNS)
15/05/2017, 17:05
Lightning Presentations
Pieter Lexis
(PowerDNS)
15/05/2017, 17:15
Lightning Presentations
