from 29 September 2017 to 3 October 2017
Fairmont San Jose
US/Pacific timezone
Home > Contribution List

Contribution List

Displaying 40 contributions out of 40
Session: Lightning Talks
Presented by Ulrich WISSSER on 30 Sep 2017 at 14:15
Session: Lightning Talks
Presented by Warren KUMARI on 30 Sep 2017 at 14:40
Type: Standard Presentation Session: Public Workshop
Track: Public Workshop
RFC 8145 ("Signaling Trust Anchor Knowledge") was published in April 2017. This RFC describes how recursive name servers can signal, to authoritative servers, the trust anchors that they have configured for Domain Name System Security Extensions (DNSSEC) validation. Shortly after its publication, both Unbound and BIND implemented the specification. As organizations begin to deploy the new software ... More
Presented by Duane WESSELS on 29 Sep 2017 at 09:40
Type: Standard Presentation Session: Public Workshop
Track: Public Workshop
Domain Name System (DNS) authoritative servers are a critical component of Internet infrastructure, and as such, they are deliberately accessible to any Internet computer, as a means to find the Internet services they wish to access. Such accessibility can attract ill-intended users to use these same servers with malicious intent, a primary example being DNS reflection-based Distributed Denial-of ... More
Presented by Dr. Casey DECCIO on 29 Sep 2017 at 15:30
Type: Standard Presentation Session: Public Workshop
Track: Public Workshop
The Domain Name System (DNS) is a key part of the infrastructure of the Internet. Recent discussions have centered on the removal of the shared DNS resolver and the use of a local full-service resolver instead. From the viewpoint of the cache mechanism, these discussions involve removing the shared DNS cache from the Internet. Although the removal of unnecessary parts from a total system tend ... More
Presented by Mr. Kazunori FUJIWARA on 30 Sep 2017 at 09:45
Type: Standard Presentation Session: Public Workshop
Track: Public Workshop
The number of queries for the '. NS' RRset received at K.root-servers.net today is around 2000/second. This is much higher than what we would expect from well behaved clients. Hence we have studied all priming queries received at K for seven consecutive days in July 2017. This work describes the general characteristics of the priming queries and suggests a classification of client behavior. We ... More
Presented by Mr. Daniel KARRENBERG on 30 Sep 2017 at 09:30
Type: Standard Presentation Session: Public Workshop
Track: Public Workshop
The goal of this talk will be to review the current status of DNS clients that can provide DNS Privacy for end users. Stubby (from the getdns team) is becoming more mature - moving to it’s own project, improving packaging and there is a prototype GUI and iOS app on the way. Some Android folks spent time at the last IETF Hackathon implementing support for opportunistic DNS Privacy, and for th ... More
Presented by Dr. Sara DICKINSON on 29 Sep 2017 at 16:30
Type: Standard Presentation Session: Public Workshop
Track: Public Workshop
Highly available and responsive DNS access is critical to earn the trust of enterprise customers for a Software as a Service (SaaS) cloud company such as Salesforce. To provide better DNS services, we have implemented several types of monitoring which are different from those of infrastructure DNS organizations, but we think provide useful insights about DNS. Monitoring DNS services benefits us fr ... More
Presented by Dr. Han ZHANG on 29 Sep 2017 at 15:15
Type: Standard Presentation Session: Public Workshop
Track: Public Workshop
RFC7872 pointed to some issues with the use of IPv6 extension headers in the Internet and noted a failure rate of some 20% of tests when directing IPv6 packets with IPv6 extension headers towards authoritative name servers. This is a study of a test of the ability to pass fragmented IPv6 packets in the opposite direction, namely from authoritative name servers towards visible resolvers. This is a ... More
Presented by Mr. Geoff HUSTON on 30 Sep 2017 at 10:15
Type: Standard Presentation Session: Public Workshop
Track: Public Workshop
Over the last 10 years, T-Mobile have had a strategy of removing our dependency of IPv4. In the spring of 2017 we finally flipped the switch and turned off IPv4 for over 10 million handsets. We have in other words reached the utopia of making our customer experience independent of IP transport protocol. To achieve this we are using DNS64 and related technologies. Stephan will share some of T-Mobil ... More
Presented by Mr. Stephan LAGERHOLM on 29 Sep 2017 at 12:30
Type: Standard Presentation Session: Public Workshop
Track: Public Workshop
We look at the results of multiple years of DNSSEC scanning to see how DNSSEC is being maintained in the .gov TLD. We look at signing algorithm use, hash algorithms use in DS RRsets and parameters used in NSEC3. We also look for trends and changes over time to detect algorithm rollovers and changes to NSEC3 parameters. The goal of this work is to see how DNSSEC is being deployed and administere ... More
Presented by Mr. Scott ROSE on 29 Sep 2017 at 10:10
Session: Lightning Talks
Presented by Dan MAHONEY on 30 Sep 2017 at 14:50
Type: Standard Presentation Session: Public Workshop
Track: Public Workshop
Cyber security constitutes one of the most serious threats to the current society, costing billions of dollars each year. Botnets is a very important way to perform many attacks. In botnets, the botmaster and bots exchange information through C&C channels, which can be implemented using many protocols. HTTP-based botnets are very common as they are easy to implement and maintain. To improve the re ... More
Presented by Dr. Han ZHANG on 30 Sep 2017 at 11:30
Type: Standard Presentation Session: Public Workshop
Track: Public Workshop
In order to test how our organization was able to deal with DDoS attacks, we put in place a full-scale test program, the first of which took place a month ago. We know that it is not possible alone to counter this type of attack, but we must be prepared, as an organization, to make the best decisions when this kind of event happen. The primary goal of this first exercise was not only to test the t ... More
Presented by Mr. Vincent LEVIGNERON on 30 Sep 2017 at 12:45
Type: Standard Presentation Session: Public Workshop
Track: Public Workshop
ICANN has recently released a design that allows researchers to easily test multiple resolver programs for things such as how they handle DNSSEC trust anchors and how they choose root servers from priming queries. The testbed can include common open-source resolver software, but also handles any resolvers that can be run in a virtual machine such as Windows Server and other proprietary software. I ... More
Presented by Paul HOFFMAN on 30 Sep 2017 at 09:00
This talk will give an introduction and summary for the wider NANOG71 audience of the latest DNS material freshly presented at OARC27.
Presented by Mr. Keith MITCHELL on 3 Oct 2017 at 13:30
Type: Standard Presentation Session: Public Workshop
Track: Public Workshop
As part of the creation of a new public DNS resolver by PCH, multiple monitoring projects have been introduced. This open sourced monitoring suite is part of an effort to allow a better internal understanding of our public DNS resolution service but also to answer specific questions asked by some of our partners. The various components look at the full stream of DNS data, distills and transforms ... More
Presented by Mr. Alexis FASQUEL on 29 Sep 2017 at 12:15
Type: Standard Presentation Session: Public Workshop
Track: Public Workshop
http://prezi.com/snfdsqsoywtm/
Presented by Mr. Samir JAFFERALI on 29 Sep 2017 at 11:30
Presented by Paul HOFFMAN on 30 Sep 2017 at 18:00
Presented by Duane WESSELS on 30 Sep 2017 at 15:30
Presented by Mr. Keith MITCHELL on 1 Oct 2017 at 17:30
Session: OARC Business / AGM - members only
Track: OARC Business
Presented by Mr. William SOTOMAYOR, Mr. Jerry LUNDSTRÖM on 30 Sep 2017 at 16:05
Presented by Duane WESSELS, Mr. Keith MITCHELL on 1 Oct 2017 at 17:00
Session: OARC Business / AGM - members only
Track: OARC Business
Presented by Mr. Keith MITCHELL on 30 Sep 2017 at 15:35
Presented by Mr. Keith MITCHELL on 30 Sep 2017 at 16:45
Session: Public Workshop
Presented by Matthew POUNSETT on 30 Sep 2017 at 12:40
Send your PGP keys to pgpsign@dns-oarc.net before the morning break on Saturday. Please attend Matt's talk about how the PGP signing will be done which will happen during the session after the morning break.
Presented by Matthew POUNSETT on 30 Sep 2017 at 13:25
Type: Standard Presentation Session: Public Workshop
Track: Public Workshop
A discussion of recent work in BIND 9, improving query performance -- particularly with respect to delegation responses -- and code maintainability in the query handling code. These changes have improved root zone performance by a factor of five and reduced McCabe cyclomatic complexity in several large functions by factors of ten or more.
Presented by Evan HUNT on 29 Sep 2017 at 16:45
Type: Standard Presentation Session: Public Workshop
Track: Public Workshop
The Canonical Name, CNAME, record has become the default means of service integration for a number of Cloud and SaaS providers. The scope of services integrated via CNAME includes everything from marketing automation services to cloud load balancers. In some cases, you may have a service integration which is done by a CNAME and points to another CNAME, which may point to yet another CNAME. Some au ... More
Presented by Mr. Christopher BAKER on 30 Sep 2017 at 17:30
Type: Standard Presentation Session: Public Workshop
Track: Public Workshop
Recent years have seen significant changes in the standards for DNS-over-TCP, a new EDNS0 Keepalive option, a new standard for DNS-over-TLS and a new Internet Draft proposing ‘DNS Session Signalling’. The latter specifies a completely new mechanism to manage persistent DNS sessions which has already been utilised for DNS Service Discovery to introduce novel ways to propagate DNS data e.g. serv ... More
Presented by Dr. Sara DICKINSON on 30 Sep 2017 at 17:00
Session: Lightning Talks
Presented by Shawn INSTENES on 30 Sep 2017 at 14:20
Type: Standard Presentation Session: Public Workshop
Track: Public Workshop
The Root Canary Project has the goal to monitor and measure the rollover of the DNSSEC root KSK. In this project we use over 9000 RIPE Atlas probes and ten-thousands of vantage point of the Luminati VPN network to continuously monitor recursive resolvers during the 9 months period of the rollover. From each vantage point we query for testing domains that have bogus and valid signatures of t ... More
Presented by Mr. Moritz MÜLLER on 29 Sep 2017 at 10:25
Type: Standard Presentation Session: Public Workshop
Track: Public Workshop
Slides at http://prezi.com/yhvism0pufps/
Presented by Mr. Samir JAFFERALI on 29 Sep 2017 at 14:30
Type: Standard Presentation Session: Public Workshop
Track: Public Workshop
While collecting data in the name of research, an operational "guffaw" is detected, or suspected? What is the appropriate next step? Name and shame has been one next step, but is questionable on many fronts. Contacting the operator directly may face many obstacles including, lack of attentiveness, lack of proper registered contact addresses, organization barriers, and so on. Once a "guffaw" ... More
Presented by Mr. Edward LEWIS on 30 Sep 2017 at 12:00
Type: Standard Presentation Session: Public Workshop
Track: Public Workshop
Is RFC 7706 aka Decreasing Access Time to Root Servers by Running One on Loopback a good idea or not? If not, can we implement similar with less disadvantages? In this presentation we will analyze measurement data from small and big recursors to estimate impact of RFC 7706 and its alternatives like Agressive NSEC use (IETF draft-ietf-dnsop-nsec-aggressiveuse).
Presented by Mr. Petr ŠPAČEK on 29 Sep 2017 at 14:45
Session: Lightning Talks
This talk is to share my progress on source IPs cluster analysis, which is to apply the unsupervised machine learning techniques to find different patterns in the DNS traffic seen at the .nz authoritative nameservers.
Presented by Jing QIAO on 30 Sep 2017 at 14:30
Type: Standard Presentation Session: Public Workshop
Track: Public Workshop
IP anycast provides DNS operators and CDNs with automatic fail-over and reduced latency by breaking the Internet into catchments,each served by a different anycast site. Unfortunately, understanding and predicting changes to catchments as sites are added or removed has been challenging. Current tools such as RIPE Atlas or commercial equivalents map from thousands of vantage points (VPs),but their ... More
Presented by Wes HARDAKER on 29 Sep 2017 at 11:45
Type: Standard Presentation Session: Public Workshop
Track: Public Workshop
Caching resolvers are the backbone of the internet, answering trillion of questions for billions of subscribers every day. Every request is cached until its TTL expires or something else needs to be cached. DNS data researchers often construct queries so they’re not cached, but let’s have a detailed look inside a resolver to see how it reacts to queries from average Joe’s accessing the Inte ... More
Presented by Mr. Ralf WEBER on 30 Sep 2017 at 10:30
Type: Standard Presentation Session: Public Workshop
Track: Public Workshop
A “core” domain, aka an “effective 2nd level domain” (e2LD) usually captures domain ownership (www.example1.com, www.example2.co.uk) and is thus a useful marker for analysis of DNS data. New core domains, are particularly interesting, since they’re highly correlated with malicious activity. For the past 5 years we’ve been tracking new core domains and last year undertook a project to ... More
Presented by Mr. Yuriy YUZIFOVICH on 30 Sep 2017 at 12:10
Session: Public Workshop
Presented by Mr. Keith MITCHELL on 29 Sep 2017 at 09:30