OARC 32 Registration now open. Click the Registration Page for details.
31 October 2019 to 1 November 2019
JW Marriott Austin
America/Winnipeg timezone
OARC31 Presentation Videos available at https://youtube.com/DNS-OARC

On DNSSEC Negative Responses, Lies, and Zone Size Detection

1 Nov 2019, 12:00
30m
Griffin Hall (JW Marriott Austin)

Griffin Hall

JW Marriott Austin

110 E 2nd St Austin TX 78701 USA
No longer available: Standard Presentation Public Workshop

Speaker

Casey Deccio (Brigham Young University)

Description

The Domain Name System (DNS) Security Extensions (DNSSEC) introduced additional DNS records (NSEC or NSEC3 records) into negative DNS responses, which records can prove there is no translation for a queried domain name. We introduce a novel technique to estimate the size of a DNS zone by analyzing the NSEC3 records returned by only a small number of DNS queries issued. We survey the prevalence of the deployment of different variants of DNSSEC negative responses across a large set of DNSSEC-signed zones in the wild, and identify over 50% as applicable to our measurement technique. Of the applicable zones, we show that 99% are composed of fewer than 40 names.

Talk Duration Lightning Talk 10 Minutes

Primary authors

Casey Deccio (Brigham Young University) Mr. Jonathan Demke (Brigham Young University)

Presentation Materials

Your browser is out of date!

Update your browser to view this website correctly. Update my browser now

×