OARC 33 Registration & Call for Presentations now open. Click the OARC 33 Site for details.
31 October 2019 to 1 November 2019
JW Marriott Austin
America/Winnipeg timezone
OARC31 Presentation Videos available at https://youtube.com/DNS-OARC

Towards detecting DNSSEC validation failure with passive measurements at TLD DNS servers

1 Nov 2019, 11:45
15m
Griffin Hall (JW Marriott Austin)

Griffin Hall

JW Marriott Austin

110 E 2nd St Austin TX 78701 USA
No longer available: Standard Presentation Public Workshop

Speaker

Mr. Yoshiro Yoneya (JPRS)

Description

The importance of DNSSEC is increasing day by day. Meanwhile, penetration of DNSSEC signed zone is still low. One of the reasons such low penetration is due to difficulty of detecting DNSSEC failure, especially at end user side including ISP’s customer support.

We have been studying on detecting DNSSEC failure at authoritative DNS server side (TLD level) and found one possible indicator regarding DNSSEC related queries. The indicator candidate is DNSKEY queries, which increases several times than usual when DNSSEC failure has happened. We still have unresolved research questions, such as difference in public and other resolvers, TTL effects in failure, effective (quasi-)realtime detection method at TLD servers’ side, and so on, but we would like to share our experiences and have feedbacks from attendees to improve our research work.

Talk Duration Lightning Talk 5 Minutes

Primary authors

Dr. Kensuke Fukuda (NII (National Institute of Informatics)) Mr. Yoshiro Yoneya (JPRS) Dr. Takeshi Mitamura (JPRS (Japan Registry Services Co., Ltd.))

Presentation Materials

Your browser is out of date!

Update your browser to view this website correctly. Update my browser now

×