October 31, 2019 to November 1, 2019 AGM
JW Marriott Austin
America/Winnipeg timezone
OARC31 Presentation Videos available at https://youtube.com/DNS-OARC

Towards detecting DNSSEC validation failure with passive measurements at TLD DNS servers

Nov 1, 2019, 11:45 AM
Griffin Hall (JW Marriott Austin)

Griffin Hall

JW Marriott Austin

110 E 2nd St Austin TX 78701 USA
No longer available: Standard Presentation Public Workshop


Mr Yoshiro Yoneya (JPRS)


The importance of DNSSEC is increasing day by day. Meanwhile, penetration of DNSSEC signed zone is still low. One of the reasons such low penetration is due to difficulty of detecting DNSSEC failure, especially at end user side including ISP’s customer support.

We have been studying on detecting DNSSEC failure at authoritative DNS server side (TLD level) and found one possible indicator regarding DNSSEC related queries. The indicator candidate is DNSKEY queries, which increases several times than usual when DNSSEC failure has happened. We still have unresolved research questions, such as difference in public and other resolvers, TTL effects in failure, effective (quasi-)realtime detection method at TLD servers’ side, and so on, but we would like to share our experiences and have feedbacks from attendees to improve our research work.

Talk Duration Lightning Talk 5 Minutes

Primary authors

Dr Kensuke Fukuda (NII (National Institute of Informatics)) Mr Yoshiro Yoneya (JPRS) Dr Takeshi Mitamura (JPRS (Japan Registry Services Co., Ltd.))

Presentation materials