Conveners
OARC 35 Day 2: Session 1
- There are no conveners in this block
OARC 35 Day 2: Session 2
- There are no conveners in this block
OARC 35 Day 2: Session 3
- There are no conveners in this block
OARC 35 Day 2: Session 4 - OARC Updates
- Keith Mitchell (DNS-OARC)
This presentation explores DNS traffic patterns for a garrulous botnet observed at the root, authoritative TLD name servers, and delegated name servers. We will present measurements of DNS query volume observed at each of these layers while conducting various experiments on the sinkholed domains including variations of TTL, response codes, response sizes, and more. Our results highlight some...
Networks not employing destination-side source address validation (DSAV) expose themselves to a class of pernicious attacks which could be easily prevented by filtering inbound traffic purporting to originate from within the network. In this work, we survey the pervasiveness of networks vulnerable to infiltration using spoofed addresses internal to the network. We issue recursive Domain Name...
The dnstap specification has recently been updated to reflect changes in the recursive DNS landscape, including the use ofnewer DNS transport protocols and response policy filtering. This talk will present background and detail on these changes, as well as general updates on the state of dnstap.
Correct DNS nameserver software is highly crucial for the smooth functioning of the Internet, but writing an efficient, high-throughput implementation that is also bug-free is challenging. Today, developers use an ad hoc collection of regression tests they authored to test the implementations for crashes, RFC deviations and also to compare with other implementations. Writing regression tests...
This talk prepares the ground for planning and deploying DNS Zone Transfers-over-TLS (XoT). The specification is submitted to IESG for publication as a Proposed Standard. BIND stack has shipped it in product, and managed DNS vendors are planning product offerings.
Why XoT? DNS zones today often contain data that the zone owner has good reason to want to keep private. For example, the...
In an effort to bridge the IETF standardisation with the OARC operations and research community, the presentation aims to provide a comprehensive overview of the DNS activities in the IETF.
The presentation will cover the DNS related WGs DNSOP and DPRIVE, and to a lesser extend ADD this time. Focus is on WG activities finished, activities nearing completion (WGCL for review) and drafts...
In this talk I'll take a look at the implementation hurdles seen when trying to implement and use TCP Fast Open in PowerDNS Recursor in the role of a TCP client, i.e. when talking to authoritative servers or forwarding queries.
(we submitted this presentation during OARC34, so I'll re-post it here)
So this is a paper that got accepted at the peer-reviewed PAM2021 conference, and it covers the issues of truncation,fragmentation, and timeouts from the point of view of a TLD.
Geoff Houston has been long working on this, but our vantage point is different but complementary to his...
