As a researcher, the DITL collection is a fantastic resource. I appreciate all the hard work. That said, as I have used or tried to use the data over the years I have been bit by the lack of meta-data. I would encourage folks to document a few simple things as the data is collected.
For many years, OARC has been operating a Do Not Probe list, which is an advisory for researchers about network operators who would prefer not to be research subjects. For the last few years, OARC has been looking for someone with the resources to improve the way the list operates to take it over; in the coming months it will be taken over by Nimbus Operations (an OARC Supporter...
DNS cache snooping on small, misconfigured, open DNS resolvers is considered a privacy threat, because users can be easily deanonymized. However, the large number of users of public DNS resolvers, such as Google Public DNS, allows cache snooping to be used as a privacy-preserving measurement tool instead. The growing footprint of such public resolvers presents an opportunity to observe rare...
The Domain Name System (DNS) has been frequently abused for Distributed Denial of Service (DDoS) attacks and cache poisoning because it relies on the User Datagram Protocol (UDP). Since UDP is connection-less, it is trivial for an attacker to spoof the source of a DNS query or response. DNS Cookies, a protocol standardized in 2016, add pseudo-random values to DNS packets to provide identity...
I have been working on open source software (Hoiho) that automatically learns regular expressions that extract features from router hostnames. The general idea is to use a training set with labels inferred using heuristic algorithms, and then learn regular expressions that extract information congruent with those labels. Currently, the software extracts "router names" (portions of a hostname...
We conducted an experiment of anti‐DDoS functionalities implemented in full‐service resolver implementations with Japanese domestic ISPs.
This presentation shows the results and some findings.
The Internet’s Domain Name System (DNS) responds to client hostname queries with corresponding IP addresses and records. Traditional DNS is unencrypted and leaks user information to on-lookers. Recent efforts to secure DNS using DNS over TLS (DoT) and DNS over HTTPS (DoH) have been gaining traction, ostensibly protecting DNS messages from third parties. However, the small number of available...
DNS over HTTPS (doh) is useful for protecting DNS query information
from wire tapping on the route. However, DoH providers need query
information for name resolution and client IP addresses for
communication. Then, DoH providers know all the users' privacy
information as in the case of traditional DNS. To protect clients'
privacy, this presentation proposes to hide query source IP...
During OARC34, we disclosed privately a vulnerability affecting DNS servers that could be exploited for DDoS.
Now it is time to do a public disclosure AND provide an update on what has happened since them.
We have seen a lot of community engagement through:
- Improving our detection software
- Fixing Bugs
We will also include an updated version of our technical report.
The root name servers, identified by letters A through M, provide the entry points to the Domain Name System (DNS). They perform a critical role in reaching basically any service on the Internet.
Netnod operates i.root-servers.net, one of the Internet’s 13 root name servers, and the first to be located outside of the United States. This summer it celebrates 30 years of service.
RFC 8901 describes modes for operating a domain with multiple independent signers. We discuss how the setup and dissolve a multi-signer arrangement. We describe our current status for the draft, implementation and testbed. And we will describe future development and some specific problems with algorithm usage and validation.
As it turns out this is the exact same operation for changing name...
With organisations using DNS for more complex requirements, improving security and increasing resiliency - typically, their legacy DNS platform may not support new requirements, and they need to make changes. In this presentation, we'll look at the process that has served as the framework for carrying out numerous successful migrations over the years.