The presentation looks at the various ways to measure the connection between recursive resolvers and end usewrs and the meanings associated with each measurement approaches.
Subtitle: Rule 53: If you can think of it, someone's done it in the DNS.
DNS has been used -- and misused -- in more ways than you might think possible. Peter talks through a collection of some of the more interesting things people have done with it.
ISC
NSD
PowerDNS
KnotDNS
Q/A All panel
This talk will discuss a novel application of cryptography, the zero-knowledge middlebox. There is an inherent tension between ubiquitous encryption of network traffic and the ability of middleboxes to enforce network usage restrictions. An emerging battleground that epitomizes this tension is DNS filtering. Encrypted DNS (DNS-over-HTTPS and DNS-over-TLS) was recently rolled out by default in...
At OARC 33, pktvisor (https://pktvisor.dev) was presented as a free and open source traffic analyzer that summarizes critical information from DNS edge networks in real time, making the resulting lightweight telemetry available locally on node and easily collectable into a central database for dashboarding and alerting.
Since then we’ve introduced Orb (https://getorb.io), a free and open...
DNS-based Authentication of Named Entities (DANE) is a framework
for application security using DNSSEC. It uses signed DNS records
to securely associate domain names with cryptographic keying
material such as public keys and X.509 certificates. This tutorial
will give an overview of DANE, and current and potential applications
of it. It will go into details of the DANE protocol, DANE (and...
