We present LEMMINGS (an acronym derived from "deLetEd doMain MaIl warNinG System"), which has been developed at SIDN for warning former owners of deleted domains when their domain is likely still being used for sending email. In this presentation, we present the system and results based on real-world data collected while running the system for a nine-month period and analysing over 600,000...
Introducing DNSWatch, Meta's DNS snooping utility.
This tool is built on top of BPF and Go, and enables analysing DNS usage.
It comes with a very handy top-like interface, which can be used to get a high level overview of dns query activity on the system, and a detailed dig-like view, to be able to deep-dive into said queries.
Also comes with a handy Prometheus exporter, which exposes per...
One area of frequent challenge is how to fully automate DNSSEC provisioning and maintenance operations (e.g. initial provisioning, SEP key rollover and maintenance, and when required, inter-provider transfer). Steve Crocker and Shumon Huque have been running a panel on this topic for a number of years at the ICANN DNSSEC and Security workshops, and we'd like to share the collected experience...
Time-To-Live values in DNS are a controversial topic, riddled with counter-intuitive behavior.
Recently, a desire to lower the mean time to recovery from DNSSEC-related problems reignited discussion about the TTL values of DS and DNSKEY records. Can DS TTL be lower? What if we tried just 5-minute TTL? How would it impact users (mainly response latency) and operators (query rate seen on...
1) DNSSEC Implementation for .VN In Brief
2) 2nd DNSSEC Key Rollover in .vn
3) Lessons Learned
4) Some Issues
With "RcodeZero Anycast DNS" we provide Authoritative DNS for millions of zones. We used to use PowerDNS Authoritative Nameserver with Database Backend, which is a great tool for hosting millions of zones. But the ease of provisioning comes with the drawback of poor performance for random subdomain queries. In the last few years the number of these random subdomain queries increased from once...
The digital landscape in Bangladesh, as a prominent AP regional country, presents a dynamic arena for the adoption of IPv6 and the implementation of DNS Security Extensions (DNSSEC).
This presentation focuses on the operational challenges faced within Bangladesh's network infrastructure and shares insights into navigating the complexities of DNS security and IPv6 integration.
Bangladesh's...
DNS is a protocol responsible for translating human-readable domain names into IP addresses. Despite being essential for many Internet services to work properly, it is inherently vulnerable to manipulation. In November 2021, users from Mexico received bogus DNS responses when resolving whatsapp.net. It appeared that a BGP route leak diverged DNS queries to the local instance of the k-root...
In this short presentation we describe plans to transition the .com, .net, and .edu zones to elliptic curve DNSSEC. We'll provide a very high level description of the algorithm rollover and an expected schedule for each of the TLDs.
Verisign and ICANN are planning to introduce a ZONEMD record to the root zone before the end of this year. In this short presentation we'll go over the deployment plan and expected schedule for deployment.
DNS4EU will go far beyond another public DNS resolver. During the presentation the detailed scope and timeline will be introduced. Besides the public resolvers, the presentation will also focus on specific plans for telcos, governments and threat intelligence research and application.
Each use case will focus on different technology aspects around DNS resolver operations and the added layer...
