We have conducted a [field study][1] on post-quantum DNSSEC, involving RIPE ATLAS measurements with around 10,000 probes. Using implementations of PQC signing schemes (Falcon, Dilithium, SPHINCS+, XMSS) in both BIND and PowerDNS, DNS response success and failure rates depending on the signing scheme and other parameters were investigated.
In addition to the above algorithms, we for the...
Phishing on the web is a model of social engineering and an attack
vector for getting access to sensitive and financial data of individ-
uals and corporations. Phishing has been identified as one of the
prime cyber threats in recent years. With the goal to effectively
identifying and combating phishing as early as possible, we present
in this paper a longitudinal analysis of phishing...
The increasing deployment of encrypted DNS has enterprises and service providers wanting to identify clients connecting. Identifying clients allows for approved access and custom policies. In this presentation, we will discuss the latest draft for Client Authentication Recommendations for Encrypted DNS (CARED). We will walk through the reasons for this draft, our recommendations for when and...
The talk will explain draft-fujiwara-dnsop-dns-upper-limit-value-01 "Upper limit values for DNS". The author requests reviews and discussions in IETF dnsop WG.
In order to resolve a name, DNS resolvers need to resolve the names’ zone, its parent zones, as well as their name servers, leading to a potentially large number of transitive dependencies.
During normal operation, typically only a subset of these dependencies is needed, as the first authoritative answer is accepted.
However, in the presence of inconsistencies between name servers, this...
Digital Medusa is investigating global DNS usage trends, including centralizing DNS resolver services. While the research is ongoing, we have published a preliminary report to receive feedback on reasons for DNS resolver usage trends, the use of open-source software for DNS resolvers, and the creation of a global regulatory DNS blocking tracker.
Read the report:...
IBM NS1 is an authoritative DNS provider, and we never shuffled our answers. Now we have it as an optional feature. This lightning talk explains why we added it, and also shows some basic research into what happens if you do not shuffle.
