Speaker
Description
AS112 is an anycast DNS deployment that responds to junk queries, i.e. leaked queries from internal networks, which should have been handled locally. This includes reverse DNS queries for RFC1918 and link local addresses, and queries for home.arpa and service.arpa.
Unlike other anycast deployments, AS112 is volunteer-run and uncoordinated. Anyone can contribute to AS112 by setting up a DNS server, announcing the AS112 anycast prefixes, and responding to queries.
The choice to run AS112 as an uncoordinated volunteer-run network relies on the implicit assumption that any traffic that goes to AS112 is “harmless”, i.e. that a malicious volunteer operator could not misuse these queries. However, it is not clear that this assumption is justified.
I will present preliminary results from an analysis of query logs from two sites. I will show that AS112 receives a substantial amount of queries that could be misused by a malicious operator, such as queries related to DNS dynamic updates (~17%) and DNS service discovery (~10%).
| Talk duration | 10 Minutes (+5 for Q&A) |
|---|---|
| Other conferences? | planning to submit it to RIPE92 as well |
