Wednesday, 14 May 11:00 – 12:30
A. Usual Administrivia (5 mins)
- Agenda bashing
- Minutes of previous meeting
- Review of Action Items
B. RIPE NCC Report (15 mins)
Anand Buddhev, RIPE NCC
C. Using DDoS to Trace the Source of a DDoS Attack (25 mins)
Curon Davies, JISC RSC Wales
As a result of daily attacks against a Further Education College in Wales, a connection was noticed between changing DNS entries and the attacked IP address. Using innovative DNS responses inspired by GeoDNS and logging all requests to the authoritative server, it has been possible to trace the source of DDoS and spoofed flood attacks.
D. Measuring DNSSEC Validation Deployment (15 mins)
Nicolas Canceill, NLnet Labs
We have executed research in which the RIPE Atlas measurement network was utilised to quantify the amount/percentage of resolvers that do DNSSEC validation. We were not only able to identify which resolvers do DNSSEC validation, but also which resolvers are security-aware (and to which level). Moreover, during the research some particular cases have been found: the existence of insecure fallbacks in case of missing signatures, and a troublesome issue with secure wildcard records.
E. Measuring DNSSEC from the End User Perspective (30 mins)
Geoff Huston, APNIC
The presentation explores the technique of measuring the characteristics of the DNS and its performance by posing a set of DNS questions to end users and observing the queries that occur at the authoritative servers in response. Using online advertising channels the tests can be undertaken at a level of high volume and broad spread across the Internet. The presentation will describe the use of this technique in measuring DNSSEC validation, DNS over TCP, DNS performance and similar.
Wednesday, 14 May 14:00 – 15:30
F. Report from Ad-hoc ccTLD Group (10 mins)
Peter Koch, DENIC
G. Registry Infrastructure Transformation (20 mins)
Michael Daly, Nominet
In the past 24 months, Nominet, the UK Registry, has completely transformed the infrastructure used to deliver the UK Registry services. The infrastructure has been moved to be much more agile and highly available. This presentation will detail some of the choices we made and methods we used to deploy and manage our infrastructure.
H. Google DNS Hijacking in Turkey (30 mins)
Stephane Bortzmeyer, AFNIC
In March 2014, the Turkish government decided to prevent access to Twitter. It used some well-known techniques, but also one which has not been documented in the real world before: using routing to hijack DNS resolvers such as Google Public DNS. What exactly happened and what could be done to prevent that?
I. DNSMON Developments (10 mins)
Robert Kisteleki, RIPE NCC
J. DNS Monitoring Common Practices/APIs Panel Session (15 mins)
Lars-Johan Liman, Netnod
Michael Daly, Nominet
Ondřej Surý, CZ.NIC
Robert Kisteleki, RIPE NCC
Z. AOB (5 mins)