Category: DNS-OARC

This weekend in Montreal the OARC Fall 2015 Workshop will take place filled with all sorts of excellent talks about DNSSEC, DANE, DNS privacy, DNS performance and much, much more.  The best part is that if you can’t get there in person, you can watch the live video stream on YouTube at:

https://plus.google.com/+DnsoarcNetPlus/

All the sessions will also be recorded for later viewing. The sessions most interesting to remote viewers start at 14:00 US EDT (UTC-4) on Saturday, October 3, 2015, and include these:

• An Overview of DNS Privacy Mechanisms
• Using TLS for DNS privacy in practice
• Next Steps in DANE Adoption
• Benchmarking of authoritative DNS servers and DNSSEC impact assessment

Sunday morning (October 4) brings a whole set of “DNS security” talks related to DDoS attacks and attacks against DNS servers.  There are performance-related talks, detailed research sessions, and a whole set of talks related to DNS resolvers, including an exploration of IPv6 vs IPv4 performance.

There were so many interesting proposals to DNS-OARC this time that some of them occupy the Monday DNS Track inside of NANOG 65.  Again there look to be some great DNSSEC topics including a session about the KSK Key Rollover. (One note: I’m not sure if the live stream on Monday will still be on the DNS-OARC YouTube channel – the NANOG agenda only says it will be “recorded”.)

All in all it looks to be a great event!  Due to a personal scheduling conflict, I won’t be there in person… but I intend to watch a few of the sessions, either live or later.

And if you want to get started NOW with deploying DNSSEC, please visit our Start Here page to learn more!

The 2015 Spring Workshop of the DNS Operations Analysis and Research Center (DNS-OARC) takes place this weekend, May 9-10, right before the RIPE 70 meeting in Amsterdam. As per usual the agenda is packed full of all sorts of sessions related to DNS in general, with a number getting into DNSSEC and overall DNS security.  Here’s the full agenda:

https://indico.dns-oarc.net/event/21/timetable/#all

There are currently 137 people scheduled to attended representing a broad range of participants across the DNS community.  I will not be there myself, but know a great number of the people who will be in the room.

Sessions of Interest

Saturday looks to have some great sessions related to operational experience with various attacks against the DNS, including distributed denial of service (DDoS) attacks.  These kind of actual case studies in handling attacks are incredibly useful to get out to the wider community.

Sunday morning begins with a series of DNSSEC-related talks:

• Observations on DNSSEC and ECDSA in the wild – by Geoff Huston of APNIC
• Effects of Increasing the Root Zone ZSK Size – by Duane Wessels of Verisign Labs
• Signing DNSSEC answers on the fly at the edge: challenges and solutions! – by Olafur Gudmundsson of CloudFlare

All of those are ones I’d love to see – I’m hoping there will be a video recording as they start at 9:00 am in Amsterdam… which is 3:00 am here on the US East Coast where I live.  As much as I’d like to see them… well… I can’t see me getting up that early!

The remainder of Sunday includes a great number of talks that I’d personally find interesting, diving into various tools, analytics, testing and more.  A couple of interest to those focused on DNSSEC include:

• 14:30 – Plan for Decommissioning the DLV – by Jim Martin of ISC
• 17:05 – Update on the DNS Root Key Rollover work – by Ed Lewis of ICANN

This last talk, in particular, should be useful to hear the status of the work related to the Root KSK rollover. (See our background page on why this matters.)

Remote Participation

I don’t see any information on the DNS-OARC website right now about remote participation, but the sessions are almost always streamed live.  Given that the event is co-located with RIPE 70, I suspect that they may make use of the RIPE 70 live streaming. I’d watch the RIPE 70 remote participation page or the main 2015 Spring Workshop page for more information.

The good news is that all the materials should be available from links off of the main agenda page, so at least we who are remote should be able to see what slides were discussed.

I also see Stéphane Bortzmeyer is among the attendees and when he is at an event he is usually tweeting out a good bit at https://twitter.com/bortzmeyer, so that’s another way to stay up to date, along with the #DNSOARC hashtag search.

If you are there in Amsterdam, I hope you do have a great DNS-OARC meeting and I look forward to hearing the results.

Can’t get to Dublin, Ireland, to attend the DNS-OARC Spring Forum 2013 but interested in all the DNS and DNSSEC-related talks?  The good news is that there is a webcast / livestream of the event via Adobe Connect at:

 http://icann.adobeconnect.com/dns-oarc/

As I wrote about last week, there are a good number of the talks related to DNSSEC and DNS security. The event has been extremely interesting so far today.

To watch the livestream, you should reference the DNS-OARC timetable – and remember that all times are Irish Standard Time (currently UTC/GMT+1).

Slides for the talks are also listed on the timetable page.

I’ll be speaking this afternoon at 5:35pm Dublin time about some of the challenges we’ve seen related to DNSSEC deployment and asking for feedback.

Tomorrow morning, Monday, May 13, the timetable is full of DNSSEC talks from 9:00 to 10:40 am that should make for good listening.

This weekend begins the “Spring Forum” of the Domain Name System Operations Analysis and Research Center, a.k.a. “DNS-OARC” and it once again represents a gathering of many of the prominent people within the DNS / DNSSEC community.  The event takes place in Dublin, Ireland, on the Sunday and Monday morning prior to the RIPE 66 meeting happening for the rest of the week.

In look at the list of contributions to the DNS-OARC Spring Forum, a number are related to DNSSEC and I’m quite looking forward to listening to them.  They include:

DNS Security: Beyond DNSSEC, A “He Must Be Nearing Retirement” Manifesto
Ed Lewis said on a call that he’s going to be talking about ways he thinks DNS can be better secured. Ed has been around the DNS/DNSSEC world for a long time, so I’m looking forward to his ideas.

Measuring DNSSEC
Geoff Huston recently published a long blog post about “Measuring DNSSEC Performance” that got quite deep into analysis. I am assuming Geoff and George Michaelson will be explaining their findings live at this event.

The Use of Elliptic Curve Cryptography in DNSSEC
This presentation by Francis Dupont should be an interesting view into the viewpoint that we ought to be doing more with elliptic curve cryptography (and specifically ECDSA) within DNSSEC.

GPU-based NSEC3 Hash Breaking
Based on the description, this appears to be about a tool that can be used to break the hashes used in NSEC3 records. Not entirely sure where this one is going… so I will be interested to hear it.

Next Steps In Accelerating DNSSEC Deployment
How do we get DNSSEC more rapidly deployed. I’ll be speaking about what we’ve found in the process of developing the DNSSEC side of Deploy360 as well as what has come up through the dnssec-coord mailing list / conference calls and other industry efforts.

Beyond those DNSSEC-related sessions, I’m definitely interested in the sessions around DNS amplification attacks, DNS monitoring and really all the other topics. Definitely a place for those of us interested in DNS and DNSSEC to gather!

I don’t believe there is a livestream, but I do believe the slides will be available as links off the agenda page as they become available.  If you are going to be there at the DNS-OARC Spring Forum, do say hello – and please do let me know your ideas around how we can help here at Deploy360 with resources related to DNSSEC deployment.