[dns-wg] Provisional Agenda for Athens

Colleagues, here is the provisional (V1.0) agenda for the DNS WG at RIPE67.

Please note these details are not finalised. However the speakers and topics below are confirmed. The precise running order (and times) have still to be decided. And of course things may be added, changed or dropped between now and October 16th. Watch this space.

As always, please get in touch if you have suggestions for the agenda or questions on what's lined up for our next meeting

Hope to see you in Athens.

#
#	$Id: Agenda,v 1.1 2013/09/15 18:22:29 jim Exp $
#
PROVISIONAL DNS WG AGENDA - RIPE 67

[0] Usual Administrivia

[1] OTE's resolver infrastructure/design/rollout
	Kostas Zorbadelos, Otenet

* Initial presentation of the resolving service
* Why anycast, motives for the service redesign 
* Design choices for anycast nodes in OTE's network
* Software choices and anycast node setup
* Transition to the new setup for existing users    
* Monitoring / alerting / measurement tools
* Future work / discussion

[2] DNS over TCP analysis
	Geoff Huston, APNIC

The Host requirements Specification, RFC 1123, states that "DNS resolvers
and recursive servers MUST support UDP, and SHOULD support TCP". There has
been some recent discussion about the viability of employing TCP rather
than UDP for large DNS responses as a means of mitigating the vulnerability
to large scale DNS DDOS attacks, and this got us wondering whether
resolvers still supported TCP. This is a report of an experiment to measure
what proportion of the Internet's users use DNS resolvers that are capable
of using TCP to query authoritative name servers.

[3] Defeating DNS Amplification Attacks
	Ralf Weber, Nominum

Discussions of amplification attacks have largely focused on authoritative
servers. These attacks are beginning to use recursive resolvers. The
current generation of attacks leverages home gateways that forward DNS
queries coming in on their WAN interface, masking their origin when they
arrive at a resolver. It's unlikely vulnerable home gateways can be updated
anytime soon, so this presentation will describe how log data from DNS
resolvers can be used to identify attacks and detail proposals for
mitigating them without impacting legitimate DNS traffic.

[4] UDP Fragmentation/PMTU attack mitigation
	Ondřej Surý, CZ.NIC

[5] PMTU for better IPv6 Performance
	Willem Toorop, NLnetLabs

Options for utilising ICMPv6 Packet-Too-Big (PTB) messages to increase DNS
responsiveness are explored. Working solutions, evaluated with RIPE Atlas,
are presented. The effect of the solutions in the real aworld are further
assessed with the help of traffic captures from SIDN and SURFnet.

[6] Which habitat fits your name server's nature best?
	Willem Toorop, NLnetLabs

The performance measurements used for NSD version 4 will be discussed. The
core architectural choices in the implementations of various popular name
servers are explained. An analyisis given of which environments and under
what circumstances these implementations flourish best.

[7] NCC DNS Report
	Stuckee, RIPE NCC

[8] Client-IP EDNS Option Concerns
	Florian Streibelt, TU Berlin

Adoption of the proposed DNS extension, EDNS-Client-Subnet (ECS) offers
unique, but likely unintended, opportunities to discover details about
operational practices by ECS adopters at almost no cost. By utilising only
a single residential vantage point and relying solely on publicly available
information, we are able to (i) uncover the global footprint of ECS
adopters with very little effort; (ii) infer the DNS response cacheability
and end-user clustering of ECS adopters for an arbitrary network in the
Internet; and (iii) capture snapshots of user to server mappings as
practiced by major ECS adopters. While pointing out such new measurement
opportunities, our work is also intended to make current and future ECS
adopters aware of which operational information gets exposed when utilizing
this recent DNS extension.

[9] DITL Data Analysis for ICANN gTLD Collision Study
	 Jim Reid, RTFM LLP

Earlier this year ICANN commissioned a study into the issues and risks of
name collision which may be caused by the addition of new gTLDs. This
presentation describes how several terabytes of DNS traffic comprising 150+
billion queries, mostly provided by root server operators for DNS-OARC's
DITL exercise, were processed and the technical challenges/constraints on
doing this work.

[10] OpenDNSSEC Update
	Sara Dickinson, Sinodun

Project announcements