From shane at time-travellers.org Wed Jan 4 09:27:41 2017 From: shane at time-travellers.org (Shane Kerr) Date: Wed, 4 Jan 2017 09:27:41 +0100 Subject: [dns-wg] Thread about DNS RPZ in the RIPE anti-abuse working group Message-ID: <20170104092741.62063d80@pallas.home.time-travellers.org> All, RPZ is a technology developed by Vernon Schryver and Paul Vixie which acts as a way to encode DNS filtering rules for resolvers in the DNS itself. There is currently a draft about this under discussion in the IETF DNS operations working group: https://tools.ietf.org/html/draft-vixie-dns-rpz https://www.ietf.org/mail-archive/web/dnsop/current/maillist.html This draft was brought up recently on the RIPE anti-abuse working group mailing list: https://www.ripe.net/ripe/mail/archives/anti-abuse-wg/2017-January/003744.html As is typical for DNS topics, there are lots of strong opinions and some interesting technical bits. Rather than have one topic being discussed in many different places within RIPE, it probably makes sense to keep the discussion on the existing threads, or at least on those mailing lists. However I thought I would mention it here in case anyone is interested and not yet aware. Cheers, -- Shane -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From shane at time-travellers.org Wed Jan 11 11:15:19 2017 From: shane at time-travellers.org (Shane Kerr) Date: Wed, 11 Jan 2017 11:15:19 +0100 Subject: [dns-wg] Call for Presentations - DNS-OARC Workshop OARC26, Madrid, 14-15 May 2017 Message-ID: <20170111111519.296ed70d@pallas.home.time-travellers.org> RIPE DNS working group participants, Here's a call for presentation for the upcoming DNS-OARC workshop. Note that this is the Monday & Tuesday after the RIPE 74 meeting in Hungary, which may be something to take into consideration when planning. Cheers, -- Shane ------------------------------------------------------------------------- [with apologies to those who see this on multiple lists] Call For Presentations The DNS-OARC 26th Workshop will take place in Madrid, Spain on May 14th and 15th 2017, the Sunday and Monday following the ICANN GDD Industry Summit 2017. The Workshop's Program Committee is now requesting proposals for presentations. This workshop intends to build from previous strong DNS-OARC workshops, where both operational content and research are welcome. All DNS-related subjects are welcome. If you are an OARC member, and have a sensitive topic you would like to present for members-only, we will accommodate those talks too. A timeslot will be available for lightning talks (5-10 minutes) on Monday May 15th, for which submissions will be accepted during May 14th on a first-come first-served basis. Workshop Milestones: 6th January 2017, Call for Presentations posted and open for submissions 24th February 2017, Deadline for submission 17th March 2017, Draft Programme published 14th April 2017, Final Program published 28th April 2017, Final deadline for slideset submission Details for presentation submission will be published here: https://indico.dns-oarc.net/event/26/call-for-abstracts/ The workshop presentations will be organized by common themes, depending on the topics and the timing of each presentation. There are 30-minute and 15-minute slots, let us know your preference in your submission. To allow the Programme Committee to make objective assessments of submissions, so as to ensure the quality of the workshop, submissions SHOULD include slides. Draft slides are acceptable on submission. If you have questions or concerns you can contact the Programme Committee: https://www.dns-oarc.net/oarc/programme via We hope you will join us, Best Regards, Sue OARC depends on sponsorship to fund its workshops and associated social events. Please contact if your organization is interested in becoming a sponsor. (Please note that OARC is run on a non-profit basis, and is not in a position to reimburse expenses or time for speakers at its meetings.) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From allison.mankin at gmail.com Wed Jan 11 22:38:36 2017 From: allison.mankin at gmail.com (Allison Mankin) Date: Wed, 11 Jan 2017 16:38:36 -0500 Subject: [dns-wg] DEADLINE EXTENSION until January 18: DNS Privacy Workshop Message-ID: [Apologies for possible multiple copies] We have extended the submission deadline for the NDSS DNS Privacy Workshop to Wednesday, January 18 because of the intervening holidays for many interested people. Please contact us (Sara and Allison) if you have questions. Note that the formats are flexed a bit as well: page lengths and format are flexible now and we are also willing to receive draft presentations as long as they have an abstract early in the deck. The goal of the workshop is interchange and advancing the state of play for DNS privacy and its adjacent technologies. The call for papers is here: DPRIV17 . The deadline on the web page at NDSS hasn't been changed yet, but the submission system is set with the new deadline. Elevator pitch: DNS queries and domain names are metadata and there are many new directions (and open questions) for mitigating privacy issues for them. Location and Important dates: Workshop Location: San Diego, CA, USA Workshop date: 2017-02-26 (co-located with NDSS 2017) Submissions: 2017-01-18 anywhere-on-earth Final date for notifications and invitations to present at the workshop: 2017-02-03 Submissions may be new papers, papers already published, Short Papers, or Position Papers. Also, please contact the TPC chairs if you want to suggest a panel. Allison and Sara allison.mankin at gmail.com sara at sinodun.com ------------ *Workshop on DNS Privacy DPRIV17 (#NoMoreCowbell)* BackgroundDNS Privacy has been a growing concern of the IETF and others in the Internet engineering community for the last few years. Almost every activity on the Internet starts with a DNS query (and often several). - Those queries can reveal not only what websites an individual visits but also metadata about other services such as the domains of email contacts or chat services. - Whilst the data in the DNS is public, individual DNS transactions made by an end user *should not* be public. - Today, however DNS queries are sent in *clear text* (using UDP or TCP) which means passive eavesdroppers can observe all the DNS lookups performed. - The DNS is a globally distributed system that crosses international boundaries and often uses servers in many different countries in order to provide resilience. - It is well known that the NSA used the MORECOWBELL tool to perform mass surveillance of DNS traffic, and other surveillance techniques involving DNS almost certainly are in play today. - Some ISPs embed user information (e.g. a user ID or MAC address) within DNS queries that go to the ISP?s resolver in order to provide services such as Parental Filtering. This allows for fingerprinting of individual users. - Some CDNs embed user information (e.g. client subnets) in queries from resolvers to authoritative servers (to geo-locate end users). This allows for correlation of queries to particular subnets. - Some ISPs log DNS queries at the resolver and share this information with third-parties in ways not known or obvious to end users. The IETF's DPRIVE (*D*NS *PRIV*ate *E*xchange) Working Group has taken initial protocol steps to address these concerns (with much of the early work focussing on the stub to resolver problem), publishing DNS Privacy Considerations (RFC 7626), Specification for DNS over Transport Layer Security (RFC 7858), and The EDNS(0) Padding Option (RFC 7830), and DNS Query Name Minimisation to Improve Privacy (RFC 7816). However because of the great diversity of the DNS ecosystem, and the pervasive role of DNS and domain names in Internet applications and security, much is not fully understood or resolved. The goal of this workshop is to bring together privacy and Internet researchers with a diversity of backgrounds and views, to identify promising long-term mitigations of the broad space of DNS privacy risks. -------------- next part -------------- An HTML attachment was scrubbed... URL: From petrasch at denic.de Thu Jan 12 09:57:53 2017 From: petrasch at denic.de (Christian Petrasch) Date: Thu, 12 Jan 2017 09:57:53 +0100 Subject: [dns-wg] Call for Presentations - DNS-OARC Workshop OARC26, Madrid, 14-15 May 2017 In-Reply-To: <20170111111519.296ed70d@pallas.home.time-travellers.org> References: <20170111111519.296ed70d@pallas.home.time-travellers.org> Message-ID: Hi folks, >Here's a call for presentation for the upcoming DNS-OARC workshop. Note >that this is the Monday & Tuesday after the RIPE 74 meeting in Hungary, >which may be something to take into consideration when planning. Shane, really ? In my calendar 14th May is sunday .. so it will be on sunday and monday ?? greetz Christian Von: Shane Kerr An: dns-wg at ripe.net Datum: 11.01.2017 11:16 Betreff: [dns-wg] Call for Presentations - DNS-OARC Workshop OARC26, Madrid, 14-15 May 2017 Gesendet von: "dns-wg" RIPE DNS working group participants, Here's a call for presentation for the upcoming DNS-OARC workshop. Note that this is the Monday & Tuesday after the RIPE 74 meeting in Hungary, which may be something to take into consideration when planning. Cheers, -- Shane ------------------------------------------------------------------------- [with apologies to those who see this on multiple lists] Call For Presentations The DNS-OARC 26th Workshop will take place in Madrid, Spain on May 14th and 15th 2017, the Sunday and Monday following the ICANN GDD Industry Summit 2017. The Workshop's Program Committee is now requesting proposals for presentations. This workshop intends to build from previous strong DNS-OARC workshops, where both operational content and research are welcome. All DNS-related subjects are welcome. If you are an OARC member, and have a sensitive topic you would like to present for members-only, we will accommodate those talks too. A timeslot will be available for lightning talks (5-10 minutes) on Monday May 15th, for which submissions will be accepted during May 14th on a first-come first-served basis. Workshop Milestones: 6th January 2017, Call for Presentations posted and open for submissions 24th February 2017, Deadline for submission 17th March 2017, Draft Programme published 14th April 2017, Final Program published 28th April 2017, Final deadline for slideset submission Details for presentation submission will be published here: https://indico.dns-oarc.net/event/26/call-for-abstracts/ The workshop presentations will be organized by common themes, depending on the topics and the timing of each presentation. There are 30-minute and 15-minute slots, let us know your preference in your submission. To allow the Programme Committee to make objective assessments of submissions, so as to ensure the quality of the workshop, submissions SHOULD include slides. Draft slides are acceptable on submission. If you have questions or concerns you can contact the Programme Committee: https://www.dns-oarc.net/oarc/programme via We hope you will join us, Best Regards, Sue OARC depends on sponsorship to fund its workshops and associated social events. Please contact if your organization is interested in becoming a sponsor. (Please note that OARC is run on a non-profit basis, and is not in a position to reimburse expenses or time for speakers at its meetings.) [Anhang "attowdvs.dat" gel?scht von Christian Petrasch/Denic] -------------- next part -------------- An HTML attachment was scrubbed... URL: From nicolas at ncartron.org Thu Jan 12 10:01:56 2017 From: nicolas at ncartron.org (Nico CARTRON) Date: Thu, 12 Jan 2017 10:01:56 +0100 Subject: [dns-wg] Call for Presentations - DNS-OARC Workshop OARC26, Madrid, 14-15 May 2017 In-Reply-To: References: <20170111111519.296ed70d@pallas.home.time-travellers.org> Message-ID: <924896ee-9ef4-63fd-29aa-8dc6f280ef30@ncartron.org> Hi Christian, On 12/01/2017 09:57, Christian Petrasch wrote: > Hi folks, > > >Here's a call for presentation for the upcoming DNS-OARC workshop. Note > >that this is the Monday & Tuesday after the RIPE 74 meeting in Hungary, > >which may be something to take into consideration when planning. > > > Shane, really ? In my calendar 14th May is sunday .. so it will be on > sunday and monday ?? I was surprised, too, but the original email says: "the Sunday and Monday following the ICANN GDD Industry Summit 2017." So must be correct :) Cheers, -- Nico From mir at ripe.net Fri Jan 13 13:19:11 2017 From: mir at ripe.net (Mirjam Kuehne) Date: Fri, 13 Jan 2017 13:19:11 +0100 Subject: [dns-wg] New on RIPE Labs: DNS Root Server Transparency: K-Root, Anycast and More Message-ID: Dear colleagues, Please find this new article on RIPE Labs in which we shed some light on the operational policies of K-root to clarify possible misunderstandings about how it is operated. https://labs.ripe.net/Members/emileaben/dns-root-server-transparency Kind regards, Mirjam Kuehne RIPE NCC From anandb at ripe.net Fri Jan 20 15:52:25 2017 From: anandb at ripe.net (Anand Buddhdev) Date: Fri, 20 Jan 2017 15:52:25 +0100 Subject: [dns-wg] Service outage at two K-root nodes Message-ID: <7dc7d853-a0e1-6ddc-6178-946691b57d12@ripe.net> Dear colleagues, We have been upgrading the operating system and name server software on all K-root servers. The process has mostly gone quite well, but we have had an unfortunate incident. Two of the newly upgraded nodes had been accidentally announcing the K-root prefixes even though the name server software on them was not running. This means that queries sent to these two servers between 12 and 19 January were not answered. The affected nodes are in Belgrade and Reykjavik. We estimate the percentage of queries lost to be 0.3%. Normally, failure of the name server would result in automatic withdrawal of the prefix announcements. However, this failure was caused by a flaw in the deployment process, which did not activate the correct software components in the right sequence. We have identified this issue and fixed it, so that this failure cannot happen with any future installations or upgrades. We apologise for any inconvenience caused. If you have any specific questions please send email to . Regards, Anand Buddhdev RIPE NCC -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 898 bytes Desc: OpenPGP digital signature URL: From jaap at NLnetLabs.nl Fri Jan 20 17:01:52 2017 From: jaap at NLnetLabs.nl (Jaap Akkerhuis) Date: Fri, 20 Jan 2017 17:01:52 +0100 Subject: [dns-wg] Service outage at two K-root nodes In-Reply-To: <7dc7d853-a0e1-6ddc-6178-946691b57d12@ripe.net> References: <7dc7d853-a0e1-6ddc-6178-946691b57d12@ripe.net> Message-ID: <201701201601.v0KG1qW0060814@bela.nlnetlabs.nl> Anand, Thanks for the information. jaap From BECHA at ripe.net Mon Jan 23 12:11:00 2017 From: BECHA at ripe.net (Vesna Manojlovic) Date: Mon, 23 Jan 2017 12:11:00 +0100 Subject: [dns-wg] Join RIPE NCC DNS Measurements hackathon, 20-21. April 2017, Amsterdam In-Reply-To: <5aec3125-625f-30d4-5455-1b92754a4327@ripe.net> References: <5aec3125-625f-30d4-5455-1b92754a4327@ripe.net> Message-ID: Dear colleagues, The fifth RIPE NCC hackathon will take place on Thursday and Friday, 20-21 April 2017, in Amsterdam. We're looking for creative thinkers: front-end developers, UI designers, DNS operators, researchers and other enthusiastic coders, to help us develop new tools and visualizations based on DNS measurements data. All source code developed during the hackathon will be publicly licensed and available on GitHub, and will be free for the entire community to use. -------------------- How to Apply -------------------- Interested? Learn more and apply online today! https://atlas.ripe.net/hackathon/dns-measurements/#!application-form *The application deadline is 26 February 2017* We look forward to seeing you there! Find out more in this RIPE Labs article: https://labs.ripe.net/Members/alun_davies/dns-measurements-hackathon-2017 Regards, Vesna Manojlovic RIPE NCC Community Builder From benno at NLnetLabs.nl Tue Jan 24 12:40:39 2017 From: benno at NLnetLabs.nl (Benno Overeinder) Date: Tue, 24 Jan 2017 12:40:39 +0100 Subject: [dns-wg] Call for presentations RIPE 74 Message-ID: <7ed76a40-3d0a-d133-12ea-b3e729b10710@NLnetLabs.nl> Dear colleagues, Please find the CFP for RIPE 74 below or at https://ripe74.ripe.net/submit-topic/cfp/. The deadline for submissions is *12 March 2017*. Please also note that speakers do not receive any extra reduction or funding towards the meeting fee at the RIPE Meetings. Kind regards, Benno Overeinder RIPE PC Chair https://ripe74.ripe.net/programme/ripe-pc/ -------------------->>><<<-------------------- Call for Presentations A RIPE Meeting is an open event where Internet Service Providers, network operators and other interested parties get together. Although the meeting is mostly technical, it is also a chance for people to meet and network with others in their field. RIPE 74 will take place from 8-12 May 2017 in Budapest, Hungary. The RIPE Programme Committee (PC) is now seeking content proposals from the RIPE community for the plenary sessions, BoFs (Birds of a Feather sessions), panels, workshops, tutorials and lightning talks at RIPE 74. See the full descriptions of the different presentation formats, https://ripe74.ripe.net/submit-topic/presentation-formats/. Proposals for plenary sessions, BoFs, panels, workshops and tutorials must be submitted for full consideration no later than 12 March 2017. Proposals submitted after this date will be considered depending on the remaining available space in the programme. The PC is looking for presentations covering topics of network engineering and operations, including but not limited to: - IPv6 deployment - Managing IPv4 scarcity - Data centre technologies - Network and DNS operations - Internet governance and regulatory practices - Network and routing security - Content delivery - Internet peering and mobile data exchange - Connected Things (aka. Internet of Things - IoT) Submissions RIPE Meeting attendees are quite sensitive to keeping presentations non-commercial, and product marketing talks are strongly discouraged. Repeated audience feedback shows that the most successful talks focus on operational experience, research results, or case studies. For example, presenters wishing to describe a commercial solution should focus on the underlying technology and not attempt a product demonstration. Presenters should indicate how much time they will require. In general, the time allocated for the different presentation formats is as follows: - Plenary presentations: 20-25 minutes presentation with 5-10 minutes discussion - Tutorials: up to two hours (Monday morning) - Workshops: one hour (during evening sessions) to two hours (Monday morning) - BoFs: approximately one hour - Lightning talks: 10 minutes total for both presentation and any discussion The following general requirements apply: - Proposals must be submitted using the meeting submission system, https://ripe74.ripe.net/submit-topic/submission-form/. - Lightning talks should also be submitted using the meeting submission system (https://ripe74.ripe.net/submit-topic/submission-form/) and can be submitted any time up to and including the meeting week. Allocation of lightning talks will start a few days before the meeting, and will continue throughout the meeting. During the meeting, they may be announced on the day before the talk or even on the same day as the talk. - Lightning talks should also be submitted using the meeting submission system (https://ripe74.ripe.net/submit-topic/submission-form/) and can be submitted any time up to and including the meeting week. The allocation of lightning talks will be announced on short notice, in some cases on the same day but often one day prior to the time slot allocated. - Presenters who propose a panel or BoF are encouraged to include speakers from several (perhaps even competing) companies and/or a neutral facilitator. - All presentation proposals will only be considered by the PC if they contain at least draft presentation slides (slides may be updated later on). For panels, proposals must contain a clear description, as well as the names of invited panellists, presenters and moderators. - Due to potential technical issues, presenters/panellists should be physically present at the RIPE Meeting. If you have any questions or requests concerning content submissions, please email pc [at] ripe [dot] net. -- Benno J. Overeinder NLnet Labs http://www.nlnetlabs.nl/