in conjunction with APRICOT 2013

DNS Operations

When: Tuesday, 26 February 2013
Time: 11:00 - 12:30 (UTC +8)
Where: Island (Jurong)
Chair: Willy Sutrisno (Matrix Cable System)

Analysis of query traffic to .com/.net name servers

Allison Mankin, Verisign

This presentation describes our recent observations and analyses of the sources and types of traffic sent to .com/.net name servers. It also gives an overview of the design of the DNSSEC implementation for .com/.net and challenges in signing those zones.

0 MB% 0 MB% Slides3.3 MB
Secure Glue A Cache and Update

Yong Jin, National Institute of Information and Communications Technology

DNS (Domain Name System) is the key name resolution protocol in the current Internet. In the meanwhile, the increasing of DNS traffic during the name resolution has become a problem which is becoming more critical when the renumbering occurs to the network facilities including the DNS servers. It turns out that the increasing use of out-of-bailiwick domain names in the NS (Name Server) records for ease of administration is the main reason causing the above problem. In this research, we propose a secure glue A cache and update mechanism to mitigate the problem. In this mechanism, the proposed DNS server which has an NS record configuration with an out-of-bailiwick domain name fetches its glue A record in advance and caches it together with the corresponding NS record as one resource record. Consequently, when the proposed DNS server receives queries related to the NS record, it answers the NS record together with its glue A record from the cache. Thus the query side does not have to separately query about the out-of-bailiwick domain name from the root. When the TTL of the glue A record expires, the proposed DNS server re-fetches the glue A and renews the cache. Furthermore, when the proposed DNS server receives a DNS update message for the glue A record, it updates the cache accordingly. Note that the proposed DNS server only answers the glue A record for referral together with the corresponding NS record which means it answers nothing for the query of the glue A itself. By using this mechanism, we expect that the DNS traffic of the current Internet can be very much reduced and we plan to implement and evaluate the proposed mechanism in a HANA (Hierarchical Automatic Number Allocation) network which is a new address allocation architecture for next generation networks.

0 MB% 0 MB% Slides1.6 MB
Analysis of query source and anycast for

Kurt Erik Lindqvist, Netnod

The presentation describes a study Netnod did of traffic patterns for i.root around the world and discusses some of the strange routing observed.

0 MB% 0 MB% Slides1.3 MB