Introduction to DNS-OARC

Submitted by admin on Thu, 07/03/2008 - 22:40
The DNS Operations, Analysis, and Research Center (DNS-OARC) brings together key operators, implementors, and researchers on a trusted platform so they can coordinate responses to attacks and other concerns, share information and learn together. DNS-OARC has five key functions:
  • Information Sharing. DNS-OARC provides a trusted, shared platform to allow the DNS operations community to share information and data. Stringent confidentiality requirements and secure communications mean that proprietary information can be shared on a bilateral basis.
  • Operational Characterization. As Internet traffic levels continue to grow, the demand on root and other key nameservers will outgrow the current infrastructure: this year's DDoS attack traffic levels will become next year's steady state load. DNS-OARC measures the performance and load of key nameservers and publish statistics on both traffic load and traffic type (including error types).
  • Workshops. DNS-OARC organizes semi-annual workshops where members and the public are invited to give presentations on timely topics relevant to DNS both operations and research.
  • Analysis. Leading researchers and developers provide long-term analysis of DNS performance and post-mortems of attacks so that institutional learning occurs. A well-provisioned system allows members to upload traces and logs, and to perform their own analysis.
  • Tools and Services. As vulnerabilities and DNS problems come to light, DNS-OARC develops publicly available tools and services to assist with highlighting, diagnosing, and remedying such problems.

OARC Seeking Physical Office Services

Submitted by keith on Fri, 09/30/2016 - 14:42

OARC's legal entity does business in California, and our physical infrastructure and finances are run from the San Francisco Bay area. Due to a recent change in arrangements, OARC is seeking a new provider of physical office services in the area, effective immediately.

We're seeking a number of things, they need not all come from the same organization, but OARC Members local to the area are preferred if possible:

Mitigating DNS Denial of Service Attacks

The DNS protocol is, unfortunately, an effective Denial-of-Service attack vector for a few reasons:
  • DNS generally uses the connectionless User Datagram Protocol (UDP) as its transport.
  • Many autonomous systems allow source-spoofed packets to enter their network.
  • There is no shortage of Open Resolvers on the Internet.
These three factors mean that attackers can create large amounts of unwanted response packets by reflecting DNS queries off open resolvers. In such an attack, a DNS query is generated with spoofed source IP addresses belonging to the victim. You can help reduce the effectiveness of these attacks by following the recommendations described below: