Introduction to DNS-OARC

The DNS Operations, Analysis, and Research Center (DNS-OARC) brings together key operators, implementors, and researchers on a trusted platform so they can coordinate responses to attacks and other concerns, share information and learn together.

DNS-OARC has five key functions:

  • Information Sharing. DNS-OARC provides a trusted, shared platform to allow the DNS operations community to share information and data. Stringent confidentiality requirements and secure communications mean that proprietary information can be shared on a bilateral basis.
  • Operational Characterization. As Internet traffic levels continue to grow, the demand on root and other key nameservers will outgrow the current infrastructure: this year's DDoS attack traffic levels will become next year's steady state load. DNS-OARC measures the performance and load of key nameservers and publish statistics on both traffic load and traffic type (including error types).
  • Workshops. DNS-OARC organizes semi-annual workshops where members and the public are invited to give presentations on timely topics relevant to DNS both operations and research.
  • Analysis. Leading researchers and developers provide long-term analysis of DNS performance and post-mortems of attacks so that institutional learning occurs. A well-provisioned system allows members to upload traces and logs, and to perform their own analysis.
  • Tools and Services. As vulnerabilities and DNS problems come to light, DNS-OARC develops publicly available tools and services to assist with highlighting, diagnosing, and remedying such problems.

DNS-OARC participants fall into one or more of the following categories:

  • Operators of root, TLD, or large commercial nameservers who consume DNS technology and produce DNS services.
  • Implementers who produce DNS technology including software, appliances, and network elements such as load balancing hardware.
  • Researchers whose work has a strong DNS emphasis and who need access to trace and log data about the global DNS under both "normal" and "abnormal" conditions.
  • Security Providers whose companies offer products and services that utilize DNS information to improve the security of their customers.

To inquire about membership, or for any other questions, please contact the OARC Admin.

Submitted by wessels on Thu, 2008-07-03 22:40

DNS-OARC facility relocation, 14th-18th May 2016

Please be advised that DNS-OARC will be relocating its equipment and services to a new facility during next week starting this Saturday, May 14th through Wednesday the 18th. There will be multiple sporadic outages during this time affecting ALL services and ALL systems as a result.

The main public and OARC Member-facing services, including websites, email, mailing lists, indico and jabber are planned to be re-located on Sunday 15th, and we hope to keep the total outage down to a few hours. Our dataset and analysis servers will be taken out of service on Saturday 14th, and are planned to be back in service late Monday 16th or early Tuesday 17th. All work is planned to be performed during daytime hours Pacific time (UTC-8).

Submitted by keith on Mon, 2016-05-09 22:16 categories [ ]

DITL Data Collection

A Day in the Life of the Internet is a large-scale data collection project initially undertaken by CAIDA and subsequently by OARC every year since 2006. This year, the DITL collection will take place in April. If you would like to participate by collecting and contributing DNS packet captures, please subscribe to the DITL mailing list.

Participation Requirements

Submitted by Anonymous on Sun, 2016-03-06 15:27


ICANN's Root Server System Advisory Committee has recently defined two standards, including RSSAC 002 , designed to obtain a baseline of the metrics for the Root Zone, specifically so that root operators can detect and mitigate any abnormalities in the performance of the DNS Root Server System as it continues to grow and develop.

Submitted by admin on Fri, 2016-02-26 18:17

OARC's DNS Reply Size Test Server

Recent increases in DNSSEC deployment are exposing problems with DNS resolvers that cannot receive large responses.

The maximim reply size between a DNS server and resolver may be limited by a number of factors:

  • If a resolver does not support the Extension Mechanisms for DNS (EDNS), replies are limited to 512 bytes.
  • The resolver may be behind a firewall that blocks IP fragments.
  • Some DNS-aware firewalls block responses larger than 512 bytes.

The BIND resolver, since version 9.5.0, includes a feature to decrease its advertised EDNS receive buffer size (down to 512) when its queries time out. We've seen this lead to significant increases in TCP for DNSSEC-signed zones.

Submitted by admin on Thu, 2016-02-18 12:03

OARC 2015 AGM Board Election Results

The following candidates were re/elected to the OARC Board for 2-year terms:

  • Paul Ebersman (Comcast)
  • David Knight (Dyn)
  • Duane Wessels (Verisign)

OARC welcomes Paul Ebersman to the Board and congratulates him and the re-elected Board members on their successful election.

Our sincere thanks to Jim Galvin for his service and support to OARC over the past year.

Submitted by keith on Wed, 2015-10-14 13:46

OARC's TLDmon Service

OARC's TLDmon uses Nagios to monitor operational characteristics of authoritative nameservers for the Root Zone and all Top Level Domains. TLDmon checks for authoritative answers, EDNS support, lame delegations, consistent NS RR sets, open resolvers, expired RRSIGs, matching serial numbers, and TCP support. As the Domain Name System continues its evolution, it becomes increasingly important that these critical nameservers are configured correctly.
Submitted by admin on Wed, 2015-10-07 10:23 categories [ ]

Root Zone Archive

With the assistance of its members and friends (especially AFNIC, RIPE, Paul Vixie, Peter Koch and Paul Hoffman) DNS-OARC has assembled a historical archive of the DNS root zone dating back to June 1999. This Root Zone Archive is a part of our larger project, the Zone File Repository.

Root Zone Trends

The following graph shows trends in the contents of the root zone:

Submitted by admin on Tue, 2015-07-07 12:16 categories [ ]

OARC 2014 AGM Board Election Results

The following candidates were re/elected to the OARC Board for 2-year terms:

  • George Michaelson (APNIC)
  • Ondrej Filip (CZ.NIC)
  • John Crain (ICANN)

OARC welcomes and congratulates the new Board members on their successful election.

We thank the unsuccessful and withdrawn candidates:

  • Don Blumenthal (PIR)

  • Merike Kaeo (IID)
  • Mehmet Akcin (Microsoft)

for their willingness to consider serving on OARC's Board.

We also want to express a special thanks to our outgoing Board members Antoin Verschuren and Matt Pounsett for their years of service and energetic contribution to OARC.

Submitted by keith@ on Mon, 2014-10-13 18:50 categories [ ]

OARC Fall 2014 Workshop (Los Angeles)

DNS-OARC is pleased to announce the agenda for its 2014 Fall Workshop and Member AGM which will take place in Los Angeles, California, USA on the 11th through 13th October.

This will be held in co-operation with the ccNSO Tech Day of the subsequent ICANN51 meeting. The OARC AGM and member-only session will be held on Saturday 11th October, the main workshop on Sunday 12th, and a joint session with ICANN's Tech Day on Monday 13th.

Submitted by keith@ on Wed, 2014-09-24 14:13 categories [ ]