On February 12th, 2010, ICANN issued a invitation for Public Comment on a proposed DNS-CERT. The original invitation can be found at http://www.icann.org/en/announcements/announcement-2-12feb10-en.htm and the list of current public comments maybe be found at http://forum.icann.org/lists/dns-cert-proposal/ DNS-OARC's submission follows:
Participation RequirementsThere are no strict participation requirements.
Presentations and Notes
- 13:15: Introduction to DNS-OARC Roy Arends / DNS-OARC
- 13:25: Investigating anomalous DNS traffic: A proposal for an address reputation system Sebastian Castro / .NZ Registry Services
- Q&A Willingness of operators to cooperate?
In case you haven't heard, L.ROOT-SERVERS.NET began serving a DNSSEC-signed root zone today. DNS-OARC has been collecting data during the signed root rollout. The graph below shows how L-root's priming response size has increased during the last hour since it first began serving signed responses:
We're also watching the data below to see if there are noticeable increases in priming query rates after signing:
- The root zone will technically be signed by December 1, 2009 although ICANN and VeriSign will keep it to themselves for internal testing.
- Between January and July 2010, the root servers will begin serving the signed zone one "letter" (server) at a time.
- Also during this rollout period, actual DNSSEC keys will be replaced with "dummy" keys so that validation CANNOT occur.