Home | DNS-OARC

Mitigating DNS Denial of Service Attacks

The DNS protocol is, unfortunately, an effective Denial-of-Service attack vector for a few reasons:

DNS generally uses the connectionless User Datagram Protocol (UDP) as its transport.
Many autonomous systems allow source-spoofed packets to enter their network.
There is no shortage of Open Resolvers on the Internet.

These three factors mean that attackers can create large amounts of unwanted response packets by reflecting DNS queries off open resolvers. In such an attack, a DNS query is generated with spoofed source IP addresses belonging to the victim. You can help reduce the effectiveness of these attacks by following the recommendations described below:

Read more about Mitigating DNS Denial of Service Attacks

DNS-OARC facility relocation, 14th-18th May 2016

Please be advised that DNS-OARC will be relocating its equipment and services to a new facility during next week starting this Saturday, May 14th through Wednesday the 18th. There will be multiple sporadic outages during this time affecting ALL services and ALL systems as a result.

Read more about DNS-OARC facility relocation, 14th-18th May 2016

RSSAC 002

ICANN's Root Server System Advisory Committee has recently defined two standards, including RSSAC 002 , designed to obtain a baseline of the metrics for the Root Zone, specifically so that root operators can detect and mitigate any abnormalities in the performance of the DNS Root Server System as it continues to grow and develop.

Read more about RSSAC 002

OARC's DNS Reply Size Test Server

2023-06-01: This service has been deprecated in favor of Check My DNS.

Recent increases in DNSSEC deployment are exposing problems with DNS resolvers that cannot receive large responses. The maximim reply size between a DNS server and resolver may be limited by a number of factors:

Read more about OARC's DNS Reply Size Test Server

OARC's TLDmon Service

OARC's TLDmon uses Nagios to monitor operational characteristics of authoritative nameservers for the Root Zone and all Top Level Domains. TLDmon checks for authoritative answers, EDNS support, lame delegations, consistent NS RR sets, open resolvers, expired RRSIGs, matching serial numbers, and TCP support. As the Domain Name System continues its evolution, it becomes increasingly important that these critical nameservers are configured correctly.

Read more about OARC's TLDmon Service

OARC 2014 AGM Board Election Results

The following candidates were re/elected to the OARC Board for 2-year terms:

George Michaelson (APNIC)
Ondrej Filip (CZ.NIC)
John Crain (ICANN)

OARC welcomes and congratulates the new Board members on their successful election. We thank the unsuccessful and withdrawn candidates:

Don Blumenthal (PIR)

Read more about OARC 2014 AGM Board Election Results

OARC Fall 2014 Workshop (Los Angeles)

DNS-OARC is pleased to announce the agenda for its 2014 Fall Workshop and Member AGM which will take place in Los Angeles, California, USA on the 11th through 13th October.

This will be held in co-operation with the ccNSO Tech Day of the subsequent ICANN51 meeting.

Read more about OARC Fall 2014 Workshop (Los Angeles)

2014 OARC Elections

During the 2014 OARC Annual General Meeting we will be electing three seats on the OARC Board of Directors. The seats becoming available are doing so on the following basis:

Existing Board member Antoin Verschuren's (SIDN) two-year term has ended. Antoin will not be standing for re-election.
Existing Board member Ondrej Filip's (CZ.NIC) two-year term has ended. Ondrej will be standing for re-election.
Existing Board member John Crain's two-year term has ended.

Read more about 2014 OARC Elections

DNS Looking Glass Information

Submitted by admin on Mon, 05/12/2014 - 12:45

There are a number of DNS Looking Glass sites around the Internet that will allow anyone to send a DNS query from that location. Looking Glasses are of particular use in the case of troubleshooting a problem with a DNS zone that is served from an anycasted service. In the event of a problem with the service, the view of a zone can be very different from distant places on the Internet. Here is a list of some of the known looking glass sites around the Internet:

Read more about DNS Looking Glass Information

OARC Spring 2014 Workshop and EGM (Warsaw)

The agenda for DNS-OARC's 2014 Spring Workshop and Member EGM on the 10th and 11th May, in Warsaw, Poland is now available here. This will be held at the same location the subsequent RIPE68 meeting, and we're grateful to Microsoft and Verisign for being our main sponsors for this workshop. Our talks include a study of Open Resolvers, on detection of Botnet Domains, and on connection-oriented improvements to DNS security.

Read more about OARC Spring 2014 Workshop and EGM (Warsaw)

Subscribe to