2011 DITL Collection
The 2011 DITL data collection has been completed.
We are pleased to have collected 7TB of data from 22 participants.
Deployment of DNSSEC in the Root Zone: Impact Analysis
On January 27, 2010, ICANN and Verisign began a phased rollout of DNSSEC in the root zone.
Call for Nominees - 2010 OARC Board of Directors
Now that we have venue and accommodations confirmed for our Fall Workshop in Denver, our attention switches to the AGM and the elections for the Board of Directors.
DNS-OARC has two seats on the board which are up for election this year. We are looking for nominations for candidates willing to serve a two-year term on the Board and contribute to the continued growth of OARC. The Board meets monthly, by teleconference, to review DNS-OARC operations.
DNS-OARC Public Comment on ICANN's DNS-CERT Business Case
On February 12th, 2010, ICANN issued a invitation for Public Comment on a proposed DNS-CERT. The original invitation can be found at http://www.icann.org/en/announcements/announcement-2-12feb10-en.htm and the list of current public comments maybe be found at http://forum.icann.org/lists/dns-cert-proposal/ DNS-OARC's submission follows:
DITL 2010 Data Collection
A Day in the Life of the Internet is a large-scale data collection project undertaken by CAIDA and OARC every year since 2006. This year, the DITL collection will take place in April. If you would like to participate by collecting and contributing DNS packet captures, please subscribe to the DITL mailing list.
Participation Requirements
There are no strict participation requirements.Presentations and Notes from the 2nd Global Annual Symposium on DNS Security, Stability and Resiliency
On Monday, February 1, 2010, DNS-OARC organized a few presentations at the start of the 2nd Global Annual Symposium on DNS Security, Stability and Resiliency
Presentations and Notes
- 13:15: Introduction to DNS-OARC Roy Arends / DNS-OARC
- 13:25: Investigating anomalous DNS traffic: A proposal for an address reputation system Sebastian Castro / .NZ Registry Services
- Q&A Willingness of operators to cooperate?
L-Root now serving "DURZ" signed responses
In case you haven't heard, L.ROOT-SERVERS.NET began serving a DNSSEC-signed root zone today. DNS-OARC has been collecting data during the signed root rollout. The graph below shows how L-root's priming response size has increased during the last hour since it first began serving signed responses:
We're also watching the data below to see if there are noticeable increases in priming query rates after signing:
DITL 2009 Data: Query rates to TLDs with wildcards
Last week someone asked me if the DITL 2009 data could shed any light on the amount of queries sent to TLDs with wildcards. While we do have data from a few TLD operators, it wouldn't really help to answer this question. However, I think we can get a "first-order approximation" by looking at the queries to root nameservers. Note that by looking at queries to the roots, we have no knowledge of client queries that are cache hits and those that are sent to the TLD nameservers due to cached referrals.
Another Look at Reply Size Test Data
A couple months ago I posted some data from the OARC reply size test service. Recently some folks have been wondering if the situation is getting better or staying the same. Today I created a graph that shows the monthly trend:
The data probably does not contain enough samples to ascertain any trends. The number of samples in each month is shown at the top of the bars.
The data probably does not contain enough samples to ascertain any trends. The number of samples in each month is shown at the top of the bars.Signed Root Zone Rollout and Schedule Announced
Here at the RIPE 59 meeting in Lisbon, Joe Abley from ICANN and Matt Larson from VeriSign announced a plan and schedule for signing the Root Zone. A number of interesting tidbits:
- The root zone will technically be signed by December 1, 2009 although ICANN and VeriSign will keep it to themselves for internal testing.
- Between January and July 2010, the root servers will begin serving the signed zone one "letter" (server) at a time.
- Also during this rollout period, actual DNSSEC keys will be replaced with "dummy" keys so that validation CANNOT occur.