2012 OARC Election Results and Toronto Workshop

DNS-OARC would like to congratulate Antoin Verschuren and Ondrej Filip for their recent election to the Board of Directors of DNS-OARC during the AGM held at the ICANN meeting in Toronto.

Our thanks to Stephane Bortzmeyer for his many terms of service.

The Toronto workshop was a great success with over 75 attendees and a number of excellent presentations. The agenda and presentations have been linked off the workshop agenda page and off the ICANN meetings page which includes both PDF and a copy of the audiocast Adobe Connect sessions.

Submitted by wayne@dns-oarc.net on Mon, 2012-10-29 11:23 categories [ ]

Names Without Dots

ICANN's Security and Stability Advisory Committee recently solicited input (again) on the issue of "Dotless Domains."

A fellow OARC member asked me if I could generate a list of the top 50,000 dotless domains seen at the root name servers. This type of data is available in the annual Day in the Life of the Internet (DITL) collections that OARC performs annually. I ran the analys is for the April 2012 data. Out of 30.1 billion queries in the data set, 1.76 billion (5.8%) were queries for single-label names. Here are the top 20:

Rank  Count        Query
====  ===========  =====================
   1  287,650,115  local
   2   31,698,784  localhost
   3   16,562,544  wpad
   4   13,367,843  com
   5   12,983,976  ru
   6    8,970,691  _nfsv4idmapdomain
   7    5,490,837  net
   8    4,416,080  \032
   9    4,187,822  org
  10    3,372,632  mail
  11    2,776,746  de
  12    2,658,933  uk
  13    1,940,390  unifi
  14    1,795,716  jp
  15    1,725,496  yotaaccessinterface
  16    1,679,345  mybooklive
  17    1,507,665  pl
  18    1,406,996  http
  19    1,294,151  arpa
  20    1,264,372  helvetica,
Submitted by wessels@dns-oarc.net on Wed, 2012-10-10 17:28

Keith Mitchell named Executive Director

Dear OARC members,

On behalf of the board, I'm very pleased to announce our new Executive Director, Keith Mitchell.

This continues the long-standing association that Keith, who comes with outstanding qualifications, has had with OARC. He was OARC's first President and under his leadership, OARC grew from a subsidized project within the Internet Systems Consortium (ISC) to a self-sustaining independent organization.

Keith, who returns to OARC after leaving ISC, will work half-time for OARC beginning October 1 and will be present at the Annual General Meeting (AGM) on October 14.

Please join me in welcoming Keith!

Matt Larson,
Chairman, OARC, Inc.

Submitted by wayne@dns-oarc.net on Tue, 2012-09-18 13:01 categories [ ]

Call for Nominees - 2012 OARC Board of Directors

At the upcoming AGM DNS-OARC members will be electing two directors for its board of directors.

We are looking for nominations for candidates willing to serve a two-year term on the Board and contribute to the continued growth of OARC. The Board meets monthly, by teleconference, to review DNS-OARC operations. We expect our directors to actively contribute to the various ongoing, email based, discussions and provide feedback as needed.

An ideal candidate will be one with the business experience to help formulate strategy and guide the policy that drives DNS-OARC. To be eligible, a candidate must be from an DNS-OARC Member in good standing.

If you would like to nominate (or self-nominate) a candidate, please send an email to board2012@dns-oarc.net with a brief background. We will be asking nominees for a statement of interest.

The list of current nominees is available online and will be updates as candidates step forward. (https://www.dns-oarc.net/oarc/workshop-201210/elections).

Cut off for nominations is September 30th.

If you have any questions, please don't hesitate to contact me directly.

Thanks

Matt Larson
Chairman, DNS-OARC
mlarson@verisign.com

Submitted by wayne@dns-oarc.net on Tue, 2012-09-11 22:50 categories [ ]

Tracking the Number of Signed TLDs

Using the same data as OARC's Root Zone Trends, we also have simple graphs showing the count and percentage of TLDs (including any IANA testbed TLDs) signed with DNSSEC. More correctly, this is the number of TLDs with one or more DS records published in the root zone. There may be some signed TLDs that haven't published DS records, and there may be some TLDs publishing bad DS records.

These graphs are updated daily.



(click for full size)

Submitted by wessels@dns-oarc.net on Thu, 2012-06-14 16:35

Mitigating DNS Denial of Service Attacks

The DNS protocol is, unfortunately, an effective Denial-of-Service attack vector for a few reasons:
  • DNS generally uses the connectionless User Datagram Protocol (UDP) as its transport.
  • Many autonomous systems allow source-spoofed packets to enter their network.
  • There is no shortage of Open Resolvers on the Internet.

These three factors mean that attackers can create large amounts of unwanted response packets by reflecting DNS queries off open resolvers. In such an attack, a DNS query is generated with spoofed source IP addresses belonging to the victim.

You can help reduce the effectiveness of these attacks by following the recommendations described below:

Submitted by wessels@dns-oarc.net on Thu, 2012-03-29 17:17

Call for Nominees - 2011 OARC Board of Directors

At the upcoming AGM DNS-OARC members will be electing two directors for its board of directors.

We are looking for nominations for candidates willing to serve a two-year term on the Board and contribute to the continued growth of OARC. The Board meets monthly, by teleconference, to review DNS-OARC operations. We expect our directors to actively contribute to the various ongoing, email based, discussions and provide feedback as needed.

An ideal candidate will be one with the business experience to help formulate strategy and guide the policy that drives DNS-OARC. To be eligible, a candidate must be from an DNS-OARC Member in good standing.

Submitted by wayne@dns-oarc.net on Tue, 2011-08-09 17:12 categories [ ]

DNS Operations Trust Group

Dear colleagues,

I am pleased to announce the formation of the DNS-OARC DNS Operations
Trust Group. This group is an evolution of a previous secure
operations mailing list and is intended to enable and encourage secure
exchange of operational information about the DNS for the purpose of
promoting and improving the security and stability of the global DNS.
New participants will be vetted by the existing membership with the
intent to produce a group with the greatest level of trust possible.
The new platform this trust group resides on has much better
mechanisms for vetting members and managing the list members, which we
believe will lead to better communication for everyone involved.

The trust group's scope is the identification, discussion, and

Submitted by Anonymous on Mon, 2011-06-13 21:02 categories [ ]

The 2011 Workshop on DNS Health and Security

DNS-OARC is pleased to announce our involvement in the DNS EASY 2011 conference being held this fall in Rome. Focusing on Security, DNS EASY 2011 does not replace our traditional fall workshop and AGM (which will be announced soon) but serves provides specific focus for a broader audience than is typical for DNS-OARC workshops.

The 2011 workshop on DNS HEALTH & SECURITY (DNS EASY 2011) October 18-20, 2011
GCSEC headquarters
Rome, Italy

http://dnseasy.gcsec.org

A joined event GCSEC - ICANN - DNS-OARC

SCOPE

Submitted by wayne@dns-oarc.net on Mon, 2011-06-13 20:02 categories [ ]

IPv6-Day DITL Data Collection

A Day in the Life of the Internet is a large-scale data collection project undertaken by CAIDA and OARC every year since 2006. In addition to the recently completed 2011 collection, DNS-OARC is sponsoring a IPv6-Day collection. If you would like to participate by collecting and contributing DNS packet captures, please subscribe to the DITL mailing list.

Participation Requirements

Submitted by wayne@dns-oarc.net on Fri, 2011-05-13 14:19