Image for post
Image for post
Meet OARConline 32b Mascot — Teddy Care. Photo used in image is by Volodymyr Hryshchenko on Unsplash

OARConline 32b Workshop Report

Tuesday, August 11th 2020

Contents1. OARConline 32b at a glance
2. Archives
3. Tidbits
4. Patronage
5. How
6. Follow Us

OARConline 32b at a glance

149 watched the webinar (175 Registered)
.. from 34 countries
.. representatives from at least 74 organisations
.. 22 (15%) were first time attendees at an OARC workshop
.. 116 from OARC Member organizations
.. 10 from OARC Supporter organizations
.. 147 max concurrent views
There were 5 Speakers and 4 Presentations
Image for post
Image for post
Distribution of attendees by continent


We have an archive of presentations and recordings for our meetings.

All the OARConline 32b presentation slides are linked to each of the agenda items at:

OARConline 32b Workshop Agenda

The video recordings will be made available on the OARC YouTube channel and linked to each agenda item once they are ready to be published.

Image for post
Image for post
An image used on social media in the run up to OARConline 32a


4 Talks ; 5 Speakers

The Current State of DNS Resolvers and RPKI Protection

Willem Toorop from NLNet Labs spoke about a couple of MSc students at the University of Amsterdam who looked into RPKI protection for DNSSEC-validating resolvers. Their experiment used a Canary domain (seen previously for other work related to DNSSEC validation) and prefixes with valid and invalid ROAs. RIPE Atlas probes were used for testing from different parts of the world.

Results from the research were interesting. As an example, it was shown that providers in the Netherlands, such as XS4ALL, saw 100% of their prefixes protected, compared to Cloudflare who only had 75% of their prefixes protected!

The research was conducted with the help of NLNET Labs, Job Snijders (NTT) and Emile Aben (RIPE NCC).

LocalRoot — Serve yourself the DNS root plus

The LocalRoot project at USC’s Information Sciences Institute aims to see if a resolver can cache the whole root zone to save traffic sent to the root servers infrastructure.

Wes Hardaker (Twitter: @hardaker) explained how it benefits from using TSIG for notifications and AXFR to get updates to the root zone in seconds and preserve the security of the signed root zone. Most of the queries arriving at the root servers are for invalid TLDs and responses are faster if lookups are answered locally.

The much reduced bandwidth usage also provides the opportunity for a cost/benefit analysis on traffic saved!

Defragmenting DNS — Determining the optimal maximum UDP response size for DNS

DNS servers are mainly stateless, so PMTU discovery is not ideal because a server will receive an ICMP response that can’t be matched to a DNS query.

University of Amsterdam students Axel Koolhaas (Twitter: @shoaloak) and Tjeerd Slokker aimed to decipher the optimal EDNS message to avoid fragmentation over IPv4 and IPv6, for stub and open resolvers using custom authoritative DNS and RIPE Atlas probes as query sources.

The suggested EDNS buffer sizes are based on a balance between data capacity per packet and failure rate but with different values across IPv4 and IPv6.

Defining a DNS Statistical Core

Edward Lewis from ICANN explained the name of the project had changed to “The DNS Core Census” since submitting the abstract.

It is still in alpha state and tries to provide a consistent way to distinguish the infrastructure of root and TLD nameservers along
with TLD zone data and any other questions you might ask during research.

The project is avoiding the collection of ccTLD data and only focusing on authoritative data. A question from the audience indicated it is hard to get ccTLD data.

Edward is seeking a small group of volunteers to help review the current work or help with analysis. See his contact details in the slides.


Patronage shows support of the workshops over a period of a calendar year and enables OARC to be more effective in future planning, developing and organising workshops.

Image for post
Image for post

We would like to thank our patron so far in 2020: Verisign (Promoter level).

Anyone interested in becoming a Corporate Patron or even sponsor any of our individual workshops (we now have OARConline specific sponsorship opportunities), please refer to the DNS-OARC Workshop Patronage & Sponsorship document.

Image for post
Image for post
The OARConline 32b Crew and Speakers in the “Meeting Operations Room”


Some of the operations in the run up and on the day were slightly different to our first OARConline workshop as we had learned, adapted and implemented. As an example, we reduced the number of rehearsals this time around.

Anand Buddhdev (Twitter: @aabdnn), Jan Včelák (Twitter: @fcelda) and Ralph Dolmans from the Programme Committee led the development of the programme, with support from PC Chair Shumon Huque (Twitter: @shuque).

On the day itself, Matt Pounsett (Twitter: @mpounsett), Keith Mitchell (DualKei) and Denesh Bhabuta (Twitter: @dbhabuta) were the Producers (webinar hosts and admins); Anand and Ralph were the Presenters (session Chairs, timekeeping and Q&A); Jan and Ulrich Wisser (Twitter: @wisser) (with support from Denesh) managed audience engagement (Social Media, Workshop channel on OARC chat server).

We continued with doing rehearsals, but reduced it to just one this time.

Our meeting operations backchannel was on our new Mattermost based chat server which was used to relay messages to the crew and speakers during the workshop.

This was also the first time we used our Mattermost based chat server for collaboration between attendees during the Workshop. We had disabled the Zoom side chat and informed and encouraged delegates in advance to access the public Workshop channel on the chat server.

This continues to be a new experience for us as we constantly learn better (and newer) ways of doing things.

Save the Date — OARC 33

September 28th & 29th

OARC 33 will be an online only workshop with a longer programme and take place over two days which will also include the AGM.

The Call for Presentations is now open and registrations will open shortly. Further details at:

Follow us

You may follow us here on our DNS-OARC account on Medium and via our various social media channels:

Twitter: @dnsoarc
YouTube Channel: @dnsoarc
LinkedIn Page: DNS-OARC
Facebook Page: dnsoarc
Instagram: dnsoarc

With thanks to Jerry Lundström (Twitter: @lundstromjerry) and Sebastián Castro (Twitter: @secastro) for taking notes during the meeting.

Domain Name System Operations Analysis and Research Center

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store