OARConline 32b at a glance
149 watched the webinar (175 Registered)
.. from 34 countries
.. representatives from at least 74 organisations
.. 22 (15%) were first time attendees at an OARC workshop
.. 116 from OARC Member organizations
.. 10 from OARC Supporter organizations
.. 147 max concurrent viewsThere were 5 Speakers and 4 Presentations
Archives
We have an archive of presentations and recordings for our meetings.
All the OARConline 32b presentation slides are linked to each of the agenda items at:
OARConline 32b Workshop AgendaThe video recordings will be made available on the OARC YouTube channel and linked to each agenda item once they are ready to be published.
Tidbits
4 Talks ; 5 Speakers
The Current State of DNS Resolvers and RPKI Protection
Willem Toorop from NLNet Labs spoke about a couple of MSc students at the University of Amsterdam who looked into RPKI protection for DNSSEC-validating resolvers. Their experiment used a Canary domain (seen previously for other work related to DNSSEC validation) and prefixes with valid and invalid ROAs. RIPE Atlas probes were used for testing from different parts of the world.
Results from the research were interesting. As an example, it was shown that providers in the Netherlands, such as XS4ALL, saw 100% of their prefixes protected, compared to Cloudflare who only had 75% of their prefixes protected!
The research was conducted with the help of NLNET Labs, Job Snijders (NTT) and Emile Aben (RIPE NCC).
LocalRoot — Serve yourself the DNS root plus
The LocalRoot project at USC’s Information Sciences Institute aims to see if a resolver can cache the whole root zone to save traffic sent to the root servers infrastructure.
Wes Hardaker (Twitter: @hardaker) explained how it benefits from using TSIG for notifications and AXFR to get updates to the root zone in seconds and preserve the security of the signed root zone. Most of the queries arriving at the root servers are for invalid TLDs and responses are faster if lookups are answered locally.
The much reduced bandwidth usage also provides the opportunity for a cost/benefit analysis on traffic saved!
Defragmenting DNS — Determining the optimal maximum UDP response size for DNS
DNS servers are mainly stateless, so PMTU discovery is not ideal because a server will receive an ICMP response that can’t be matched to a DNS query.
University of Amsterdam students Axel Koolhaas (Twitter: @shoaloak) and Tjeerd Slokker aimed to decipher the optimal EDNS message to avoid fragmentation over IPv4 and IPv6, for stub and open resolvers using custom authoritative DNS and RIPE Atlas probes as query sources.
The suggested EDNS buffer sizes are based on a balance between data capacity per packet and failure rate but with different values across IPv4 and IPv6.
Defining a DNS Statistical Core
Edward Lewis from ICANN explained the name of the project had changed to “The DNS Core Census” since submitting the abstract.
It is still in alpha state and tries to provide a consistent way to distinguish the infrastructure of root and TLD nameservers along
with TLD zone data and any other questions you might ask during research.
The project is avoiding the collection of ccTLD data and only focusing on authoritative data. A question from the audience indicated it is hard to get ccTLD data.
Edward is seeking a small group of volunteers to help review the current work or help with analysis. See his contact details in the slides.
Patronage
Patronage shows support of the workshops over a period of a calendar year and enables OARC to be more effective in future planning, developing and organising workshops.
We would like to thank our patron so far in 2020: Verisign (Promoter level).
Anyone interested in becoming a Corporate Patron or even sponsor any of our individual workshops (we now have OARConline specific sponsorship opportunities), please refer to the DNS-OARC Workshop Patronage & Sponsorship document.
How
Some of the operations in the run up and on the day were slightly different to our first OARConline workshop as we had learned, adapted and implemented. As an example, we reduced the number of rehearsals this time around.
Anand Buddhdev (Twitter: @aabdnn), Jan Včelák (Twitter: @fcelda) and Ralph Dolmans from the Programme Committee led the development of the programme, with support from PC Chair Shumon Huque (Twitter: @shuque).
On the day itself, Matt Pounsett (Twitter: @mpounsett), Keith Mitchell (DualKei) and Denesh Bhabuta (Twitter: @dbhabuta) were the Producers (webinar hosts and admins); Anand and Ralph were the Presenters (session Chairs, timekeeping and Q&A); Jan and Ulrich Wisser (Twitter: @wisser) (with support from Denesh) managed audience engagement (Social Media, Workshop channel on OARC chat server).
We continued with doing rehearsals, but reduced it to just one this time.
Our meeting operations backchannel was on our new Mattermost based chat server which was used to relay messages to the crew and speakers during the workshop.
This was also the first time we used our Mattermost based chat server for collaboration between attendees during the Workshop. We had disabled the Zoom side chat and informed and encouraged delegates in advance to access the public Workshop channel on the chat server.
This continues to be a new experience for us as we constantly learn better (and newer) ways of doing things.
Save the Date — OARC 33
September 28th & 29th
OARC 33 will be an online only workshop with a longer programme and take place over two days which will also include the AGM.
The Call for Presentations is now open and registrations will open shortly. Further details at:
https://www.dns-oarc.net/oarc33With thanks to Jerry Lundström (Twitter: @lundstromjerry) and Sebastián Castro (Twitter: @secastro) for taking notes during the meeting.
