Presentation is loading. Please wait.

Presentation is loading. Please wait.

OARC Status Keith Mitchell OARC Programme Manager DNS Operations Meeting 27 th July 2007.

Published byJoanna Bridges Modified over 8 years ago

Similar presentations

Presentation on theme: "OARC Status Keith Mitchell OARC Programme Manager DNS Operations Meeting 27 th July 2007."— Presentation transcript:

1 OARC Status Keith Mitchell OARC Programme Manager DNS Operations Meeting 27 th July 2007

2 OARC Mission Provide trusted channels for Internet incident reporting and handling Facilitate confidential sharing of DNS operations data Interface with research community for analysis and publication Outreach to vendors, end-users and law enforcement

3 OARC Motivation DNS infrastructure makes everything work as expected DNS outage of any network service provider or large content provider affects everyone using the Internet The DNS is increasingly involved:  as abuse victim  as abuse vector  for abuse detection and mitigation

4 OARC Motivation Increasing incidence of attacks against the DNS DNS increasingly implicated in and compromised by Botnet activity A lot of unwanted traffic on the Internet is a result of DNS misconfiguration  e.g. in-addr queries to RFC1918 addresses New DNS technology challenges  DNSSEC, IDN, ENUM, IPv6

5 OARC Members Afillias AFNIC APNIC Autonomica BFK Cambridge Univ ChangeIP.com CIRA Cisco Cogent CZ.NIC Damballa DENIC eNom EP.net F-root Georgia Tech Google ICANN II-F Internet Perils ISC ISoc-IL JPRS Microsoft NASA Ames NASK NIC.CL NIDA NLnet Labs  Nominet UK  NTT  OpenDNS  PIR  Registro.BR  RIPE NCC  Shinkuro  SIDN  Team Cymru  UMR.edu  NeuStar/uDNS  UMD.edu  VeriSign  Yahoo!  WIDE

6 OARC Member Services DSC Data Gathering Data Analysis  Member-only mailing list  Other closed DNS mailing lists  Encrypted jabber.oarc.isc.org chat server  https://oarc.isc.org portal

7 OARC Public Services Twice-yearly open meetings for DNS researchers and operators mailing list http://public.oarci.net website Home for:  “Orphan Projects”  “Flood Victims”

8 OARC 2007 Progress Data gathering for DITL project, Jan  CAIDA DatCat workshop Co-ordination and data gathering during root attack, Feb Outreach during NANOG, RIPE, CENTR, UKNOF, AusCERT etc meetings 7 new members, mostly paying Chicago meetings, Jul

9 “Day in the Life of the Internet” Wide-ranging collaborative research project to improve “network science” by building up baseline of regular Internet measurement data over 48-hour periods See http://www.caida.org/projects/ditl/ DNS data gathered via OARC is one part of this

10 DITL 8-10 th Jan 2007 OARC has supported this annually since 2004 DNS query data gathered close to participating root and TLD servers using tcpdump into “PCAP” files Uploaded via ssh script to central OARC RAID system Available to OARC members for analysis

11 DITL Jan 2007 Participants c.root-servers.netCogent e.root-servers.net NASA f.root-servers.netISC k.root-servers.netRIPE NCC m.root-servers.netWIDE as112.namex.itNaMEX b.orsn-servers.net FunkFeur m.orsn-servers.netBrave GmbH

12 DITL Challenges Too much data  problem of success !  ran out of disk space 2 hours before end  “in-flight” upgrade to fix this... Limited space on collecting servers Bandwidth loss due to Taiwan quake Too close to seasonal holiday Bleeding-edge platforms

13 DITL Lessons Learned Do pending upgrades and estimate of data volumes before you start ! Simple legalities = enlarged participation ☺ Data uploading was harder than gathering  dry-runs helpful Disable auto-rotation Generate, preserve, share and validate data MD5 checksums Upgraded hardware performed well overall

14 DITL Results OARC RAID now holds over 2TB of data  available for research analysis  space for at least as much again Report summarising outcomes available to participants and OARC members More roots interested for next time Left us in great shape to do it again without notice 4 weeks later...

15 Root DDoS Attack

16 Aggregated traffic on F root

17 Attack Observations Anycast works !  end-users not really impacted  some F-root nodes impacted, but service overall maintained  non-anycast nodes (G, L) hit hardest Further presentations and analysis by John Kristoff (UltraDNS) and Steve Conte (ICANN) during this meeting

18 OARC Futures Additional resources required Further develop trusted communications model “Passive DNS” - major project to aggregate live DNS resolver data  seeking infrastructure funding and partners

19 OARC Further Info Web:https://oarc.isc.org E-mail:keith_mitchell@isc.org Jabber:keith@jabber.oarc.isc.org Phone:+1 650 423 1348 (EST) +44 778 534 6152 Paper: http://public.oarci.net/files/oarc-briefing.pdf http://public.oarci.net/dns-operations/workshop-2007/Mitchell-OARC-status.pdf

20 Questions ?

Download ppt "OARC Status Keith Mitchell OARC Programme Manager DNS Operations Meeting 27 th July 2007."

Similar presentations

DITL & APNIC George Michaelson APNIC 26, Christchurch.

DITL & APNIC George Michaelson APNIC 26, Christchurch.
DITL 2008-2009 George Michaelson APNIC

DITL George Michaelson APNIC
L-Root: Expanding Distribution in Africa. 2 One of 13 root name servers containing Internet Protocol addresses Operated by ICANN using anycast technology.

L-Root: Expanding Distribution in Africa. 2 One of 13 root name servers containing Internet Protocol addresses Operated by ICANN using anycast technology.
State of DNS Security Extensions Edward Lewis February 26, 2001 APRICOT 2001 Panel.

State of DNS Security Extensions Edward Lewis February 26, 2001 APRICOT 2001 Panel.
DNS DOMAIN NAME SYSTEM NAME SYSTEM By Lijo George.

DNS DOMAIN NAME SYSTEM NAME SYSTEM By Lijo George.
DNS root server deployments George Michaelson DNS operations SIG APNIC17/APRICOT 2004 Feb 23-27 2004 KL, Malaysia.

DNS root server deployments George Michaelson DNS operations SIG APNIC17/APRICOT 2004 Feb KL, Malaysia.
APNIC Update RIPE 59 October 2009. Overview APNIC Services Update APNIC 28 policy outcomes APNIC Members and Stakeholder Survey Next APNIC Meetings.

APNIC Update RIPE 59 October Overview APNIC Services Update APNIC 28 policy outcomes APNIC Members and Stakeholder Survey Next APNIC Meetings.
OARC Status Keith Mitchell OARC Programme Manager Internet Systems Consortium OARC Workshop Seattle, 16 th Nov 2006.

OARC Status Keith Mitchell OARC Programme Manager Internet Systems Consortium OARC Workshop Seattle, 16 th Nov 2006.
World IPv6 Day Planning San Jose, Dec 7 2010. Rough Agenda Agenda Bash Press Release Website Involving Others Remaining Open Issues.

World IPv6 Day Planning San Jose, Dec Rough Agenda Agenda Bash Press Release Website Involving Others Remaining Open Issues.
Root Server Attacks on 6 Feb 2007 A perspective from the L Root Server Steve Conte - ICANN / L Root

Root Server Attacks on 6 Feb 2007 A perspective from the L Root Server Steve Conte - ICANN / L Root
APNIC Update AfriNIC 12 May 2010 Sanjaya Services Director, APNIC.

APNIC Update AfriNIC 12 May 2010 Sanjaya Services Director, APNIC.
Building a More Trusted and Secure Internet RIPE 70, May 12 2015.

Building a More Trusted and Secure Internet RIPE 70, May
CS 3830 Day 10 Introduction 1-1. Announcements r Quiz #2 this Friday r Program 2 posted yesterday 2: Application Layer 2.

CS 3830 Day 10 Introduction 1-1. Announcements r Quiz #2 this Friday r Program 2 posted yesterday 2: Application Layer 2.
ITU-T Workshop April 2001 : IP Networking and MEDIACOM 2004 Telscom / HKP ngni-itu-april01.ppt to facilitate Global, Strategic and Innovative Next Generation.

ITU-T Workshop April 2001 : IP Networking and MEDIACOM 2004 Telscom / HKP ngni-itu-april01.ppt to facilitate Global, Strategic and Innovative Next Generation.
1 BCS, Oxfordshire, 19 February, 2004 WEB ARCHIVING issues and challenges Deborah Woodyard Digital Preservation Coordinator.

1 BCS, Oxfordshire, 19 February, 2004 WEB ARCHIVING issues and challenges Deborah Woodyard Digital Preservation Coordinator.
Engineering Report Mark Kosters. Staffing Operations – 7 operations engineers + 2 managers (AT FULL STRENGTH) Development – 8 programmers + manager (AT.

Engineering Report Mark Kosters. Staffing Operations – 7 operations engineers + 2 managers (AT FULL STRENGTH) Development – 8 programmers + manager (AT.
Keith Mitchell 1 RIPE 33, May 1999 RIPE NCC Executive Board Report Keith Mitchell ICANN Address Supporting Organisation.

Keith Mitchell 1 RIPE 33, May 1999 RIPE NCC Executive Board Report Keith Mitchell ICANN Address Supporting Organisation.
Global Partnerships ISOC ccTLD Workshop Guyana Feb 16, 2007.

Global Partnerships ISOC ccTLD Workshop Guyana Feb 16, 2007.
Keith Mitchellhttp://www.ripe.net/ RIPE ncc IP Address Space Governance Keith Mitchell Executive Board Chairman, RIPE NCC (Chief Executive, LINX) European.

Keith Mitchellhttp:// RIPE ncc IP Address Space Governance Keith Mitchell Executive Board Chairman, RIPE NCC (Chief Executive, LINX) European.
New gTLDs and the Stability of Root Service System CDAR Continuous Data-driven Analysis of Root Stability Enog 11, Moscow Jaap Akkerhuis (NLnet Labs)

New gTLDs and the Stability of Root Service System CDAR Continuous Data-driven Analysis of Root Stability Enog 11, Moscow Jaap Akkerhuis (NLnet Labs)

Similar presentations

Ads by Google