Michael Sinatra | 19 Dec 02:26 2014
Picon

Thread summary: knot-dns

Thread summary for dns-operations thread "knot-dns":

Total Messages: 38
Total Size: 298KB
Thread Content Summary: "It's another trade-off."

michael
Sebastian Castro | 19 Dec 00:04 2014
Picon

Call for Presentations - DNS-OARC Spring Workshop, May 2015

NOTE: Previous message contained the right information, but with the
title referring to the wrong year. Apologies for the noise.

The next OARC Spring Workshop will take place in Amsterdam on May 9th
and 10th, the weekend before RIPE70. OARC is requesting proposals for
presentations, with a preference for DDoS attack reports and mitigation
techniques. Reports and field stories can cover DNS-based DDoS attacks,
attacks to DNS infrastructure or side effects suffered by cache resolver
operators.

This workshop intends to build from previous strong OARC workshops,
where operational content and research is welcome. Presentations from
DNS operators are particularly welcome, as well as from DNS researchers.
All DNS-related subjects are accepted, introduction to new tools,
visualizations, DNSSEC and novel uses of the DNS.  If you are an OARC
member, and have a sensitive topic you would like to present for
members-only, we will accommodate those talks too. Adopting practice
from other conferences, a timeslot for lighting talks will be available
for short presentations (5 to 10 minutes).

Workshop Milestones
* 18 December 2014, Call for Presentations posted
* 8 January 2015, Open for submissions
* 5 March 2015, Deadline for submission
* 26 March 2015, Final Program published
* 7 May 2015, Final deadline for slideset submission

Details for abstract submission will be published here:

        https://indico.dns-oarc.net//conferenceCFA.py?confId=21
(Continue reading)

Sebastian Castro | 18 Dec 23:39 2014
Picon

Call for Presentations - DNS-OARC Spring Workshop, May 2014

The next OARC Spring Workshop will take place in Amsterdam on May 9th
and 10th, the weekend before RIPE70. OARC is requesting proposals for
presentations, with a preference for DDoS attack reports and mitigation
techniques. Reports and field stories can cover DNS-based DDoS attacks,
attacks to DNS infrastructure or side effects suffered by cache resolver
operators.

This workshop intends to build from previous strong OARC workshops,
where operational content and research is welcome. Presentations from
DNS operators are particularly welcome, as well as from DNS researchers.
All DNS-related subjects are accepted, introduction to new tools,
visualizations, DNSSEC and novel uses of the DNS.  If you are an OARC
member, and have a sensitive topic you would like to present for
members-only, we will accommodate those talks too. Adopting practice
from other conferences, a timeslot for lighting talks will be available
for short presentations (5 to 10 minutes).

Workshop Milestones
* 18 December 2014, Call for Presentations posted
* 8 January 2015, Open for submissions
* 5 March 2015, Deadline for submission
* 26 March 2015, Final Program published
* 7 May 2015, Final deadline for slideset submission

Details for abstract submission will be published here:

        https://indico.dns-oarc.net//conferenceCFA.py?confId=21

The workshop will be organized on different tracks, depending on the
topics and the timing of each presentation. If you are interested in a
(Continue reading)

David C Lawrence | 18 Dec 18:04 2014

Etisalat DNS hack

http://gulfnews.com/business/technology/domain-name-structure-of-etisalat-poisoned-1.1428889

This news report claims it was a cache poisoning, but it also reads
like it could have been hacked authoritative data.  Does anyone have
more information?
Roland Dobbins | 17 Dec 11:11 2014
Picon

ICANN CZDS, WHOIS, GAC Wiki compromise.

	
<https://www.icann.org/news/announcement-2-2014-12-16-en>

-----------------------------------
Roland Dobbins <rdobbins@...>
KSK Rollover SOI | 16 Dec 15:56 2014
Picon

Solicitation for Statements of Interest regarding Root KSK Rollover

ICANN, as the IANA functions operator, in cooperation with Verisign as the
Root Zone Maintainer and the National Telecommunications Information
Administration (NTIA) as the Root Zone Administrator, together known as
the Root Zone Management (RZM) partners, seek to develop a plan for
rolling the DNS root zone key-signing key (KSK). The KSK is used to sign
the
root zone zone-signing key (ZSK), which in turn is used to DNSSEC-sign the
Internet’s root zone. The Root Zone Partners are soliciting five to seven
volunteers from the community to participate in a Design Team to develop
the Root Zone KSK Rollover Plan (“The Plan”). These volunteers along with
the RZM partners will form the Design Team to develop The Plan.

Individuals interested in volunteering approximately 5 hours per week for
the Design Team should consult the announcement:

https://www.icann.org/en/system/files/files/ksk-soi-11dec14-en.pdf

and submit their Statement of Interest to ksk-rollover-soi <at> icann.org no
later than January 16, 2015.

_______________________________________________
dns-operations mailing list
dns-operations <at> lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Mark Andrews | 13 Dec 22:30 2014

OARC's DNS Reply Size Test Server is not EDNS compliant


OARC's DNS Reply Size Test Server is not EDNS compliant.  It does
not return a OPT record to EDNS requests.  This causes named from
BIND 9.10.0 and later to classify the servers as not EDNS compliant
and to only send plain DNS queries.  This in turn results in bug
reports saying we fail the test when it is the test that is broken.

--

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE:	+61 2 9871 4742		         INTERNET: marka@...
Dnsbed (Jeff | 13 Dec 14:30 2014

knot-dns

Hi,

Anyone knows this DNS server?
https://www.knot-dns.cz/

Their performance seems a lot better than BIND.
https://www.knot-dns.cz/pages/benchmark.html#tab-response-rate


--
Best Regards,
DNSbed Hosting

<div>
Hi,<br><br>
Anyone knows this DNS server?<br><a class="moz-txt-link-freetext" href="https://www.knot-dns.cz/">https://www.knot-dns.cz/</a><br><br>
Their performance seems a lot better than BIND.<br><a class="moz-txt-link-freetext" href="https://www.knot-dns.cz/pages/benchmark.html#tab-response-rate">https://www.knot-dns.cz/pages/benchmark.html#tab-response-rate</a><br><br><br><div class="moz-signature">-- <br>Best Regards,<br><a href="http://www.dnsbed.com/">DNSbed Hosting</a><br><br>
</div>
</div>
Mark E. Jeftovic | 13 Dec 14:25 2014

DNS ops: please refresh gov.on.ca and ontario.ca


Hello all,

Earlier I sent out a request for resolver operators to refresh their
cache for gov.on.ca (thank you to all who did).

Can you also make sure you refresh ontario.ca?

Correct IP for www.gov.on.ca is 54.208.81.96

Correct IPs for gov.on.ca nameservers are:

Name servers:
    ens1.gov.on.ca     204.41.8.240
    ens2.gov.on.ca     204.41.4.240

Correct IP for ontario.ca is 54.208.81.96

Thank you all.

- mark

--

-- 
Mark E. Jeftovic <markjr@...>
Founder & CEO, easyDNS Technologies Inc.
+1-(416)-535-8672 ext 225
Read my blog: http://markable.com
Mark E. Jeftovic | 13 Dec 03:49 2014

resolver ops: please refresh gov.on.ca


All resolver nameserver operators, if you could refresh your caches for
gov.on.ca

There has been an incident where the government of ontario nameservers
were briefly hijacked

We will post details to follow

in the meantime, if you can refresh your caches, the proper records
should be:

ens2.gov.on.ca 204.41.4.240
ens1.gov.on.ca  204.41.8.240

thank you all

- mark

--

-- 
Mark E. Jeftovic <markjr@...>
Founder & CEO, easyDNS Technologies Inc.
+1-(416)-535-8672 ext 225
Read my blog: http://markable.com

Stephane Bortzmeyer | 10 Dec 13:58 2014
Picon

1&1 down

For more or less 15 hours (with some remissions). Seems very severe
now. Their own domains work but the customer-hosted domains are down:

% check-soa -n 5 -t 5 -i -ns "ns-us.1and1-dns.us ns-us.1and1-dns.de ns-us.1and1-dns.org
ns-us.1and1-dns.com" edmtrancefm.com
ns-us.1and1-dns.com.
        2001:8d8:fe:53:0:d9a0:5202:100: ERROR: Timeout
        217.160.82.2: ERROR: Timeout
ns-us.1and1-dns.de.
        2001:8d8:fe:53:0:d9a0:5002:100: ERROR: Timeout
        217.160.80.2: ERROR: Timeout
ns-us.1and1-dns.org.
        217.160.83.2: OK: 2014111202 (1642 ms)
        2001:8d8:fe:53:0:d9a0:5302:100: ERROR: Timeout
ns-us.1and1-dns.us.
        2001:8d8:fe:53:0:d9a0:5102:100: ERROR: Timeout
        217.160.81.2: ERROR: Timeout

Not a lot of detail from 1&1:

http://status.1and1.com/incident/1135
https://twitter.com/1and1/status/542630456383242241

Gmane