BEGIN:VCALENDAR VERSION:2.0 PRODID:-//Pentabarf//Schedule 0.3//EN CALSCALE:GREGORIAN METHOD:PUBLISH X-WR-CALDESC;VALUE=TEXT:DNS devroom X-WR-CALNAME;VALUE=TEXT:DNS devroom X-WR-TIMEZONE;VALUE=TEXT:Europe/Brussels BEGIN:VEVENT METHOD:PUBLISH UID:7156@FOSDEM18@fosdem.org TZID:Europe-Brussels DTSTART:20180204T090000 DTEND:20180204T092000 SUMMARY:Zonemaster DESCRIPTION:
DNS is the backbone of the Internet. When one is not able to access to a content (such as a website), the first thing to do is to verify the DNS connectivity. This talk will provde an overview of an open source DNS checking tool called "Zonemaster" (https://github.com/dotse/zonemaster), developed and maintained by Afnic (www.afnic.fr) and IIS (www.iis.se).The talk will further delve into the architecture, different components (Engine, API, GUI, CLI) and its usages for different end-users such as general users, Companies operating DNS, Companies having a DNS portfolio of domain names and DNS geeks.
CLASS:PUBLIC STATUS:CONFIRMED CATEGORIES:DNS URL:https:/fosdem.org/2018/schedule/2018/schedule/event/dns_zonemaster/ LOCATION:AW1.121 ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Sandoche Balakrichenan":invalid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:7157@FOSDEM18@fosdem.org TZID:Europe-Brussels DTSTART:20180204T092500 DTEND:20180204T094500 SUMMARY:Repairing DNS at TLD scale DESCRIPTION:For DNS stability is important to delegate domains to correctly configured servers, but condition can change over the time. We are checking all 1.3 milions of domains regulary and try to poin on common mistakes. Presentation also show, how we deal with term "correct configuration" for atuhoritative DNS server
CLASS:PUBLIC STATUS:CONFIRMED CATEGORIES:DNS URL:https:/fosdem.org/2018/schedule/2018/schedule/event/dns_repairing_at_tld_scale/ LOCATION:AW1.121 ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Petr Černohouz":invalid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:6547@FOSDEM18@fosdem.org TZID:Europe-Brussels DTSTART:20180204T095000 DTEND:20180204T101000 SUMMARY:BIND 9 Past, Present, and Future DESCRIPTION:BIND 9 is now 17 years old, the latest stable version 9.12 was releases in December and the BIND 9 Team has adopted changes to adapt to the ever change Internet landscape.
CLASS:PUBLIC STATUS:CONFIRMED CATEGORIES:DNS URL:https:/fosdem.org/2018/schedule/2018/schedule/event/dns_bind9_past_present_future/ LOCATION:AW1.121 ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Ondřej Surý":invalid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:7106@FOSDEM18@fosdem.org TZID:Europe-Brussels DTSTART:20180204T101500 DTEND:20180204T104500 SUMMARY:Blame (and) DNS: debugging tutorial DESCRIPTION:How to find out who, where, and how broke your DNS resolution? What support line to call?
These are hard questions because today's DNS is very complex and even simplest query for an IP address might involve dozen different parties. In this tutorial we will walk though typical scenarios and use common tools to find out why things do not work as we expect and who to contact.
CLASS:PUBLIC STATUS:CONFIRMED CATEGORIES:DNS URL:https:/fosdem.org/2018/schedule/2018/schedule/event/dns_blame_debugging/ LOCATION:AW1.121 ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Petr Špaček":invalid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:7139@FOSDEM18@fosdem.org TZID:Europe-Brussels DTSTART:20180204T105000 DTEND:20180204T111000 SUMMARY:Living on the Edge DESCRIPTION:To improve system security to the next level, the DNS services used by applications at the end-point need recent standards implemented. Currently typical use of DNS by applications is limited to forwarding requests to the system's stub resolver, which in turn simply forwards it to the recursive resolver in the network which does all the heavy lifting; iterate over the authoritatives, secure the lookups with DNSSEC etc. This first-mile in the DNS eco-system (from application, via stub to the recursive resolver) is completely insecure and exposed. This makes the use of DANE (a secure alternative to the flawed CA based PKIX) impossible and also leaves end-users unprotected to DNS based connection hijacking and very exposed to eavesdropping attacks!
To deliver DANE and Privacy to the end-user, we need to address these issues as close to the end-user as possible. The getdns library is a resolver library for applications, providing a versatile stub resolver that takes care of all the difficulties and complexities that arise when these higher security and privacy demands need to be practiced for actual users instead of just networks.
CLASS:PUBLIC STATUS:CONFIRMED CATEGORIES:DNS URL:https:/fosdem.org/2018/schedule/2018/schedule/event/dns_living_on_the_edge/ LOCATION:AW1.121 ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Willem Toorop":invalid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:7107@FOSDEM18@fosdem.org TZID:Europe-Brussels DTSTART:20180204T111500 DTEND:20180204T113000 SUMMARY:DNSSEC for higher performace DESCRIPTION:"Security slows down everything." Or not? This talk will explain how aggressive use of DNSSEC-validated cache (aka RFC 8198) boosts DNS performance, and why signing your own domain can provide higher security and performance at the same time.
CLASS:PUBLIC STATUS:CONFIRMED CATEGORIES:DNS URL:https:/fosdem.org/2018/schedule/2018/schedule/event/dns_aggressive_nsec/ LOCATION:AW1.121 ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Petr Špaček":invalid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:6801@FOSDEM18@fosdem.org TZID:Europe-Brussels DTSTART:20180204T113500 DTEND:20180204T120000 SUMMARY:Melting the Snow DESCRIPTION:Snowshoe spam is a type of spam which is hard to detect. This is because the spammer tries to spread out the sending load over many host in order to evade detection.
Our method combines active DNS measurements with Machine Learning to detect snowshoe spam domains with a time advantage over regular methods.
CLASS:PUBLIC STATUS:CONFIRMED CATEGORIES:DNS URL:https:/fosdem.org/2018/schedule/2018/schedule/event/dns_melting_the_snow/ LOCATION:AW1.121 ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Olivier van der Toorn":invalid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:7123@FOSDEM18@fosdem.org TZID:Europe-Brussels DTSTART:20180204T120500 DTEND:20180204T123500 SUMMARY:DNS privacy, where are we? DESCRIPTION:The DNS privacy project started in november 2013 at the IETF meetingin Vancouver, following Snowden's revelations. Where are we today? Wehave a problem statement (RFC 7626), standard solutions (QNAMEminimisation, DNS over TLS), running code (such as the getdns library)and actual deployments (such as the Quad9 public resolver). The talkwill examine the current state of the project. It is intended forpeople who have a general knowledge of DNS, but you don't need to bean expert.
CLASS:PUBLIC STATUS:CONFIRMED CATEGORIES:DNS URL:https:/fosdem.org/2018/schedule/2018/schedule/event/dns_privacy/ LOCATION:AW1.121 ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Stéphane Bortzmeyer":invalid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:7146@FOSDEM18@fosdem.org TZID:Europe-Brussels DTSTART:20180204T124000 DTEND:20180204T125500 SUMMARY:DNS-based discovery for OpenID Connect DESCRIPTION:OpenID Connect is a widely deployed standard to implement single-sign-on in the web. While the existing protocol discovery mechanisms might be well-suited for the current social media login deployment status (that is, a handful of islands of identity providers and Facebook&Google coping with 90%+ of the market share), a better mechanism would be needed for a real federated, distributed environment.
CLASS:PUBLIC STATUS:CONFIRMED CATEGORIES:DNS URL:https:/fosdem.org/2018/schedule/2018/schedule/event/dns_openid_discovery/ LOCATION:AW1.121 ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Marcos Sanz Grossón":invalid:nomail END:VEVENT END:VCALENDAR