Colleagues, my apologies for the delay in getting the agenda prepared and distributed for next week. At long last, here it is. Please note one or two items have not get been confirmed, so there may be some changes between now and next Wednesday. Although I don't expect there will be any, it would be unwise to make life-changing decisions on the assumption that the V1.4 agenda remains unchanged. Hope to see most of you in Warsaw next week. # # $Id: agenda,v 1.4 2014/05/07 11:00:29 jim Exp $ # PROVISIONAL AGENDA: RUNNING ORDER, TIMES & EVEN CONTENT MAY CHANGE [0] Usual Administrivia 5 mins Agenda bashing Minutes of previous meeting Review of Action Items [1] NCC Report 15 mins Stuckee, RIPE NCC [2] DDoS Forensics 25 mins Curon Davies, JISC RSC Wales As a result of daily attacks against a Further Education College in Wales, a connection was noticed between changing DNS entries and the attacked IP address. Using innovative DNS responses inspired by GeoDNS and logging all requests to the authoritative server, it has been possible to trace the source of DDoS and spoofed flood attacks. [3] Measuring DNSSEC validation deployment 15 mins Nicolas Canceill, NLnet Labs We have executed a research in which the RIPE Atlas measurement network was utilized to quantify the amount/percentage of resolvers that do DNSSEC validation. We were not only able to identify which resolvers do DNSSEC validation, but also which resolvers are security-aware (and to which level). Moreover, during the research some particular cases have been found: the existence of insecure fallbacks in case of missing signatures, and a troublesome issue with secure wildcard records. [4] Measuring DNSSEC from the end user perspective 30 mins Geoff Huston, APNIC The presentation explores the technique of measuring the characteristics of the DNS and its performance by posing a set of DNS questions to end users and observing the queries that occur at the authoritative servers in response. Using online advertising channels the tests can be undertaken at a level of high volume and broad spread across the Internet. The presentation will describe the use of this technique in measuring DNSSEC validation, DNS over TCP, DNS performance and similar. LUNCH [5] Report from Ad-hoc ccTLD group 10 mins Peter Koch, DENIC [6] Registry Infrastructure Transformation 20 mins Michael Daly, Nominet In the past 24 months Nominet the UK Registry have completely transformed the infrastructure that is used to deliver the UK Registry services. The infrastructure has been moved to be much more agile and highly available. This presentation will detail some of the choices we made and methods we used to deploy and manage our infrastructure. [7] Google DNS hijacking in Turkey 30 mins Stephane Bortzmeyer, AFNIC In March 2013, the Turkish government decided to prevent access to Twitter. It used some well-known techniques but also one which have not been documented in the real world before: using routing to hijack DNS resolvers such as Google Public DNS. What exactly happened and what could be done to prevent that? [8] DNSMON Developments 10 mins Stuckee, RIPE NCC [9] DNS Monitoring Common Practices/APIs Panel Session 15 mins To be confirmed [10] AOB 5 mins