Development Update #1711
Here are some DNS-OARC development highlights for the past months. These updates are usually sent out on a bi-monthly basis but this one has been delayed a bit due to work surrounding OARC27 and holiday. Previous updates can be found on our Medium page.
We tried something new for this conference, a “demo booth”!
During the breaks we had a setup in the back of the room to demonstrate the features of Check My DNS and drool. It was quite successful with a lot of people coming by to poke and ask questions so this will definitely be something to continue with!
At OARC27 there were two presentations that mentioned using drool to replay DNS traffic. First was Petr Spacek (CZ.NIC) about decreasing the access time to Root Servers by running one on loopback (RFC7706) and used drool to replay recorded traffic against different test setups.
Second was Vincent Levigneron (AFNIC) on exercising your organization which used drool to simulate DDoS attacks by replaying legitimate traffic on the targeted interfaces. Unfortunate, on AFNIC’s request, the presentation slides are not available outside of the OARC27 workshop.
We recently received another grant from the Comcast Innovation Fund to continue the development of drool! Focus for this round will be parsing responses and matching them against what’s in the content being replayed. Expect betas and release candidates to be available during Q2 next year.
dnscap + RSSM plugin
The Root Server Scaling Measurement (RSSM) plug-in for dnscap was developed in 2013 on request by the ICANN Root Server System Advisory Committee (RSSAC) to monitor and establish a baseline trend of the root server system (RSSAC002).
With the help of Verisign we are now updating the plug-in to the very latest specifications by RSSAC, namely RSSAC002v3. This update also includes major overhaul of the network code and will add support for IP fragmentations and long lived TCP sessions.
Check My DNS command line client
With this client you can get all the data that is produced by the checks and, unlike the web application which uses whatever the browser uses, it has the option to test a specific resolver!