Buying or Selling IPv4 Addresses?

Watch this video to discover how ACCELR/8, a transformative trading platform developed by industry veterans Marc Lindsey and Janine Goodman, enables organizations to buy or sell IPv4 blocks as small as /20s.

Avenue4 LLCRead Message Promoted Post

Home / Industry

Join Paul Vixie & Robert Edmonds at the Upcoming Distinguished Speaker Series

Verisign Labs Distinguished Speaker Series is a quarterly forum to bring together members of the technical community to network and listen to distinguished speakers about issues related to internet technology.

Discussion: Passive DNS Collection and Analysis – the "DNSTAP" Approach

DNS is a high volume low latency datagram protocol at the heart of the Internet — it enables almost all other traffic flows. Any analysis of network traffic for security purposes will necessarily include contemporaneous DNS traffic which might have resulted from or directed that traffic. Netflow by itself can answer the question, "what happened?" but it cannot by itself answer the equally important question, "why?"

Collecting DNS query and response data has always been challenging due to the impedance mismatch between DNS as an asynchronous datagram service and available synchronous persistent storage systems. Success in DNS telemetry has historically come from the PCAP/BPF approach, where the collection agent reassembles packets seen 'on the wire' into DNS transaction records, with complete asynchrony from the DNS server itself. It is literally and always preferable to drop transactions from the telemetry path than to impact the operation a production DNS server in any way.

BPF/PCAP is not a panacea, though, since the complexity of state-keeping means that most passive DNS collectors are blind to TCP transactions, and all are blind to data elements which don't appear on the wire, such as cache purge or cache expiration events, or to "view" identifiers or current delegation point. The Farsight Security team has therefore designed a new open source and open protocol system called "dnstap" with a transmission/reception paradigm that preserves the necessary lossiness of DNS transaction collection while avoiding the state-keeping of BPF/PCAP based systems.

The upcoming event will cover passive DNS including collection, sharing, post-processing, database construction, and access, using the Farsight Security system as a model. "dnstap" will be introduced in that context, including a status report and road-map.

Speakers

Paul Vixie – Dr. Paul Vixie is the CEO of Farsight Security. He previously served as President, Chairman and Founder of Internet Systems Consortium (ISC), as President of MAPS, PAIX and MIBH, as CTO of Abovenet/MFN, and on the boards of several for-profit and non-profit companies. He has served on the ARIN Board of Trustees since 2005, where he served as Chairman in 2008 and 2009, and is a founding member of ICANN Root Server System Advisory Committee (RSSAC) and ICANN Security and Stability Advisory Committee (SSAC). He operated the ISC's F-Root name server for many years, and is a member of Cogent's C-Root team. He is a sysadmin for Op Sec Trust.

Vixie has been contributing to Internet protocols and UNIX systems as a protocol designer and software architect since 1980. He wrote Cron (for BSD and Linux), and is considered the primary author and technical architect of BIND 4.9 and BIND 8, and he hired many of the people who wrote BIND 9. He has authored or co-authored a dozen or so RFCs, mostly on DNS and related topics, and of Sendmail: Theory and Practice (Digital Press, 1994). His technical contributions include DNS Response Rate Limiting (RRL), DNS Response Policy Zones (RPZ), and Network Telemetry Capture (NCAP). He earned his Ph.D. from Keio University for work related to DNS and DNSSEC.

Robert Edmonds – Robert Edmonds is a software developer at Farsight Security. He is responsible for maintaining several core components of Farsight's Security Information Exchange (SIE) and DNSDB products, including the 'nmsg' network message encapsulation library, the 'mtbl' immutable sorted string table library, and the 'wdns' low-level DNS library. His current projects include the development of 'dnstap', a framework for exporting event data from DNS software, and the ongoing maintenance of 'protobuf-c', a C implementation of the "Protocol Buffers" data serialization format.


Event Date & Time

Wednesday, December 17, 2014
8:30 a.m. – 10:30 a.m.

Event Location

Verisign Reston Headquarters
12061 Bluemont Way
Reston, VA 20190
(703) 948-3200

Agenda

Breakfast/Networking (8:30 – 9:00 am)
Presentation (9:00 – 10:00 am)
Networking (10:00 – 10:30 am)

Registration Page

Questions? Contact Verisign’s Events Team at eventsteam@verisign.com

Verisign

About Verisign – Verisign, a global leader in domain names and internet security, enables internet navigation for many of the world's most recognized domain names and provides protection for websites and enterprises around the world. Verisign ensures the security, stability and resiliency of key internet infrastructure and services, including the .com and .net domains and two of the internet's root servers, as well as performs the root-zone maintainer functions for the core of the internet's Domain Name System (DNS). Visit Page

Related topics: DNS
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Related

Topics

Mobile Internet

Sponsored byAfilias

IP Addressing

Sponsored byAvenue4 LLC

DNS Security

Sponsored byAfilias

Cybersecurity

Sponsored byVerisign

Promoted Post

Buying or Selling IPv4 Addresses?

Watch this video to discover how ACCELR/8, a transformative trading platform developed by industry veterans Marc Lindsey and Janine Goodman, enables organizations to buy or sell IPv4 blocks as small as /20s.