NANOG Meeting Presentation Abstract

DNS-based censorship: theory and measurements
Meeting:	NANOG67
Date / Time:	2016-06-14 4:30pm - 5:00pm
Room:	Imperial Ballroom (B2 Level)
Presenters:	Speakers: Stphane Bortzmeyer, AFNIC Stéphane Bortzmeyer works for AFNIC, the domain name registry for the .fr Top-Level Domain. He works in DNS, security, standardization, blockchains, etc. When not playing with RIPE Atlas probes, he participates in the IETF and is the author of two DNS RFCs.
Abstract:	As explained in RFC 7754, "Technical Considerations for Internet Service Blocking and Filtering", it is tempting for a censor to attack, not the direct traffic or servers, but the rendezvous systems, the most obvious one being the DNS. In Europe, but also in other places, several countries implemented a DNS-based censorship system, mandating the ISP to configure their DNS resolvers to lie (providing other answers than what the authoritative name server wanted). I will explain the various choices and possibilities of DNS-based censorship, as well as the workarounds. Of course, switching to a non-lying resolver is easy. But we'll see it's not so easy and that it is only the start of a arms race, specially giving the fact that "alternative" resolvers are often not secured, and therefore can be hijacked. I will show examples and statistics on the actual deployment, both of the censorship and of the workarounds. This will mostly be done with RIPE Atlas probes. They allow to perform detailed measurements of DNS data, even in countries where you've never been. Note: this will be the continuation of this article: https://labs.ripe.net/Members/stephane_bortzmeyer/dns-censorship-dns-lies-seen-by-atlas-probes/ and this talk: https://ripe68.ripe.net/presentations/158-bortzmeyer-google-dns-turkey.pdf
Files:	Bortzmeyer_DNS-based censorship(PDF) DNS-based censorship: theory and measurements
Sponsors:	None.

Back to NANOG67 agenda.

NANOG67 Abstracts

• Show All

• Conference Opening
  Moderators:
  Daniel Golding, NANOG Board, Google; Speakers:
  Peter JacobyRCN; .
  L Sean Kennedy, XO Communications; Don MacNeilJay Borkenhagen.
  

• Conference Opening
  Moderators:
  Daniel Golding, NANOG Board, Google; Speakers:
  Peter JacobyRCN; .
  L Sean Kennedy, XO Communications; Don MacNeilJay Borkenhagen.
  

• Conference Opening
  Moderators:
  Daniel Golding, NANOG Board, Google; Speakers:
  Peter JacobyRCN; .
  L Sean Kennedy, XO Communications; Don MacNeilJay Borkenhagen.
  

• Conference Opening
  Moderators:
  Daniel Golding, NANOG Board, Google; Speakers:
  Peter JacobyRCN; .
  L Sean Kennedy, XO Communications; Don MacNeilJay Borkenhagen.
  

• Conference Opening
  Moderators:
  Daniel Golding, NANOG Board, Google; Speakers:
  Peter JacobyRCN; .
  L Sean Kennedy, XO Communications; Don MacNeilJay Borkenhagen.
  

• The Real Cost of Public IXPs
  Speakers:
  David Temkin, Netflix;

• NANOG 67 Hackathon team black hole route monitor
  Speakers:
  John Kristoff, DePaul University;

• NANOG 67 Hackathon team take-off
  Speakers:
  Chris WoodfieldTwitter; .
  Peter Hoose, Facebook, Inc.;

• NANOG 67 Hackathon team take-off
  Speakers:
  Chris WoodfieldTwitter; .
  Peter Hoose, Facebook, Inc.;

• NCI TNG: NANOG, The Next Generation
  Moderators:
  David Temkin, Netflix; Panelists:
  Daniel Golding, NANOG Board, Google; Jesse Sowell, Stanford; Kevin Epperson.
  Ronald Kovac

• NCI TNG: NANOG, The Next Generation
  Moderators:
  David Temkin, Netflix; Panelists:
  Daniel Golding, NANOG Board, Google; Jesse Sowell, Stanford; Kevin Epperson.
  Ronald Kovac

• NCI TNG: NANOG, The Next Generation
  Moderators:
  David Temkin, Netflix; Panelists:
  Daniel Golding, NANOG Board, Google; Jesse Sowell, Stanford; Kevin Epperson.
  Ronald Kovac

• NCI TNG: NANOG, The Next Generation
  Moderators:
  David Temkin, Netflix; Panelists:
  Daniel Golding, NANOG Board, Google; Jesse Sowell, Stanford; Kevin Epperson.
  Ronald Kovac

• NCI TNG: NANOG, The Next Generation
  Moderators:
  David Temkin, Netflix; Panelists:
  Daniel Golding, NANOG Board, Google; Jesse Sowell, Stanford; Kevin Epperson.
  Ronald Kovac

• Network Support for TCP Fast Open
  Speakers:
  Christoph Paasch, Apple;

• Elliptic curves to the rescue: tackling availability and attack potential in DNSSEC
  Speakers:
  Roland van Rijswijk-Deij, SURFnet;

• Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
  Moderators:
  Sandra Murphy, Parsons, Inc.; Doug Montgomery, National Institute of Standards and Technologies (NIST); Panelists:
  Tony Tauber, Comcast; Rick Mayberry, Microsoft; John Scudder, Juniper Networks; Thomas KingHenk Steenman, AMS-IX; Greg Hankins, Nokia; Mark Kosters, ARIN; Arjun SreekantiahCisco; .
  Keyur Patel, Cisco; Matthias Wählisch, Freie Universitaet Berlin;

• Tutorial Everything You Always Wanted to Know About Optical Networking
  Speakers:
  Richard A Steenbergen, PacketFabric;

• Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
  Moderators:
  Sandra Murphy, Parsons, Inc.; Doug Montgomery, National Institute of Standards and Technologies (NIST); Panelists:
  Tony Tauber, Comcast; Rick Mayberry, Microsoft; John Scudder, Juniper Networks; Thomas KingHenk Steenman, AMS-IX; Greg Hankins, Nokia; Mark Kosters, ARIN; Arjun SreekantiahCisco; .
  Keyur Patel, Cisco; Matthias Wählisch, Freie Universitaet Berlin;

• Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
  Moderators:
  Sandra Murphy, Parsons, Inc.; Doug Montgomery, National Institute of Standards and Technologies (NIST); Panelists:
  Tony Tauber, Comcast; Rick Mayberry, Microsoft; John Scudder, Juniper Networks; Thomas KingHenk Steenman, AMS-IX; Greg Hankins, Nokia; Mark Kosters, ARIN; Arjun SreekantiahCisco; .
  Keyur Patel, Cisco; Matthias Wählisch, Freie Universitaet Berlin;

• Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
  Moderators:
  Sandra Murphy, Parsons, Inc.; Doug Montgomery, National Institute of Standards and Technologies (NIST); Panelists:
  Tony Tauber, Comcast; Rick Mayberry, Microsoft; John Scudder, Juniper Networks; Thomas KingHenk Steenman, AMS-IX; Greg Hankins, Nokia; Mark Kosters, ARIN; Arjun SreekantiahCisco; .
  Keyur Patel, Cisco; Matthias Wählisch, Freie Universitaet Berlin;

• Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
  Moderators:
  Sandra Murphy, Parsons, Inc.; Doug Montgomery, National Institute of Standards and Technologies (NIST); Panelists:
  Tony Tauber, Comcast; Rick Mayberry, Microsoft; John Scudder, Juniper Networks; Thomas KingHenk Steenman, AMS-IX; Greg Hankins, Nokia; Mark Kosters, ARIN; Arjun SreekantiahCisco; .
  Keyur Patel, Cisco; Matthias Wählisch, Freie Universitaet Berlin;

• Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
  Moderators:
  Sandra Murphy, Parsons, Inc.; Doug Montgomery, National Institute of Standards and Technologies (NIST); Panelists:
  Tony Tauber, Comcast; Rick Mayberry, Microsoft; John Scudder, Juniper Networks; Thomas KingHenk Steenman, AMS-IX; Greg Hankins, Nokia; Mark Kosters, ARIN; Arjun SreekantiahCisco; .
  Keyur Patel, Cisco; Matthias Wählisch, Freie Universitaet Berlin;

• Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
  Moderators:
  Sandra Murphy, Parsons, Inc.; Doug Montgomery, National Institute of Standards and Technologies (NIST); Panelists:
  Tony Tauber, Comcast; Rick Mayberry, Microsoft; John Scudder, Juniper Networks; Thomas KingHenk Steenman, AMS-IX; Greg Hankins, Nokia; Mark Kosters, ARIN; Arjun SreekantiahCisco; .
  Keyur Patel, Cisco; Matthias Wählisch, Freie Universitaet Berlin;

• Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
  Moderators:
  Sandra Murphy, Parsons, Inc.; Doug Montgomery, National Institute of Standards and Technologies (NIST); Panelists:
  Tony Tauber, Comcast; Rick Mayberry, Microsoft; John Scudder, Juniper Networks; Thomas KingHenk Steenman, AMS-IX; Greg Hankins, Nokia; Mark Kosters, ARIN; Arjun SreekantiahCisco; .
  Keyur Patel, Cisco; Matthias Wählisch, Freie Universitaet Berlin;

• Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
  Moderators:
  Sandra Murphy, Parsons, Inc.; Doug Montgomery, National Institute of Standards and Technologies (NIST); Panelists:
  Tony Tauber, Comcast; Rick Mayberry, Microsoft; John Scudder, Juniper Networks; Thomas KingHenk Steenman, AMS-IX; Greg Hankins, Nokia; Mark Kosters, ARIN; Arjun SreekantiahCisco; .
  Keyur Patel, Cisco; Matthias Wählisch, Freie Universitaet Berlin;

• Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
  Moderators:
  Sandra Murphy, Parsons, Inc.; Doug Montgomery, National Institute of Standards and Technologies (NIST); Panelists:
  Tony Tauber, Comcast; Rick Mayberry, Microsoft; John Scudder, Juniper Networks; Thomas KingHenk Steenman, AMS-IX; Greg Hankins, Nokia; Mark Kosters, ARIN; Arjun SreekantiahCisco; .
  Keyur Patel, Cisco; Matthias Wählisch, Freie Universitaet Berlin;

• Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
  Moderators:
  Sandra Murphy, Parsons, Inc.; Doug Montgomery, National Institute of Standards and Technologies (NIST); Panelists:
  Tony Tauber, Comcast; Rick Mayberry, Microsoft; John Scudder, Juniper Networks; Thomas KingHenk Steenman, AMS-IX; Greg Hankins, Nokia; Mark Kosters, ARIN; Arjun SreekantiahCisco; .
  Keyur Patel, Cisco; Matthias Wählisch, Freie Universitaet Berlin;

• Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
  Moderators:
  Sandra Murphy, Parsons, Inc.; Doug Montgomery, National Institute of Standards and Technologies (NIST); Panelists:
  Tony Tauber, Comcast; Rick Mayberry, Microsoft; John Scudder, Juniper Networks; Thomas KingHenk Steenman, AMS-IX; Greg Hankins, Nokia; Mark Kosters, ARIN; Arjun SreekantiahCisco; .
  Keyur Patel, Cisco; Matthias Wählisch, Freie Universitaet Berlin;

• DNS Track
  Speakers:
  edward lewisICANN; .
  Duane Wessels, Verisign; Kazunori FujiwaraJPRS; .
  Casey Deccio, Verisign Labs; Yacin Nadji.
  

• DNS Track
  Speakers:
  edward lewisICANN; .
  Duane Wessels, Verisign; Kazunori FujiwaraJPRS; .
  Casey Deccio, Verisign Labs; Yacin Nadji.
  

• DNS Track
  Speakers:
  edward lewisICANN; .
  Duane Wessels, Verisign; Kazunori FujiwaraJPRS; .
  Casey Deccio, Verisign Labs; Yacin Nadji.
  

• DNS Track
  Speakers:
  edward lewisICANN; .
  Duane Wessels, Verisign; Kazunori FujiwaraJPRS; .
  Casey Deccio, Verisign Labs; Yacin Nadji.
  

• DNS Track
  Speakers:
  edward lewisICANN; .
  Duane Wessels, Verisign; Kazunori FujiwaraJPRS; .
  Casey Deccio, Verisign Labs; Yacin Nadji.
  

• Security Track
  Speakers:
  John Kristoff, DePaul University; Christoph Dietzel.
  Ryan Haley.
  Jelena Mirkovic.
  

• DNSSEC Tutorial
  Speakers:
  Eddy Winstead, Internet Systems Consortium;

• Security Track
  Speakers:
  John Kristoff, DePaul University; Christoph Dietzel.
  Ryan Haley.
  Jelena Mirkovic.
  

• Security Track
  Speakers:
  John Kristoff, DePaul University; Christoph Dietzel.
  Ryan Haley.
  Jelena Mirkovic.
  

• Security Track
  Speakers:
  John Kristoff, DePaul University; Christoph Dietzel.
  Ryan Haley.
  Jelena Mirkovic.
  

• NANOG 67 Hackathon team PiCon
  Speakers:
  Brandon Bennett.
  

• Avoiding Nation-State Surveillance
  Speakers:
  Roya EnsafiNick Feamster.
  Annie Edmundson, Princeton University; Jennifer Rexford.
  

• Avoiding Nation-State Surveillance
  Speakers:
  Roya EnsafiNick Feamster.
  Annie Edmundson, Princeton University; Jennifer Rexford.
  

• Avoiding Nation-State Surveillance
  Speakers:
  Roya EnsafiNick Feamster.
  Annie Edmundson, Princeton University; Jennifer Rexford.
  

• Avoiding Nation-State Surveillance
  Speakers:
  Roya EnsafiNick Feamster.
  Annie Edmundson, Princeton University; Jennifer Rexford.
  

• Everyday practical BGP filtering
  Speakers:
  Job Snijders, NTT;

• Peering Security and Resiliency
  Speakers:
  Greg Hankins, Nokia; Job Snijders, NTT;

• Peering Security and Resiliency
  Speakers:
  Greg Hankins, Nokia; Job Snijders, NTT;

• DNS-based censorship: theory and measurements
  Speakers:
  Stphane Bortzmeyer, AFNIC;

• Blackholing at IXPs: On the Effectiveness of DDoS Mitigation in the Wild
  Speakers:
  Christoph Dietzel, DE-CIX / TU Berlin;

• TCP over IP Anycast - Pipe dream or Reality?
  Speakers:
  Shawn Zandi, LinkedIn; Ritesh Maheshwari, LinkedIn;

• TCP over IP Anycast - Pipe dream or Reality?
  Speakers:
  Shawn Zandi, LinkedIn; Ritesh Maheshwari, LinkedIn;

• Suffering Withdrawal; an automated approach to connectivity evaluation
  Speakers:
  Tim Hoffman, Twitter; Bruce McDougall, Cisco Systems; Nick Slabakov, Juniper Networks; Micah Croff, GitHub;

• Suffering Withdrawal; an automated approach to connectivity evaluation
  Speakers:
  Tim Hoffman, Twitter; Bruce McDougall, Cisco Systems; Nick Slabakov, Juniper Networks; Micah Croff, GitHub;

• Suffering Withdrawal; an automated approach to connectivity evaluation
  Speakers:
  Tim Hoffman, Twitter; Bruce McDougall, Cisco Systems; Nick Slabakov, Juniper Networks; Micah Croff, GitHub;

• Suffering Withdrawal; an automated approach to connectivity evaluation
  Speakers:
  Tim Hoffman, Twitter; Bruce McDougall, Cisco Systems; Nick Slabakov, Juniper Networks; Micah Croff, GitHub;

• Measurement based inter-domain traffic engineering
  Speakers:
  WENQIN SHAO, Telecom ParisTech;

• Utilizing Kea hook points for modern IP addressing
  Speakers:
  Eddy Winstead, Internet Systems Consortium;

• Ten Lessons From Telemetry
  Speakers:
  Shelly Cadora, Cisco Systems;

• Automating Maintenance Notifications
  Speakers:
  Erik Klavon, Box; Francisco HidalgoFacebook; .
  

• Automating Maintenance Notifications
  Speakers:
  Erik Klavon, Box; Francisco HidalgoFacebook; .
  

• Post IPv4 Depletion Trends
  Speakers:
  Leslie Nobile

• Experiences with network automation at Dyn
  Speakers:
  Carlos Vicente, Dyn Inc.;

• Closing Session
  Speakers:
  Betty Burke, NANOG;