RIPE 91 Daily Meeting Blog - Friday

After a very successful RIPE Dinner, it was pretty impressive that at least 100 attendees showed up at 9:30am to hear about DNS and NTP.

We started off with a cheerful story about the dire state of IoT DNS security. Billions of devices are up and about day and night performing a deluge of DNS requests. Until they get too exhausted and run out of battery, that is. On a more positive note, an IoT DNS Security and Private Guideline best current practice draft has been submitted to the IETF to help solve the many pitfalls identified there.

Next up, Shane Kerr was happy to be wedged in by two other DNS presentations to talk about IPv4 and IPv6 for Authoritative DNS. He asked whether it’s time to run IPv6-only authoritative servers because the results are almost as good as IPv4 only. BUT it might be because RIPE Atlas users are really more likely to have working IPv6.

Marc van der Wal, Afnic, then talked about how IBDNS, the Intentionally Broken DNS Server, can help to unbreak DNS implementations and testing tools. And in the true spirit of the Internet, a cat was adopted by the project. This being DNS, it was a static image and not a video.

Dave Phelan’s cat-featuring slides share a story about NTP. The other favourite tool for amplification attacks which is made readily available for abuse.

So, please people, fix your networks! And while you’re at it, take a look at DNS and SNMP as well…

Closing Plenary

Alas, all good things must come to an end. But at least we have space for a few more talks before they do!

The closing plenary kicked off with Maynard Koch (TU Dresden) who presented on the misuse potential in DNS amplification attacks. He highlighted how “transparent forwarders”, which are DNS devices that relay queries without rewriting source IPs, pose a serious amplification risk since they enable attackers to launch high-volume reflection attacks without a botnet, bypassing typical rate-limits and firewall protections by abusing global anycast resolvers.

Next up were three lightning talks:

Valerie Aurora (Bow Shock Systems Consulting) gave an update on her work to establish a local Internet resiliency club. Now with around 20 members, this has been gathering steam and they are now working to build a LoRa mesh network for communications in outage scenarios. They have been partnering with local institutions and have secured some initial funding to get started. The key is to network and ask for help!

Stephen Suess (RIPE NCC) presented on Khipu, which he developed to visualise RIPE Atlas traceroutes. Named after the Incan knot-system, Khipu lets people explore measurements via radial or horizontal views, filter by RTT, ASN, country or probe, and zoom into hop-level data with hover-popups and shareable links through a smooth interactive interface.

Eric van Uden (FRITZ!) introduced the TR‑471 standard, which is a UDP-based measurement method for accurately proving broadband performance in line with modern regulatory demands. He explained how TR-471 overcomes limitations of previous TCP tests (like TR-143), supports high-speed links (XGS-PON and above), and can be integrated via TR‑069 / TR‑369-enabled gateways to provide transparent “proof of linkspeed” for ISPs and regulators alike.

Next up Franziska Lichtblau gave a report from the Code of Condcut Team. Since RIPE 90 there have been four reports concerning two incidents, one of which has been resolved (someone was banned from the mailing lists for three months due to insulting communication) and the other incident was still ongoing. A further report had been made during the meeting and they were in contact with both parties to follow-up. A big thanks to the team for helping to keep our meetings a safe and inclusive environment, and a reminder to any attendees that you can always report unwanted behaviour using this online form and maybe think about volunteering to join the team sometime.

Sjoerd Oostdijck (RIPE NCC) gave the report from our tech team who arrive early and work tirelessly to make sure that attendees have access to good wifi in the bathrooms and other necessities for the duration of the meeting week. With RIPE 71 having been held at the same venue, it was interesting to think about what a difference a decade makes.

Mirjam Kühne - now officially RIPE Chair again! Stepped up the mic to officially close the meeting. She shared attendee stats and gave her thanks to everyone who helped make RIPE 91 such a success! She thanked InterLAN-IX for being excellent hosts and gave us some updates of the latest comings and goings in the RIPE community.

Willem Toorop (DNS), Nico Schottelius (IPv6) and Rob Evans (RIPE NCC Services) were thanked for their work as outgoing chairs and incoming Chairs included Ulrich Wisser (DNS), Wolfgang Tremmel (IPv6), Rob Evans, (RIPE NCC Services). Outgoing PC members Franziska Lichtblau and Valerie Aurora were also thanked and incoming PC Members Annika Hannig and Matt Parker were welcomed.

Linda Shannon from the RIPE 92 local host, then stepped up to say a few words about what we can look forward to in Edinburgh (including a note that kilts were highly encouraged).