[dns-operations] Route 53 Unexpected geo location behavior

2023-06-09 Thread Dan McCombs via dns-operations 
--- Begin Message ---
Hi everyone,

We've stumbled upon what seems like unexpected behavior with Route 53
returning answers based on IP geo location to our resolvers.

According to their documentation

:

> When a browser or other viewer uses a DNS resolver that does not support
> edns-client-subnet, Route 53 uses the source IP address of the DNS resolver
> to approximate the location of the user and responds to geolocation queries
> with the DNS record for the resolver's location.
>

But that doesn't seem to be the case. On a resolver with the address
64.227.108.32, if we query at an awsdns authoritative from 64.227.108.32
without edns client subnet, we get one set of answers:

> > dig -b 64.227.108.32 @ns-1339.awsdns-39.org
> doitb-synthetic.atlassian.net +short +nosubnet

104.192.142.20
> 104.192.142.19
> 104.192.142.18


But if we send the resolver's own same IP in edns-client-subnet, we get a
different set of answers:

> >  dig -b 64.227.108.32 @ns-1339.awsdns-39.org
> doitb-synthetic.atlassian.net +short +subnet=67.227.108.32/32

104.192.138.13
> 104.192.138.12


If it were using the resolver's source IP address to determine geolocation
when no edns-client-subnet is sent, I would expect the same answers as when
sending that address as the edns-client-subnet. What's going on here?

Our resolvers are co-located with our user's instances in the same
datacenters, so we don't configure our resolvers to send edns-client-subnet
since they're not geographically different (and in fact in the same IP
blocks). This is the first time we've had a user contact us about this, so
I'm not sure if something changed with Route 53 recently, if this is being
caused by configuration specific to the atlassian.net zone, or if somehow
we just haven't had users notice that they were being affected by this for
years.

Any insights would be appreciated,

-Dan


Dan McCombs
Senior Engineer I - DNS
dmcco...@digitalocean.com
--- End Message ---
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations

[dns-operations] OARC 41: Location reveal ; CfP deadline extended

2023-06-09 Thread Rebecca Petro 

Special announcement for OARC41 which will be held in Da Nang, Vietnam!

The Program Committee is extending the deadline for presentations to 
June 20th


OARC 41 will be a two-day hybrid meeting September 6th and 7th, 
co-located with the ICANN DNS Symposium and hosted by VNNIC.


Mark your calendars for the following events:

 *   A Day of DNS Abuse Discussions on Monday, September 4th, 2023
 * ICANN DNS Symposium on Tuesday, September 5th, 2023
 * DNS-OARC OARC 41 Workshop, September 6th and 7th, 2023

For more information, visit the OARC 41 page: 
https://www.dns-oarc.net/oarc41 
Don't miss this opportunity to share your expertise and contribute to 
the DNS community. Submit your presentation now!___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations

[dns-operations] Subject: OARC 41 - Call for Contribution -- deadline extension

2023-06-09 Thread Pallavi Aras via dns-operations 
--- Begin Message ---
Deadline for OARC 41 abstract submission is extended to June 20th, 23:59
UTC.

Please note that, we are looking for contributions and remote participation
is actively supported

*

OARC 41 will be a two-day hybrid meeting and the dates are *6th and 7th
September *to be co-located with the ICANN DNS Symposium in *Da Nang,
Vietnam.*

The Programme Committee is seeking contributions from the community.

All DNS-related subjects and suggestions for discussion topics are welcome.
For inspiration, we provide a non-exhaustive list of ideas:

   - Operations: Any operational gotchas, lessons learned from an outage,
   details/reasons for a recent outage (how to improve TTR, tooling).


   - Deployment: DNS config management and release process.


   - Monitoring: Log ingestion pipeline, analytics infrastructure, anomaly
   detection.


   - Scaling: DNS performance management and metrics. Increasing DNS Server
   Efficiency


   - Security/Privacy: DNSSEC signing and validation, key storage,
   rollovers, qname minimization, DoH/DoT


The presentations can be either 10 or 20 minutes in length (plus 5 minutes
for Q). Proposals for in-person lightning presentations will be opened at
the Workshop.

Workshop Milestones:

2023-04-16 Submissions open via Indico
*2023-06-20 Deadline for submission (23:59 UTC)*
2023-06-27 Preliminary list of contributions published
2023-07-11  Full agenda published
2023-08-08 Deadline for slideset submission and Rehearsal
2023-09-06 OARC 41 Workshop - Day1
2023-09-07 OARC 41 Workshop - Day2

The Registration page and details for presentation submission are published
at:


To allow the Programme Committee to make objective assessments of
submissions, so as to ensure the quality of the workshop, submissions
SHOULD include slides. Draft slides are acceptable on submission.
Example guidelines
for presentation slides: https://www.grammarly.com/blog/presentation-tips/

Additional information for speakers of OARC 41

   - your talk will be broadcast live and recorded for future reference


   - your presentation slides will be available for delegates and others to
   download and refer to, before, during and after the meeting


   - Remote speakers have mandatory rehearsal on 2023-08-08 at 14:00 UTC. It
   would be very useful to have your slides (even if draft) ready for this.


Note: DNS-OARC provides registration fee waivers for the workshop to
support those who are part of underrepresented groups to speak at and/or
attend DNS-OARC. More details will be provided when registration opens.

If you have questions or concerns you can contact the Programme Committee:
https://www.dns-oarc.net/oarc/programme
via submissi...@dns-oarc.net

*Pallavi Aras-Mathai, for the DNS-OARC Programme Committee*

OARC depends on sponsorship to fund its workshops and associated social
events. Please contact spon...@dns-oarc.net if your organization is
interested in becoming a sponsor.

(Please note that OARC is run on a non-profit basis, and is not in a
position to reimburse expenses or time for speakers at its meetings.)


-- 

Principal Software Engineer, Public DNS team | Salesforce
DNS-OARC Programme Committee Chair | DNS conference
--- End Message ---
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations