Research ARC - AFRINIC - Regional Internet Registry for Africa

Research ARC

EDNS Compliance in African networks (Internship@AFRINIC)

: Last Modified on - 27 February 2023

After February 1st 2019 major public DNS resolver operators listed below will disable workarounds for standards non-compliance. This change will affect domains hosted on authoritative servers which do not comply either with original DNS standard from 1987 (RFC1035) or the newer EDNS standards from 1999 (RFC2671 and RFC6891). Non-compliant domains may become unreachable through these services.

AFRINIC has a list of reverse domains for prefixes delegated to members which are publicly accessible: http://ftp.afrinic.net/pub/zones.

AFRINIC also provides secondary DNS services to ccTLDs in Africa (30 ccTLDs) and maintain secondary DNS services for around 150 zones.

AFRINIC would like to run EDNS compliance tests on all reverse domains and domains from ccTLDs in Africa. The results will be reported on a dashboard or via the WIDER platform. More information can be found here: https://dnsflagday.net

Keywords: DNS, EDNS, data visualization

Number of Students/Interns required	Duration
1	3-6 months
Key deliverables	Skills required
Survey of EDNS non-compliant domains from AFRINIC reverse DNS and secondary DNS zones Data characterisation and visualization Data API	Bash scripting Databases (MySQL, PostgreSQL) Web development (Python/Django, Php, Angular.js, etc)

DNS Open Resolvers in African networks (Internship@AFRINIC)

: Last Modified on - 30 October 2019

Public DNS (PDNS) Open resolvers are used by networks operators to resolve domain names. Examples of public open DNS resolvers are (Cloudflare 1.1.1.1, Google 8.8.8.8, IBM 9.9.9.9, etc). Those PDNS are anycast servers and are generally protected against DDOS attacks, but other openly accessible DNS resolvers (usually hosted by network operators) are considered to be a serious security threat as they can be used to launch massive DDOS attacks. The best practice is not to operate an Open DNS resolver unless you are a PDNS with the required level of security.

This project is about unveiling the current open DNS resolvers in the AFRINIC IP space (both IPv4 and IPv6) and visualize them on a map. This project involves running measurements to detect open resolvers, maintain a database and develop a front-end to visualize the results.

Keywords: DNS, open resolvers, DDOS

Number of Students/Interns required	Duration
1	3-6 months
Key deliverables	Skills required
Survey of African networks and detection of DNS Open resolvers (IPv4 and IPv6) Visualisation of DNS open resolvers on a map, with details on each resolver Development of an API to facilitate retrieval of data	Bash scripting Databases (MySQL, PostgreSQL) Web development (Python/Django, Php, Angular.js, etc)