Materials and Schedule for Hackathon@2019
Sheraton Hotel Kampala, Victoria Room, 1st Floor,
Registration is now closed.
Champions: Charles Eckel (from US - Cisco, firstname.lastname@example.org)
At hackathon we will:
(Optional) Self paced online training modules available on Cisco DevNet
Join Webex Team Space for Network Programmability: https://eurl.io/#S1NEG4VkS
Champions: Prof. Nabil Benamar (From Morocco - School of Technology Meknes, University of Moulay Ismail)
The main goal of this track is to see how IPv6 will work in vehicular environment, namely through the IEEE802.11-OCB frame (OCB, earlier “802.11p”).
Champions: Willem Toorop - (NLNET Labs) - Jasper den Hartog - (RIPE NCC)
Encryption everywhere. It’s an initiative in the technical community that started as a reaction to Edward Snowden’s revelations about the NSA’s widespread surveillance and pervasive monitoring. All of these efforts are aimed at protecting the complete path between the user and the service. This means authentication and encryption should start at the edge of the network, with the end user. As just about any interaction on the Internet starts out with a query for a domain name, it puts the DNS at the core of achieving this ultimate goal.
The IETF has developed two methods for providing privacy for DNS:
Mozilla recently announced that they have implemented DNS over HTTPS in Firefox and would like to deploy it by default for their users (Mozilla announcement). They intend to select a set of Trusted Recursive Resolvers (TRRs) that will be used for DoH resolution. Requirements for TRRs are published here. Currently there is a single TRR in Firefox: Cloudfare's 18.104.22.168.
Within this hackathon track we will address the following questions:
To address the question of performance and latency we will utilize RIPE Atlas, a global, open, distributed Internet measurement platform, consisting of thousands of measurement devices that measure Internet connectivity in real time. We will do measurements from RIPE Atlas probes in the Africa region to measure the latency from them to the cloud provided DNS services and compare that to the network provided resolver.
The density of RIPE Atlas probes in the Africa region is still quite low (see https://atlas.ripe.net/results/maps/density/ ), which we can hopefully improve a little during the hackathon by handing out RIPE Atlas probes for people to connect in their own network.
During the Internet Measurement Workshop this weekend we scheduled i.root-servers.net A query measurement to:
To determine if DNS is hijacked:
whoami.akamai.net Ato 22.214.171.124
Tools for “advanced” scheduling of RIPE Atlas measurements
A considered measurement has to take along the deployment properties of the network provided resolvers we are comparing with. Are they optimally close to the probes? The IXP Country Jedi is a project that shows if the Internet traffic paths within a country stay within that country. As an example, here are the IXP Country Jedi results for South Africa: http://sg-pub.ripe.net/emile/ixp-country-jedi/latest/ZA/ixpcountry/index.html The Resolver Jedi will build upon this idea and show if the DHCP configured resolver on Atlas Probes are within the same country and also the path towards that resolver.
For performance and or political reasons it can be desirable to run your own DoH server. This can be done in different ways. For example DoH on the same server that runs an website might provide better privacy properties.
For optimum performance we also have to consider:
Investigate and create instructions for setting up a DNS over HTTPS (DoH) service. Either shared with a regular website and/or offering it as a standalone resolver service.
Try to get a client setup and working:
Test if it is working:
Setup server software on a VM on the NUC:
Providing unhinderable undetectable DNS service is one of major motivations behind DoH, but there is the other use case: providing full DNS access to web applications. Regular DoH (as defined in RFC8484) delivers DNS messages in “wire” format with media type `application/dns-message`, which is impracticable for web applications to manage.
There is another media type (`application/dns+json`) defined in RFC8427 which delivers DNS messages in a new web applications friendly “JSON” format.
Champions: Loganaden Velvindron (AFRINIC) & Jeremie Daniel (University of Mauritius and cyberstorm.mu)
Requirements: laptop with latest ubuntu with latest wireshark.
Champions: Fred Baker and Stephen Honlue (AFRINIC)
Wednesday, June 19th 08:00: Room opens 09:00: Introduction and Opening 10:00: Teams break out. Led by project champions. 10.30: Break 12:30: Lunch Break 15:30: Afternoon break 18:00: End of Day 1 Thursday, June 20th 08:30: Room opens and Teams break out. Led by project champions. 12:30: Lunch Break 16:00: Hackathon ends 17:00: Tear down complete - End of Day 2
To see the 2017 Hackathon click here: https://hackathon.internetsummitafrica.org/doku.php?id=hackathon2017
To see the 2018 Hackathon click here: https://hackathon.internetsummitafrica.org/doku.php?id=hackathon2018