Presentation is loading. Please wait.

Presentation is loading. Please wait.

SaudiNIC Experience in Deploying DNSSec AbdulRahman Al-Ghadir SaudiNIC - CITC MENOG 16.

Published byDerick Greer Modified over 7 years ago

Similar presentations

Presentation on theme: "SaudiNIC Experience in Deploying DNSSec AbdulRahman Al-Ghadir SaudiNIC - CITC MENOG 16."— Presentation transcript:

1 SaudiNIC Experience in Deploying DNSSec AbdulRahman Al-Ghadir SaudiNIC - CITC MENOG 16

2 The Start SaudiNIC was observing the growth of DNSSec development till it got mature. SaudiNIC staff conducted a study that consist of: – What is DNSSEC? – In depth study of some pioneer DNSSEC implementations: Netherland New Zealand – A road map for DNSSEC deployment by SaudiNIC

3 Road Map Start of the project Creating startup team DPS draft SaudiNIC DNSSec procedures SaudiNIC DNSSec setup DNSSec workshop Building test lab Enabling DNSSec on.Alsaudiah (IDNA) Enabling DNSSec on.SA Open DNSSec for public End of the project

4 Creating DNSSEC Startup Team Read … read … read – DNSSEC RFCs – Best practices – Guidelines – Technical implementation – Presentations and reports Continuous meetings and brainstorming sessions Test … test … test

5 DPS Draft Review several RFC(s) related. Review some registries’ DPSs: –.ca Canada –.au Australia –.nz New Zealand –.at Austria –.com –.cl chili – … etc

6 DPS Draft

7 SaudiNIC DNSSec Procedures

8 DNSSEC Keys Generation Ceremony DNSSEC Keys Installation Procedure DNSSEC Emergency Keys Installation Procedure DNSSEC New Safe Arrangement Procedure DNSSEC Safe Content Transfer Procedure SaudiNIC DNSSec Procedures

9 SaudiNIC DNSSec Setup

10 DNSSEC Credential Matrix

11 DNSSec Key Management Risks

12 Keys Setting The zone is signed using pair of keys: – Key Signing Key (KSK): RSA/SHA2 Rollover every 1 year Key size is 2KB Key rollover algorithm is Double signature – Zone Signing Key (ZSK): RSA/SHA2 Rollover every 6 months Key size is 2KB Key rollover algorithm is Pre-publish

13 Building a Test Lab A virtual setup identical to the actual DNSSec setup. Hands-on on DNSSec to test it out. Selection of HW/SW for DNSSec systems that meet our need. Validate key generation, signing, key rollover, … etc.

14 Challenges So many documents to read and digest related to DNSSec (RFCs, best practices, … etc). Rollover techniques (key rollover and algorithm rollover). So many parameters to tune them (RRSIG inception and expiration, jitter, Max/Min TTL, … etc). Easy to break!

15 What is Next? Enabling DNSSec on.Alsaudiah (IDNA). Monitor and keep track on what is going on. Allow a closed access to certain clients. Monitor and keep track on what is going on. Enabling DNSSec on.SA. Monitor, Monitor, Monitor … etc. Done!

16 Thank you!

Download ppt "SaudiNIC Experience in Deploying DNSSec AbdulRahman Al-Ghadir SaudiNIC - CITC MENOG 16."

Similar presentations

© 2006-2012 NLnet Labs, Licensed under a Creative Commons Attribution 3.0 Unported License.Creative Commons Attribution 3.0 Unported License DNSSEC ROLLING.

© NLnet Labs, Licensed under a Creative Commons Attribution 3.0 Unported License.Creative Commons Attribution 3.0 Unported License DNSSEC ROLLING.
DNS Transfers in DNSSEC world Olafur Gudmundsson Steve Crocker Shinkuro, Inc.

DNS Transfers in DNSSEC world Olafur Gudmundsson Steve Crocker Shinkuro, Inc.
Secure Systems Research Group - FAU Process Standards (and Process Improvement)

Secure Systems Research Group - FAU Process Standards (and Process Improvement)
Deploying DNSSEC in Windows Server 2012 David Cates Platform Services Group Microsoft Corporation.

Deploying DNSSEC in Windows Server 2012 David Cates Platform Services Group Microsoft Corporation.
Securing the Government’s DNS Infrastructure with DNSSEC

Securing the Government’s DNS Infrastructure with DNSSEC
<<replace with Customer Logo>>

<<replace with Customer Logo>>
DNSSEC Brought to you by ISC-BIND, SUNYCT, and: Nick Merante – SUNYIT Comp Sci SysAdmin Nick Gasparovich – SUNYIT Campus SysAdmin Paul Brennan – SUNYIT.

DNSSEC Brought to you by ISC-BIND, SUNYCT, and: Nick Merante – SUNYIT Comp Sci SysAdmin Nick Gasparovich – SUNYIT Campus SysAdmin Paul Brennan – SUNYIT.
DNSSEC Sample Implementation MENOG 10 Workshop 22 April 2012, Dubai

DNSSEC Sample Implementation MENOG 10 Workshop 22 April 2012, Dubai
Workshop on Flowcharts Presented by: Larry Parker, BSMT (ASCP), MHSA, ASQ CQA American Society for Quality Central Arkansas Section 1407.

Workshop on Flowcharts Presented by: Larry Parker, BSMT (ASCP), MHSA, ASQ CQA American Society for Quality Central Arkansas Section 1407.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
1.ORG DNSSEC Testbed Deployment Edmon Chung Creative Director Afilias Perth, AU 2 March, 2006.

1.ORG DNSSEC Testbed Deployment Edmon Chung Creative Director Afilias Perth, AU 2 March, 2006.
1 SecSpider: Distributed DNSSEC Monitoring Eric Osterweil Michael Ryan Dan Massey Lixia Zhang.

1 SecSpider: Distributed DNSSEC Monitoring Eric Osterweil Michael Ryan Dan Massey Lixia Zhang.
1 The State and Challenges of the DNSSEC Deployment Eric Osterweil Michael Ryan Dan Massey Lixia Zhang.

1 The State and Challenges of the DNSSEC Deployment Eric Osterweil Michael Ryan Dan Massey Lixia Zhang.
Lecture-33 DWH Implementation: Goal Driven Approach (1)

Lecture-33 DWH Implementation: Goal Driven Approach (1)
IS&T Project Management: Project Management 101 June, 2006.

IS&T Project Management: Project Management 101 June, 2006.
Short Course on Introduction to Meteorological Instrumentation and Observations Techniques QA and QC Procedures Short Course on Introduction to Meteorological.

Short Course on Introduction to Meteorological Instrumentation and Observations Techniques QA and QC Procedures Short Course on Introduction to Meteorological.
Domain Name System Security Extensions (DNSSEC) Hackers 2.

Domain Name System Security Extensions (DNSSEC) Hackers 2.
Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.

Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.
Deploying DNSSEC in Windows Server 2012 Rob Kuehfus Program Manager Microsoft Corporation WSV325.

Deploying DNSSEC in Windows Server 2012 Rob Kuehfus Program Manager Microsoft Corporation WSV325.
> Blueprint Kickoff >. Introductions Customer Vision & Success Criteria Apigee Accelerator Overview Blueprint Schedule Roles & Responsibilities Communications.

> Blueprint Kickoff >. Introductions Customer Vision & Success Criteria Apigee Accelerator Overview Blueprint Schedule Roles & Responsibilities Communications.

Similar presentations

Ads by Google