Presentation is loading. Please wait.

Presentation is loading. Please wait.

DNS/DNSSEC/DPRIV E IETF 96 Hackathon Problem Solved – DNS security and privacy enhancements and interoperabilty Method of Solution – multiple user stories,

Published bySabrina Montgomery Modified over 7 years ago

Similar presentations

Presentation on theme: "DNS/DNSSEC/DPRIV E IETF 96 Hackathon Problem Solved – DNS security and privacy enhancements and interoperabilty Method of Solution – multiple user stories,"— Presentation transcript:

1 DNS/DNSSEC/DPRIV E IETF 96 Hackathon Problem Solved – DNS security and privacy enhancements and interoperabilty Method of Solution – multiple user stories, multiple open source prototypes

2 Highlight 1: DNSSEC Transparency Like Certificate Transparency, but with DS posts instead of X.509 draft-zhang-trans-ct-dnssec Server running as of 5AM (see Linus’ tweet) Client is talking to the server (Go and Miek’s DNS library) Server is Erlang with getdns Linus, Daniel & MC

3 Highlight 2: DNS64 A v6-only endpoint now has support for DNS64 Addressing issues identified by Jen Linkova (Google) presentation at RIPE 72 Coming soon: test this from getdnsapi.net/query.html Identified several high-profile DNSSEC-signed sites from Alexa 1M that do not support IPv6 (including mail.com)

4

5 Highlight 3: Universal Access reviews getdns: Good support but not 100% compliant yet (solution identified for next release) systemd-resolved service hmm.. first experiments with D-Bus interface show it doesn’t work, even though is documented that it should..needs investigation

6 Team Participants John Dickinson, SINODUN Sara Dickinson, SINODUN Daniel Kahn Gillmore, ACLU Jim Hague, SINODUN Shumon Huque, Verisign Shane Kerr, BII Rick Lamb, ICANN Ed Lewis, ICANN David Lawrence, Akamai Jerry Lundström, OARC Allison Mankin, Salesforce Linus Nordberg, NORDUnet Joel Purra, Consultant Benno Overeinder, NLnet Labs Melinda Shore, No Mountain Andrew Sullivan, DYN Ondřej Surý, CZ.NIC Willem Toorop, NLNet Labs Paul Wouters, Red Hat Mohammad Hassan Zahraee, University of Paderborn Daniel & MC, Netno GREEN – first Hackathon, new to IETF Daniel & MC, Netnod

7 Project List Continued work on dnssec-chain-query in BIND Full implementation (Javascript) of Shane’s dns-http draft Implementation of draft-pauly-ipsecme-split-dns, will interop with Apple implementation this week Python module for query triggering the IPSEC tunnel Implementation of DNS64 in getdns Multiple getdns bindings (Perl, Python updates, node.js, Go) Universal Access reviews RFC 7858 (DNS-over-TLS) engineering and interop (getdns, Unbound, Knot) Review and re-design of getdns Universal Access functions Soft HSM

8 More Highlights (not presented)

9 getdns Bindings More work on node.js and Python Perl bindings started here and almost finished! Go binding started…basics are working! Also, start of native Go implementation of the getdns API functions

10 Perl Bindings for getdns Net::GetDNS 0.01 released Contains Net::GetDNS::XS with >70% implemented getdns interfaces Async lookups to anonymous Perl sub’s works https://github.com/DNS-OARC/p5-Net-GetDNS

11 Go Bindings for getdns Go wrapper in the style of Python Why? Way quicker solution to produce than native implementation (with a performance hit?) Basic queries working, output from getdns response dict in Go Lists and Maps will be available here: https://portal.sinodun.com/stash Relative Go newbie managed this during Hackathon!

12 DNS-over-TLS Security work on better socket privilege management in debian for DNS-over-TLS servers Knot resolver DNS-over-TLS support almost ready for merge into main code kdig tool is getting DNS-over-TLS added as we speak

Download ppt "DNS/DNSSEC/DPRIV E IETF 96 Hackathon Problem Solved – DNS security and privacy enhancements and interoperabilty Method of Solution – multiple user stories,"

Similar presentations

12 October 2011 Andrew Brown IMu Technology EMu Global Users Group 12 October 2011 IMu Technology.

12 October 2011 Andrew Brown IMu Technology EMu Global Users Group 12 October 2011 IMu Technology.
Copyright Hub Software Engineering Ltd 2010All rights reserved Hub Workflow Product Overview.

Copyright Hub Software Engineering Ltd 2010All rights reserved Hub Workflow Product Overview.
Copyright Hub Software Engineering Ltd 2010All rights reserved Hub Document Manager Product Overview.

Copyright Hub Software Engineering Ltd 2010All rights reserved Hub Document Manager Product Overview.
Martin Winter & Ondrej Filip RIPE 68, Wed May 14, 2014 09:00-10:30.

Martin Winter & Ondrej Filip RIPE 68, Wed May 14, :00-10:30.
State of DNS Security Extensions Edward Lewis February 26, 2001 APRICOT 2001 Panel.

State of DNS Security Extensions Edward Lewis February 26, 2001 APRICOT 2001 Panel.
Project Implementation for COSC 5050 Distributed Database Applications Lab1.

Project Implementation for COSC 5050 Distributed Database Applications Lab1.
Host Identity Protocol

Host Identity Protocol
Olaf M. Kolkman. Apricot 2003, February 2003, Amsterdam. /disi Steps towards a secured DNS Olaf M. Kolkman, Henk Uijterwaal, Daniel.

Olaf M. Kolkman. Apricot 2003, February 2003, Amsterdam. /disi Steps towards a secured DNS Olaf M. Kolkman, Henk Uijterwaal, Daniel.
Data You Can Trust: The Key to Information Security Dr. Burt Kaliski, Jr. Senior Vice President and CTO, Verisign 25 th HP Information Security Colloquium.

Data You Can Trust: The Key to Information Security Dr. Burt Kaliski, Jr. Senior Vice President and CTO, Verisign 25 th HP Information Security Colloquium.
- The Event Intelligence Platform Smarter Events for Exhibitors, Organizers & Attendees Making the most out of Zerista Company Confidential – Do Not Reproduce.

- The Event Intelligence Platform Smarter Events for Exhibitors, Organizers & Attendees Making the most out of Zerista Company Confidential – Do Not Reproduce.
1 A Common API for Transparent Hybrid Multicast (draft-waehlisch-sam-common-api-04) Matthias Wählisch, Thomas C. Schmidt Stig Venaas {waehlisch,

1 A Common API for Transparent Hybrid Multicast (draft-waehlisch-sam-common-api-04) Matthias Wählisch, Thomas C. Schmidt Stig Venaas {waehlisch,
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Design Extensions to Google+ CS6204 Privacy and Security.

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Design Extensions to Google+ CS6204 Privacy and Security.
DIRAC Web User Interface A.Casajus (Universitat de Barcelona) M.Sapunov (CPPM Marseille) On behalf of the LHCb DIRAC Team.

DIRAC Web User Interface A.Casajus (Universitat de Barcelona) M.Sapunov (CPPM Marseille) On behalf of the LHCb DIRAC Team.
Project Proposal: CTS2 SDK Presentation to OHT Steering Committee.

Project Proposal: CTS2 SDK Presentation to OHT Steering Committee.
Database Update Kaveh Ranjbar Database Department Manager, RIPE NCC.

Database Update Kaveh Ranjbar Database Department Manager, RIPE NCC.
Software for the SAM RG Community IETF 83 Thomas Schmidt

Software for the SAM RG Community IETF 83 Thomas Schmidt
Root Zone KSK: The Road Ahead Edward Lewis | DNS-OARC & RIPE DNSWG | May 2015

Root Zone KSK: The Road Ahead Edward Lewis | DNS-OARC & RIPE DNSWG | May 2015
FP6−2004−Infrastructures−6-SSA-026634 IPv6 in the EGEE Related Projects: the EUChinaGRID experience Gabriella Paolini – GARR.

FP6−2004−Infrastructures−6-SSA IPv6 in the EGEE Related Projects: the EUChinaGRID experience Gabriella Paolini – GARR.
12015-11-11 BTW ”If you go, my advice to you” - Distributed Software Development.

BTW ”If you go, my advice to you” - Distributed Software Development.
Joint Techs, Albuquerque Feb 2006 © 8 Feb 2006 Stichting NLnet Labs DNS Risks, DNSSEC Olaf M. Kolkman and Allison Mankin

Joint Techs, Albuquerque Feb © 8 Feb 2006 Stichting NLnet Labs DNS Risks, DNSSEC Olaf M. Kolkman and Allison Mankin

Similar presentations

Ads by Google