DNSSEC Tutorial: Status “Today”

Slides:

Advertisements

Similar presentations

IANA Update LACNIC XV, Canún May Agenda 2 DNSSEC RZM automation NOI Business Excellence.

Advertisements

IDN TLD Variants Implementation Guideline draft-yao-dnsop-idntld-implementation-01.txt Yao Jiankang.

CcTLD Management, ICANN, and the Public Interest July 26, 2001.

ICANN Update ARIN VIII Miami, USA 28 October, 2001 Andrew McLaughlin.

CcTLD Workshop - Jordon 26th -29th Nov, 2007 LIBYA Telecom & Technology GPTC General Post & Telecommunications company Husam Abolhol Adel Elfezani.

ICANN’s Preparedness for Signing the Root September 24, 2008 DNS OARC Meeting, Ottawa, CA

Internet Organizations: A study in political science Fred Baker Chair, ISOC Cisco Fellow.

IANA Status Update ARIN XXVI meeting, Atlanta Barbara Roseman October 2010.

IANA Update APNIC 31, Hong Kong February Agenda 2 Addressing DNSSEC Root management Continuity Exercise Business Excellence.

Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.

1 DNSSEC BoF Internet2 Member Meeting October 15th, 2008 Noon, Napoleon A2

© Afilias Limitedwww.afilias.info SM Challenges of Deploying DNSSEC: Prepare your ccTLD with Secondary DNS services LACNIC Meeting May 2010 Presented by:

1 The State and Challenges of the DNSSEC Deployment Eric Osterweil Michael Ryan Dan Massey Lixia Zhang.

Inter-Root: A New Self-Governed Architecture for DNS Root Zone Resolution Binxing Fang Xiaohua Chen June,

DNS Security Extensions (DNSSEC) Ryan Dearing. Topics History What is DNS? DNS Stats Security DNSSEC DNSSEC Validation Deployment.

Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.

IANA Activities Update RIPE 68 Warsaw, Poland May 2014.

Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.

CSUF Chapter 6 1. Computer Networks: Domain Name System 2.

Security for the Internet’s Domain Name System DNSSEC Current State of Deployment Prepared for Internet2 BoF Amy Friedlander, Shinkuro, Inc. Based on a.

1 DNSSEC for the.edu Domain Becky Granger Director, Information Technology and Member Services EDUCAUSE April 29, 2010.

Who are we? APTLD (Asia Pacific Top Level Domain Association) is an organization for ccTLD (country-code Top Level Domain) registries in Asia Pacific.

IANA Department Activities, RIPE 66, Dublin, Ireland May 2013 Elise Gerich.

Andreas Steffen, , 12-DNSSEC.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications.

Registration of IDN Language Tables John L. Crain Bangkok, CcTLD Training 2004 John L. Crain Bangkok, CcTLD Training 2004.

Rev Mats Dufberg TeliaSonera, Sweden Resolving DNSsec.

© 2015 ISC November 2013 Sunset for the DLV?. © 2015 ISC Background (c) Interested

Internet Corporation for Assigned Names & Numbers Update on ITAR Elise Gerich Vice President, IANA.

Dedicated to preserving the central coordinating functions of the global Internet for the public good. John L. Crain, Chief Technical Officer, ICANN

Root Zone KSK: The Road Ahead Edward Lewis | DNS-OARC & RIPE DNSWG | May 2015

Phil Regnauld Hervey Allen 15 June 2009 Papeete, French Polynesia DNSSEC Tutorial: Bibliography.

Mar 3, 2006APNIC 21 Meeting -- Perth, AU1 IANA Status Report David Conrad, ICANN IANA General Manager.

Update on ICANN Carthage (5th Annual Meeting) Ching Chiao APTLD Secretariat

© 2015 ISC November 2013 Sunset for the DLV?. © 2015 ISC Background (c) Interested

Objectives To promote skills development and information exchange related to Internet domain names amongst members To provide a forum to discuss policy.

OARC TAR Panel. La Brea Tar Pit What was originally intended to expedite the roll-out of DNSSEC seems to be bogging it down instead People who read press.

ICANN update APTLD Meeting Moscow, Russia Veni Markovski ICANN 21 June 2012.

Root Zone KSK Maintenance Jaap Akkerhuis | ENOG -10 | October 2015.

Root Zone KSK: After 5 years Elise Gerich | APNIC 40 | September 2015.

Zone Transfers Summary of CENTR Position Kim Davies ICANN Shanghai 27 October 2002.

Papeete, French Polynesia

Hervey Allen Phil Regnauld 15 June 2009 Papeete, French Polynesia DNSSEC Tutorial: Public / Private.

Deploying DNSSEC. Pulling yourself up by your bootstraps João Damas ISC.

Phil Regnauld Hervey Allen 15 June 2009 Papeete, French Polynesia DNSSEC Tutorial: Status “Today”

APTLD MEETING Manila 23 – 24 February ccTLD Role in Its Community RFC 1591 Introduction  Foresaw a few TLDs (edu, com, net, org, gov, etc.) and.

Rolling the Root Zone DNSSEC Key Signing Key

Getting started with ICANN

IANA FUNCTIONS STEWARDSHIP TRANSITION

Discussion of pti survey

Internationalized Domain Names

DNS Security Advanced Network Security Peter Reiher August, 2014

Summary of the « New gTLD Program Safeguards » context before the Statistical Analysis of DNS Abuse in gTLD Farell FOLLY, Africa 2.0 Foundation .

State of DNSSEC deployment ISOC Advisory Council

Introduction to PTI Elise Gerich | ICANN 57 | November 2016.

ICAO ACP WG-I – Nov 2009 Industry Activity Update

A quick review of DNSSEC Validation in today’s Internet

ccNSO Guidelines – Rejection Actions and Approval Actions

CWG-Stewardship Update

IDN Variant TLDs Program Update

ICANN62 GAC Capacity Building

DNSSEC: An Update on Global Activities

موضوعات عالمية جديدة فى مجال الملكية الفكرية

Christopher Wilkinson Head, GAC Secretariat

ICANN/IANA Update at APNIC 29

ICANN Bucharest Report to GAC 25 June 2002 Stuart Lynn President & CEO.

DNSSEC & KSK Rollover Patrick Jones Middle East DNS Forum & APTLD 75

Save Vocea Regional Relations Manager August 2009

DNS Security The Domain Name Service (DNS) translates human-readable names to IP addresses E.g., thesiger.cs.ucla.edu translates to DNS.

DNS Security The Domain Name Service (DNS) translates human-readable names to IP addresses E.g., thesiger.cs.ucla.edu translates to DNS.

Sarmad Hussain Internationalized Domain Names (IDN) Programs Director

Presentation transcript:

DNSSEC Tutorial: Status “Today” f Phil Regnauld Hervey Allen 15 June 2009 Papeete, French Polynesia http://nsrc.org/workshops/2009/pacnog5/dnssec/

DNSSEC: Current Status Who's signed their zones? .bg (Bulgaria) .br (Brazil) .com (“by 2011” according to Verisign) .cz (Czech Republic) .gov .museum .org (signed 2 June 2009) .pr (Puerto Rico) .se (Sweden) Serveral IDN-based TLDs https://itar.iana.org/

DNSSEC: Current Status cont. Who's signed their zones? Anyone else? Lots of second-level domains (.org.br, etc.). Islands of trust. Their trust anchors are their TLD (if signed), else a DLV, other signed zone, etc...

DNSSEC: Current Status US Government NOI The US Government's National Telecommunications and Information Administration (NTIA) asked for Public Comments Regarding the Deployment of DNSSEC (i.e. signing the root!): http://www.ntia.doc.gov/DNS/dnssec.html Press release went out 9 October 2008 with comments due by 24 November 2008. See the "NOI Supporting Material” section for the various DNSSEC proposals under consideration. Read the comments. Interesting and from many parties, including many “Internet and DNSSEC Celebrities”. By November 24, there were 55 comments (many very long) received. Was “under consideration” by the US Government.

DNSSEC: Signing the Root 3 June 2009: Press releases by ICANN and NIST stating that the U.S. Department of Commerce, ICANN and VeriSign agreed to work together to sign the root by the end of 2009: http://www.icann.org/en/announcements/announcement-2-03jun09- en.htm http://www.nist.gov/public_affairs/releases/dnssec_060309.html

DNSSEC Status Conclusion Multiple methods currently available to use DNSSEC, but nothing is optimal until the root (.) is signed. TLDs can use IANA's ITAR. Second-Level domains can use their ccTLD, if signed, or ISC's DLV, or other trust anchors. Kaminsky exploit makes DNSSEC deployment inevitable... Critical...