Security for the Internet’s Domain Name System DNSSEC Current State of Deployment Prepared for Internet2 BoF Amy Friedlander, Shinkuro, Inc. Based on a.

Slides:

Advertisements

Similar presentations

Olaf M. Kolkman. APNIC, 6 February 2014, Bangkok. DNSSEC and in-addr an update Olaf M. Kolkman

Advertisements

Introduction to ARIN and the Internet Registry System.

The ICANN Experiment ISOC-Israel 13-March-2000 Andrew McLaughlin.

.gy ccTLD.gy ccTLD Managed by the University of Guyana, on behalf of the Government of Guyana and ICANN.

Update on ccTLD Agreements Montevideo 9 September, 2001 Andrew McLaughlin.

Managing IP addresses for your private clouds 2013 ASEAN CAS Summit Bangkok, Thailand 7 February 2013 George Kuo Member Services Manager.

Internet Identity For All.my ccTLD IPv6 Update By Lai Heng Choong Head of Application, Database and Security.my DOMAIN REGISTRY APTLD Member Meeting, 1.

APNIC Member Services George Kuo. MyAPNIC 2 What is MyAPNIC A secure Member services website Internet resources management, for example: –Whois updates.

Securing the Government’s DNS Infrastructure with DNSSEC

Yerevan, July 11, Armenian edition of Jovan Kurbalija’s book “Internet Governance” I.Mkrtumyan, ISOC AM H.Baghyan, MediaEducation Center.

IPv6: The Future of the Internet? July 27th, 1999 Auug.

ENUM Chris Wong Converging Services Branch International Training Program 7 September 2006.

Technical Area Report Bryon Ellacott, Technical Area Manager APNIC 28.

Management of the Internet

Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.

ICANN and the Internet Ecosystem. 2  A network of interactions among organisms, and between organisms and their environment.  The Internet is an ecosystem.

Introduction to ARIN and the Internet Registry System.

Olaf M. Kolkman. Apricot 2003, February 2003, Amsterdam. /disi Steps towards a secured DNS Olaf M. Kolkman, Henk Uijterwaal, Daniel.

Deploying Security for the Domain Name System Securing the Infrastructure Panel Allison Mankin, Amy Friedlander Shinkuro, Inc

1 DNSSEC for the.edu Domain Becky Granger Director, Information Technology and Member Services EDUCAUSE April 29, 2010.

SaudiNIC's IPv6 Support in Saudi Domain Names IPv6 2 nd Workshop, 10 May 2011 Raed Al-Fayez SaudiNIC – CITC سجل. السعودية.

APNIC Status Report RIPE 45 Barcelona May The APNIC Region Ref

APNIC Update RIPE 59 October Overview APNIC Services Update APNIC 28 policy outcomes APNIC Members and Stakeholder Survey Next APNIC Meetings.

CcNSO Finance Working Group: Survey on ICANN Contributions and Services Byron Holland March 11,

LACNIC Report ARIN XXV, Toronto - CA Raúl Echeberría.

APTLD Update: January 2006 Lim Choon Sai For APTLD Singapore July 2006.

October 2005Bell Canada Network Planning 1 ENUM (tElephone NUmber Mapping) Update CSCN Chair Presentation to ISACC Information and Communications Technology.

Japan Registry Service Copyright © 2004 JPRS A Glance at ENUM AP* Retreat Feb. 22, 2004 Hiro HOTTA.

1 ICANN update Save Vocea APSTAR retreat, Taipei, TW 24 February 2008.

1 ICANN & Global Partnerships Baher Esmat Manager, Regional Relations Middle East ccTLD Training, Amman Nov, 2007.

Olaf M. Kolkman. Apricot 2005, February 2005, Kyoto. DNSSEC An Update Olaf M. Kolkman

Regional Internet Registries Statistics & Activities IETF 55 Atlanta Prepared By APNIC, ARIN, LACNIC, RIPE NCC.

6DEPLOY-2: IPv6 Deployment Support Project Overview IPv6 workshop Krakow May 2012 Carlos Friaças, FCCN Luc De Ghein, CISCO

1 APNIC Status Report SANOG VI July 2005, Thimpu, Bangladesh Kapil Chawla, APNIC.

Phil Regnauld Hervey Allen 15 June 2009 Papeete, French Polynesia DNSSEC Tutorial: Bibliography.

ISOC.NL SIP © 15 March 2007 Stichting NLnet Labs DNSSEC and ENUM Olaf M. Kolkman

LACNIC Report APNIC 29, Kuala Lumpur – my Ernesto Majó Communications Manager.

DNSSEC Deployment Initiative: Roadmap Version 2.0 Suresh Krishnaswamy, SPARTA Steve Crocker, Shinkuro, Inc.

Adrian Kinderis – AusRegistry International Best Practices of a ccTLD Registry BEST PRACTICES OF A ccTLD REGISTRY ADRIAN KINDERIS AUSREGISTRY INTERNATIONAL.

DNSSEC-Deployment.org Secure Naming Infrastructure Pilot (SNIP) A.gov Community Pilot for DNSSEC Deployment JointTechs Workshop July 18, 2007 Scott Rose.

.LV today and tomorrow Katrīna Sataki, NIC.LV Riga, 19 April 2013.

Joint Techs, Albuquerque Feb © 8 Feb 2006 Stichting NLnet Labs DNS Risks, DNSSEC Olaf M. Kolkman and Allison Mankin

AU, March 2, DNSSEC, APNIC, & how EPP might play a Role Ed Lewis DNS SIG APNIC 21.

1 DNSMON DNS Server Monitoring RIPE NCC 3 December 2015.

APNIC Report RIPE 43 Rhodes, Greece 9-13 September 2002.

LACNIC Update Dr. Arturo L. Servín LACNIC APNIC 30 Gold Coast, August

Leo vegoda. APNIC 14, 3–6 Sept. 2002, Kitakyushu, Japan. 1 RIPE NCC Status Report at APNIC 14 Looking forward to winter…

Securing Future Growth: Getting Ready for IPv6 NOW! ccTLD Workshop, 8 th April 2011 Noumea, New Caledonia Miwa Fujii, Senior IPv6 Program Specialist, APNIC.

RDAP Andy Newton, Chief Engineer. Background WHOIS (Port 43) – Old, very old – Lot’s of problems Under specified, no I18N, insecure, no authentication,

Early Registration Record Transfers Richard Jimmerson Director of Operations APNIC 11Kuala Lumpur.

Internet2 DNSSEC Pilot Shumon Huque University of Pennsylvania ESCC/Internet2 Joint Techs Workshop Madison, Wisconsin, U.S.A., July 19 th 2006.

APNIC Status Report RIPE 44 Amsterdam, The Netherlands January 27-31, 2003.

APNIC Update RIPE November 2010 Rome, Italy Geoff Huston Chief Scientist, APNIC.

.aero Status DAC Meeting February 25, ICANN, Policy and Communications ICANN agreement signed on December 17, 2002 Web site

Mirjam KuehneRIPE Meeting # 31 RIPE ncc Internet Administration and the RIPE NCC Daniel Karrenberg.

Keith Mitchellhttp:// RIPE ncc IP Address Space Governance Keith Mitchell Executive Board Chairman, RIPE NCC (Chief Executive, LINX) European.

APNIC DNSSEC deployment considerations APNIC 23, Bali George Michaelson R&D Officer APNIC.

1 27Apr08 Some thoughts on Internet Governance and expansion of the Domain Name space Paul Twomey President and CEO 9 August 2008 Panel on Internet Governance.

DNSSEC in.edu Matt Larson Vice President, DNS Research.

Phil Regnauld Hervey Allen 15 June 2009 Papeete, French Polynesia DNSSEC Tutorial: Status “Today”

RIPE NCC ENUM Update Anand Buddhdev DNS Services Manager, RIPE NCC.

Getting started with ICANN

State of DNSSEC deployment ISOC Advisory Council

ICANN Meeting, Kuala Lumpur, July 2004

Paul Wilson RIPE 66 Dublin

DNSSEC: An Update on Global Activities

A Proposal for IPv4 Essential Infrastructure

DNSSEC Tutorial: Status “Today”

Requirements for running a local WHOIS service

DNS operations SIG APNIC 17 Kuala Lumpur, Malaysia

Presentation transcript:

Security for the Internet’s Domain Name System DNSSEC Current State of Deployment Prepared for Internet2 BoF Amy Friedlander, Shinkuro, Inc. Based on a presentation by Marcus Sachs (SRI) with contributions by members of the DNSSEC Deployment Working Group April 23, 2007

Security for the Internet’s Domain Name System DNSSEC Current State: Protocols Core RFCs published: 4033: DNS Security Introduction and Requirements 4034: Resource Records for DNS Security Extensions 4035: Protocol Modifications for the DNS Security Extensions for the entire collection NSEC3 is in final stages. DNS Extensions (DNSEXT) Working Group is discussing its future, including the option of self dissolution.

Security for the Internet’s Domain Name System The US Department of Homeland Security DNSSEC Deployment Initiative Activities Coordination project: Shinkuro, Sparta, SRI and NIST Roadmap published in February 2005, updated March 2007 to include extensive list of available software tools and guides Multiple workshops held world-wide Monthly newsletter DNSSEC testbed and testing tools developed by NIST DNSSEC tools available at DNSSEC-Deployment Working Group Internet2 Cross-Signing Pilot

Security for the Internet’s Domain Name System DNSSEC in the United States US Government US civilian government (.gov) developing policy and technical guidance for secure DNS operations and beginning deployment activities at all levels. The “.us” and “.mil” zones are also on track for DNSSEC compliance New DNSSEC guidance included in FISMA, NIST r1 Secure Domain Name System Deployment Guide Outside the US Government Public Internet Registry (PIR): plans for deploying DNSSEC in.org

Security for the Internet’s Domain Name System DNSSEC in the Caribbean: Puerto Rico In July 2006 Puerto Rico’s top-level domain (.pr) was the second ccTLD – country code top level domain – to provide a DNSSEC- signed zone Details: Questions may be addressed to

Security for the Internet’s Domain Name System DNSSEC in Latin America: Mexico and Brazil NIC Mexico is developing the infrastructure, procedures and technology for a future DNSSEC deployment in the.mx ccTLD DNSSEC testbed launched in May 2006 Created a new SLD: test.mx where DNSSEC enabled domain registrations can be made for free Testbed details: DNSSEC verification tool: Registro.br released DNSSEC extensions for EPP: (RFC 4310)

Security for the Internet’s Domain Name System DNSSEC in Europe: RIPE The European infrastructure services provider, RIPE NCC, based in the Netherlands, has deployed DNSSEC in the reverse tree Details are at How-to guide (latest version) at dnssec_howto

Security for the Internet’s Domain Name System DNSSEC in Europe: Sweden In November 2005, the Swedish national registry (.se) was the first ccTLD – country code top level domain – to provide DNSSEC-capable service February 16, 2007,.se launched commercial DNSSEC service Press release (launch): 16?lang=en 16?lang=en More details, DNSSEC This Month (March 1, 2007) dnssecthismonth/

Security for the Internet’s Domain Name System DNSSEC in Europe: Bulgaria, Czech Republic and Russia Bulgaria (.bg) has signed its zone. Czech Republic (.cz) is studying the idea of signing its zone as a means of seeding DNSSEC deployment in eastern Europe. R01 ( a Russian registrar, has a signed copy of the.ru zone available on their name server. ns.dnssec.ru ( ) Registrants with a.ru domain using R01 as a registrar can sign their own zones R01 will provide secure delegation in the signed copy of the.ru zone Additional information on the signed zone and how it can be used can be found at

Security for the Internet’s Domain Name System DNSSEC in Asia DNSSEC summit and workshop during APRICOT 2005, Kyoto Feb2005/DNSSEC05FebJP-Info.html We need more pilots and workshops in the APNIC region!

Security for the Internet’s Domain Name System Stages for Next Steps and Discussion Risk (and cost) analysis CRITICAL! Test and engineering Discussions with many communities, including with the relevant Top Level Domain registries Production Including communication with zone providers, registrars, governing agencies, and software vendors Leadership in the private and public sectors

Security for the Internet’s Domain Name System Background Information and Contributors For lots of detailed information: Authors of materials in this presentation (all from dnssec-deployment working group) Amy Friedlander (Shinkuro) Allison Mankin (Shinkuro) Marcus Sachs (SRI) Ed Lewis (Neustar) Olaf Kolkman (Netlabs.nl) Russ Mundy (Sparta)