1 Internet2 Joint Techs DNSSEC BOF July 19, 2006 1 DNSSEC BOF Larry J. Blunk, Merit Network Internet2 Joint Techs Workshop Madison, WI July 19, 2006.

Slides:

Advertisements

Similar presentations

DNSSEC in Windows Server. DNS Server changes Provide DNSSEC support in the DNS server – Changes should allow federal agencies to comply with SC-20 and.

Advertisements

International Telecommunication Union ENUM Issues and Solutions Houlin Zhao Director Telecommunication Standardization Bureau International Telecommunication.

John Curran APNIC 31 ARIN Update Focus Continue development and integration of web-based system (ARIN Online) Outreach on IPv6 adoption DNSSEC and.

Projects Awaiting Prioritization Nate Davis. Planned Functionality Projects underway or next in queue Hosted RPKI (Planned 2012 Q2 Deployment) - RPKI.

DNSSEC Brought to you by ISC-BIND, SUNYCT, and: Nick Merante – SUNYIT Comp Sci SysAdmin Nick Gasparovich – SUNYIT Campus SysAdmin Paul Brennan – SUNYIT.

An Introduction to Routing Security (and RPKI Tools) Geoff Huston May 2013.

DNSSEC & Validation Tiger Team DHS Federal Network Security (FNS) & Information Security and Identity Management Committee (ISIMC) Earl Crane Department.

What’s Next: DNSSEC & RPKI Mark Kosters. Why are DNSSEC and RPKI Important Two critical resources – DNS – Routing Hard to tell when it is compromised.

IANA Status Update ARIN XXVI meeting, Atlanta Barbara Roseman October 2010.

DNS Security Extension (DNSSEC). Why DNSSEC? DNS is not secure –Applications depend on DNS ►Known vulnerabilities DNSSEC protects against data spoofing.

RNDC & TSIG. What is RNDC? Remote Name Daemon Controller Command-line control of named daemon Usually on same host, can be across hosts –Locally or remotely.

© Afilias Limitedwww.afilias.info SM Challenges of Deploying DNSSEC: Prepare your ccTLD with Secondary DNS services LACNIC Meeting May 2010 Presented by:

DNS Security Extensions (DNSSEC) Ryan Dearing. Topics History What is DNS? DNS Stats Security DNSSEC DNSSEC Validation Deployment.

Phil Regnauld Hervey Allen June 2009 Papeete, Tahiti DNSSEC overview.

Technical Area Report Bryon Ellacott, Technical Area Manager APNIC 28.

DomainKeys Identified Mail (DKIM) D. Crocker ~ bbiw.net dkim.org  Consortium spec Derived from Yahoo DomainKeys and Cisco Identified Internet Mail  IETF.

Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.

IANA Activities Update RIPE 68 Warsaw, Poland May 2014.

Forwarding Hint in NFD Junxiao Shi,

APNIC eLearning: Intro to RPKI 10 December :30 PM AEST Brisbane (UTC+10)

1 DNSSEC at ESnet ESCC/Internet2 Joint Techs Workshop July 19, 2006 R. Kevin Oberman Network Engineer Lawrence Berkeley National Laboratory.

DNS Registries. Overview What is a DNS registry? –DNS registries –Data In –Data Out –Transactions Registry Structure –Registry –Registrars –Registrants.

Prepared by The Regional Internet Registries [APNIC, ARIN, LACNIC and RIPE NCC]

Security for the Internet’s Domain Name System DNSSEC Current State of Deployment Prepared for Internet2 BoF Amy Friedlander, Shinkuro, Inc. Based on a.

1 DNSSEC for the.edu Domain Becky Granger Director, Information Technology and Member Services EDUCAUSE April 29, 2010.

1 San Diego, California 25 February Securing Routing: RPKI Overview Mark Kosters Chief Technology Officer.

RPKI Tutorial Andy Newton Chief Engineer, ARIN. Agenda Resource Public Key Infrastructure(RPKI) Route Origin Authorizations (ROAs) Certificate Authorities.

DNSSEC an introduction ccTLD workshop November 26-29th, 2007 Amman, Jordan Based on slides from RIPE NCC.

Update from ICANN staff on SSR Activities Greg Rattray Tuesday 21 st 2010.

© 2015 ISC November 2013 Sunset for the DLV?. © 2015 ISC Background (c) Interested

Secured Dynamic Updates. Caution Portions of this slide set present features that do not appear in BIND until BIND 9.3 –Snapshot code is available for.

Olaf M. Kolkman. Apricot 2005, February 2005, Kyoto. DNSSEC An Update Olaf M. Kolkman

ARIN Registry Update Richard Jimmerson Director of External Relations.

Phil Regnauld Hervey Allen 15 June 2009 Papeete, French Polynesia DNSSEC Tutorial: Bibliography.

DNSSEC deployment in NZ Andy Linton

© NLnet Labs, Licensed under a Creative Commons Attribution 3.0 Unported License.Creative Commons Attribution 3.0 Unported License Practicalities.

1 DNSSEC Deployment: Big Steps Forward; Several Steps to Go NANOG 32 Deployment D N S S E C Rob Austein Steve Crocker

DNSSEC-Deployment.org Secure Naming Infrastructure Pilot (SNIP) A.gov Community Pilot for DNSSEC Deployment JointTechs Workshop July 18, 2007 Scott Rose.

6bone address registry proposal Bob Fink ESnet 17 July 2002 Yokohama.

1 DNSSEC Transforming a protocol bug into an admin tool Lutz Donnerhacke db089309: 1c1c 6311 ef09 d819 e029 65be bfb6 c9cb.

1 Madison, Wisconsin 9 September14. 2 Security Overlays on Core Internet Protocols – DNSSEC and RPKI Mark Kosters ARIN Engineering.

Joint Techs, Albuquerque Feb © 8 Feb 2006 Stichting NLnet Labs DNS Risks, DNSSEC Olaf M. Kolkman and Allison Mankin

© 2015 ISC November 2013 Sunset for the DLV?. © 2015 ISC Background (c) Interested

AU, March 2, DNSSEC, APNIC, & how EPP might play a Role Ed Lewis DNS SIG APNIC 21.

1 Discussion of the new DNS generation system DNS Operations SIG APNIC 18 2nd September 2004, Fiji.

Security in DNS(DNSSEC) Yalda Edalat Pramodh Pallapothu.

OARC TAR Panel. La Brea Tar Pit What was originally intended to expedite the roll-out of DNSSEC seems to be bogging it down instead People who read press.

OpenDNSSEC Deployment Tianyi Xing. Roadmap By mid-term – Establish a DNSSEC server within the mobicloud system (Hopfully be done by next week) Successfully.

Regional Internet Registries Statistics & Activities Joint Techs Workshop July 2004 Columbus, OH.

1 IANA Update Mark McFadden IANA Resource Specialist October 2009 ARIN XXIV / Gorgeous Dearborn, MI.

Early Registration Record Transfers Richard Jimmerson Director of Operations APNIC 11Kuala Lumpur.

Presented by Mark Minasi 1 SESSION CODE: WSV333.

Internet2 DNSSEC Pilot Shumon Huque University of Pennsylvania ESCC/Internet2 Joint Techs Workshop Madison, Wisconsin, U.S.A., July 19 th 2006.

Aug 2008 KRNIC of NIDA KRNIC Updates.

DNS Cache Poisoning (pretending to be the authoritative zone) ns.example.co m Webserver ( ) DNS Caching Server Client I want to access

What's so hard about DNSSEC? Paul Ebersman – May 2016 RIPE72 – Copenhagen 1.

DNSSEC in.edu Matt Larson Vice President, DNS Research.

Using Digital Signature with DNS. DNS structure Virtually every application uses the Domain Name System (DNS). DNS database maps: –Name to IP address.

Internet2 DNSSEC Pilot Shumon Huque University of Pennsylvania Sprint Internet2 Member Meeting Arlington, Virginia, U.S.A., Apr 23rd 2007.

Deploying DNSSEC. Pulling yourself up by your bootstraps João Damas ISC.

State of DNSSEC deployment ISOC Advisory Council

Internet2 DNSSEC Pilot Shumon Huque University of Pennsylvania

Helpful Links Tech support wwnpag.es/nswhelp

Internet2 DNSSEC Pilot Shumon Huque University of Pennsylvania

What DNSSEC Provides Cryptographic signatures in the DNS

Geoff Huston APNIC Labs

Python 19 Mr. Husch.

Internet2 DNSSEC Pilot Shumon Huque University of Pennsylvania

Helpful Links Tech support wwnpag.es/nswhelp

Python 19 Mr. Husch.

Presentation transcript:

1 Internet2 Joint Techs DNSSEC BOF July 19, DNSSEC BOF Larry J. Blunk, Merit Network Internet2 Joint Techs Workshop Madison, WI July 19, 2006

2 Internet2 Joint Techs DNSSEC BOF July 19, DNSSEC links DNSSEC Quickstart Internet2 trial next steps DLV registry Overview

3 Internet2 Joint Techs DNSSEC BOF July 19, dnssec-kolkmanmankin.ppt DNSSEC Links

4 Internet2 Joint Techs DNSSEC BOF July 19, DNSSEC Quickstart (I don’t care how it works, just tell me what commands to type!!) Add “dnssec-enable yes;” to options section of named.conf dnssec-keygen –r/dev/urandom –aRSASHA1 –b1024 –nZONE foo.edu returns “Kfoo.edu.+005+xxxxx” where xxxxx is 5 digit random number dnssec-keygen –r/dev/urandom –fKSK –aRSASHA1 –b1024 –nZONE foo.edu returns “Kfoo.edu.+005+yyyyy” where yyyyy is 5 digit random number Add following lines to zonefile (named db.foo.edu) “$include Kfoo.edu.+005+xxxxx.key” “$include Kfoo.edu.+005+yyyyy.key” Generate db.foo.edu.signed file from input db.foo.edu zonefile (signatures will have a lifetime of 90 days ( seconds)) dnssec-signzone –r/dev/urandom –o foo.edu –k Kfoo.edu.+005+yyyyy \ -e db.foo.edu Kfoo.edu.+005+xxxxx.key

5 Internet2 Joint Techs DNSSEC BOF July 19, Recruiting new participants DLV registry deployment Deploy our own or use existing? Lobby ARIN to sign in-addr.arpa delegations October ARIN meeting in St. Louis Internet2 trial next steps

6 Internet2 Joint Techs DNSSEC BOF July 19, DLV – DNSSEC Lookaside Validation Defined in RFC 4431 Mechanism for publishing DNSSEC trust anchors outside of the DNS delegation chain Several trials available Should we create one for Internet2 DNSSEC trial? Policies for registration?