Presentation is loading. Please wait.

Presentation is loading. Please wait.

DNS Team IETF 99 Hackathon.

Published byDulcie Ellis Modified over 6 years ago

Similar presentations

Presentation on theme: "DNS Team IETF 99 Hackathon."— Presentation transcript:

1 DNS Team IETF 99 Hackathon

2 Participants (new to IETF & hackathon)
Stéphane Bortzmeyer Tariq Damra Sara Dickinson John Dickinson Ralph Dolmans Jim Hague Paul Hoffman Shuman Huque Shane Kerr Matti Klock Dave Lawrence Benno Overeinder Melinda Shore Petr Špaček Ondřej Surý Willem Toorop Jan Včelák Lars Wegmann

3 Education

4 Work on Drafts and Standards
New Ed25519 elliptic curve support in Knot Resolver [RFC 8032] DNS multiple QTYPEs prototype implementation in BIND [draft- bellis-dnsext-multi-qtypes] TCP Fast Open in Knot Resolver [RFC 7413] DNSSEC chain TLS extension in getdns and Unbound [draft-ietf- tls-dnssec-chain-extension] Work on the C-DNS capture format [draft-ietf-dnsop-dns- capture-format]

5 Root KSK Roll-over (October 11th, 2017)
DNS testing tool Deckard Extending test set for Automated Updates for DNSSEC Trust Anchors [RFC 5011] support for Knot Resolver support for Unbound Root KSK roll-over timeline July 11th: publication of new KSK October 11th: new KSK is used to sign the root zone January 11th: revocation of old KSK

6 Since DANE, DNSSEC not just for
DNS Operators

7 Since DANE, DNSSEC not just for
but also for end-users DNS Operators

8 Since DANE, DNSSEC not just for
but also for end-users Network Working Group M. StJohns Request for Comments: Independent Category: Standards Track September 2007 Automated Updates of DNS Security (DNSSEC) Trust Anchors Status of This Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Abstract This document describes a means for automated, authenticated, and authorized updating of DNSSEC "trust anchors". The method provides protection against N-1 key compromises of N keys in the trust point key set. Based on the trust established by the presence of a current anchor, other anchors may be added at the same place in the hierarchy, and, ultimately, supplant the existing anchor(s). DNS Operators

9 Hack: Zero configuration DNSSEC for end-user applications
delivers DNSSEC to home cooks (i.e. end-user apps) Anticipate not running as a stable process Anticipate other “malicious” end-user apps How? download TA from ICANN on the fly when needed Minimize # downloads, by: Storing DNSKEY too Retry download only on newly seen Key IDs

10 Research & Innovation (No Standards!)
Experimentation with Opportunistic TTL refresh of DNS records Stubby packaging, GUI development and documentation.

Download ppt "DNS Team IETF 99 Hackathon."

Similar presentations

Domain Name System Security Extensions (DNSSEC) Hackers 2.

Domain Name System Security Extensions (DNSSEC) Hackers 2.
Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.

Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.
1 Updated as of 1 July 2014 About ICANN KISA-ICANN Language Localisation Project Module 1.1.

1 Updated as of 1 July 2014 About ICANN KISA-ICANN Language Localisation Project Module 1.1.
TELE 301 Lecture 11: DNS 1 Overview Last Lecture –Scheduled tasks and log management This Lecture –DNS Next Lecture –Address assignment (DHCP)

TELE 301 Lecture 11: DNS 1 Overview Last Lecture –Scheduled tasks and log management This Lecture –DNS Next Lecture –Address assignment (DHCP)
DNSEXT-63 Next steps in Trust Anchor Management for DNSSEC Ólafur Guðmundsson

DNSEXT-63 Next steps in Trust Anchor Management for DNSSEC Ólafur Guðmundsson
RFC Format Session Tuesday, 22 July 2014 13:00-14:00 Ballroom C.

RFC Format Session Tuesday, 22 July :00-14:00 Ballroom C.
© 2015 ISC November 2013 Sunset for the DLV?. © 2015 ISC Background (c) Interested

© 2015 ISC November 2013 Sunset for the DLV?. © 2015 ISC Background (c) Interested
Internet Corporation for Assigned Names & Numbers Update on ITAR Elise Gerich Vice President, IANA.

Internet Corporation for Assigned Names & Numbers Update on ITAR Elise Gerich Vice President, IANA.
XMPP Concrete Implementation Updates: 1. Why XMPP 2 »XMPP protocol provides capabilities that allows realization of the NHIN Direct. Simple – Built on.

XMPP Concrete Implementation Updates: 1. Why XMPP 2 »XMPP protocol provides capabilities that allows realization of the NHIN Direct. Simple – Built on.
Root Zone KSK: The Road Ahead Edward Lewis | DNS-OARC & RIPE DNSWG | May 2015

Root Zone KSK: The Road Ahead Edward Lewis | DNS-OARC & RIPE DNSWG | May 2015
1 DNSSEC Transforming a protocol bug into an admin tool Lutz Donnerhacke db089309: 1c1c 6311 ef09 d819 e029 65be bfb6 c9cb.

1 DNSSEC Transforming a protocol bug into an admin tool Lutz Donnerhacke db089309: 1c1c 6311 ef09 d819 e029 65be bfb6 c9cb.
© 2015 ISC November 2013 Sunset for the DLV?. © 2015 ISC Background (c) Interested

© 2015 ISC November 2013 Sunset for the DLV?. © 2015 ISC Background (c) Interested
Root Zone KSK Maintenance Jaap Akkerhuis | ENOG -10 | October 2015.

Root Zone KSK Maintenance Jaap Akkerhuis | ENOG -10 | October 2015.
Root Zone KSK: After 5 years Elise Gerich | APNIC 40 | September 2015.

Root Zone KSK: After 5 years Elise Gerich | APNIC 40 | September 2015.
Using Digital Signature with DNS. DNS structure Virtually every application uses the Domain Name System (DNS). DNS database maps: –Name to IP address.

Using Digital Signature with DNS. DNS structure Virtually every application uses the Domain Name System (DNS). DNS database maps: –Name to IP address.
Host Identifier Revocation in HIP draft-irtf-hiprg-revocation-01 Dacheng Zhang IETF 79.

Host Identifier Revocation in HIP draft-irtf-hiprg-revocation-01 Dacheng Zhang IETF 79.
Rolling the Root Geoff Huston APNIC Labs March 2016.

Rolling the Root Geoff Huston APNIC Labs March 2016.
BIND 10 DNS Project Status + DNS Resolver Status/Plans Shane Kerr 23 January 2013.

BIND 10 DNS Project Status + DNS Resolver Status/Plans Shane Kerr 23 January 2013.
DNS/DNSSEC/DPRIV E IETF 96 Hackathon Problem Solved – DNS security and privacy enhancements and interoperabilty Method of Solution – multiple user stories,

DNS/DNSSEC/DPRIV E IETF 96 Hackathon Problem Solved – DNS security and privacy enhancements and interoperabilty Method of Solution – multiple user stories,
SNMP (Simple Network Management Protocol) Overview

SNMP (Simple Network Management Protocol) Overview

Similar presentations

Ads by Google