Presentation is loading. Please wait.

Presentation is loading. Please wait.

© Afilias Limitedwww.afilias.info SM Deploying DNSSEC Ram Mohan.

Published byJasmine Goodwin Modified over 8 years ago

Similar presentations

Presentation on theme: "© Afilias Limitedwww.afilias.info SM Deploying DNSSEC Ram Mohan."— Presentation transcript:

1 © Afilias Limitedwww.afilias.info SM Deploying DNSSEC Ram Mohan

2 © Afilias Limitedwww.afilias.info DNS Admin – Pre DNSSEC Initial Setup (occurs once) Setup conf file with original zones and parameters Set serial to first value, and add in resource records Operations (Very Infrequently): Add to conf file when new zone comes online Make change to resource records and increment serial Monitoring: check that update made just happened and hit secondaries check that DNS, NTP is running check that transfers are working

3 © Afilias Limitedwww.afilias.info DNS Admin – Post DNSSEC DNSSEC Setup (occurs once) Decide on signing solution, signing frequency, signature expiration, key rolls Generate initial keys Sign zone(s) initially Make sure registrar supports DNSSEC Generate initial DS records - and send to registrar DNSSEC operation (very infrequently) Generate new keys Generate new DS record (if rolling KSK), send to registrar Begin signing with new keys Deprecate old keys at appropriate time

4 © Afilias Limitedwww.afilias.info DNSSEC Admin – Post DNSSEC continued DNSSEC operation (frequent) Re-sign zone Sign new records as they come into the zone Monitoring Check signatures are valid Check NSEC / NSEC3 records are valid Check signatures will not expire before next zone re-sign Check zone re-signs work and transfer Check that new keys are valid Check signature with new keys valid Ensure DS in parent is in sync w/ DNSKEYs in apex

5 © Afilias Limitedwww.afilias.info Current IANA process

6 © Afilias Limitedwww.afilias.info IANA process – Challenges The IANA process requires confirmation from BOTH admin and tech contacts for publication. Contacts can change jobs Contacts can change locations Keeping IANA contact information current may not be top priority for some TLD operators IANA will not approve changes which may affect stability/service for the TLD Nameservers in in the TLDs apex NS Set must be upgraded to "DNSSEC-Ready" versions

Download ppt "© Afilias Limitedwww.afilias.info SM Deploying DNSSEC Ram Mohan."

Similar presentations

DNSSEC in Windows Server. DNS Server changes Provide DNSSEC support in the DNS server – Changes should allow federal agencies to comply with SC-20 and.

DNSSEC in Windows Server. DNS Server changes Provide DNSSEC support in the DNS server – Changes should allow federal agencies to comply with SC-20 and.
Practical Considerations for DNSSEC Automation Joe Gersch OARC Presentation September 24, 2008.

Practical Considerations for DNSSEC Automation Joe Gersch OARC Presentation September 24, 2008.
© 2006-2012 NLnet Labs, Licensed under a Creative Commons Attribution 3.0 Unported License.Creative Commons Attribution 3.0 Unported License DNSSEC ROLLING.

© NLnet Labs, Licensed under a Creative Commons Attribution 3.0 Unported License.Creative Commons Attribution 3.0 Unported License DNSSEC ROLLING.
Improving DNS contents in the RRR world Ólafur Guðmundsson Steve Crocker 2012 Oct.

Improving DNS contents in the RRR world Ólafur Guðmundsson Steve Crocker Oct.
DNS Transfers in DNSSEC world Olafur Gudmundsson Steve Crocker Shinkuro, Inc.

DNS Transfers in DNSSEC world Olafur Gudmundsson Steve Crocker Shinkuro, Inc.
Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.
APNIC Member Services George Kuo. MyAPNIC 2 What is MyAPNIC A secure Member services website Internet resources management, for example: –Whois updates.

APNIC Member Services George Kuo. MyAPNIC 2 What is MyAPNIC A secure Member services website Internet resources management, for example: –Whois updates.
Deploying DNSSEC in Windows Server 2012 David Cates Platform Services Group Microsoft Corporation.

Deploying DNSSEC in Windows Server 2012 David Cates Platform Services Group Microsoft Corporation.
Securing the Government’s DNS Infrastructure with DNSSEC

Securing the Government’s DNS Infrastructure with DNSSEC
I’m the credentialing officer, what do I do? 2011.

I’m the credentialing officer, what do I do? 2011.
ICANN’s Preparedness for Signing the Root September 24, 2008 DNS OARC Meeting, Ottawa, CA

ICANN’s Preparedness for Signing the Root September 24, 2008 DNS OARC Meeting, Ottawa, CA
DNSSEC Brought to you by ISC-BIND, SUNYCT, and: Nick Merante – SUNYIT Comp Sci SysAdmin Nick Gasparovich – SUNYIT Campus SysAdmin Paul Brennan – SUNYIT.

DNSSEC Brought to you by ISC-BIND, SUNYCT, and: Nick Merante – SUNYIT Comp Sci SysAdmin Nick Gasparovich – SUNYIT Campus SysAdmin Paul Brennan – SUNYIT.
1 SecSpider: Distributed DNSSEC Monitoring Eric Osterweil Michael Ryan Dan Massey Lixia Zhang.

1 SecSpider: Distributed DNSSEC Monitoring Eric Osterweil Michael Ryan Dan Massey Lixia Zhang.
1 Observations from the DNSSEC Deployment Dan Massey Colorado State University Joint work with Eric Osterweil and Lixia Zhang UCLA.

1 Observations from the DNSSEC Deployment Dan Massey Colorado State University Joint work with Eric Osterweil and Lixia Zhang UCLA.
© Afilias Limitedwww.afilias.info SM Challenges of Deploying DNSSEC: Prepare your ccTLD with Secondary DNS services LACNIC Meeting May 2010 Presented by:

© Afilias Limitedwww.afilias.info SM Challenges of Deploying DNSSEC: Prepare your ccTLD with Secondary DNS services LACNIC Meeting May 2010 Presented by:
1 The State and Challenges of the DNSSEC Deployment Eric Osterweil Michael Ryan Dan Massey Lixia Zhang.

1 The State and Challenges of the DNSSEC Deployment Eric Osterweil Michael Ryan Dan Massey Lixia Zhang.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
DNS Security Extensions (DNSSEC) Ryan Dearing. Topics History What is DNS? DNS Stats Security DNSSEC DNSSEC Validation Deployment.

DNS Security Extensions (DNSSEC) Ryan Dearing. Topics History What is DNS? DNS Stats Security DNSSEC DNSSEC Validation Deployment.
Deploying DNSSEC in Windows Server 2012 Rob Kuehfus Program Manager Microsoft Corporation WSV325.

Deploying DNSSEC in Windows Server 2012 Rob Kuehfus Program Manager Microsoft Corporation WSV325.
Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.

Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.

Similar presentations

Ads by Google