Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Internet2 Joint Techs DNSSEC BOF July 19, 2006 1 DNSSEC BOF Larry J. Blunk, Merit Network Internet2 Joint Techs Workshop Madison, WI July 19, 2006.

Published byLaura Berry Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Internet2 Joint Techs DNSSEC BOF July 19, 2006 1 DNSSEC BOF Larry J. Blunk, Merit Network Internet2 Joint Techs Workshop Madison, WI July 19, 2006."— Presentation transcript:

1 1 Internet2 Joint Techs DNSSEC BOF July 19, 2006 1 DNSSEC BOF Larry J. Blunk, Merit Network Internet2 Joint Techs Workshop Madison, WI July 19, 2006

2 2 Internet2 Joint Techs DNSSEC BOF July 19, 2006 2 DNSSEC links DNSSEC Quickstart Internet2 trial next steps DLV registry Overview

3 3 Internet2 Joint Techs DNSSEC BOF July 19, 2006 3 www.dnssec.net www.dnssec-deployment.org www.dnssec-tools.org www.internet2.edu/presentations/jt2006feb/200602 08-dnssec-kolkmanmankin.ppt www.merit.edu/nrd/resources/dnssec_howto.pdf DNSSEC Links

4 4 Internet2 Joint Techs DNSSEC BOF July 19, 2006 4 DNSSEC Quickstart (I don’t care how it works, just tell me what commands to type!!) Add “dnssec-enable yes;” to options section of named.conf dnssec-keygen –r/dev/urandom –aRSASHA1 –b1024 –nZONE foo.edu returns “Kfoo.edu.+005+xxxxx” where xxxxx is 5 digit random number dnssec-keygen –r/dev/urandom –fKSK –aRSASHA1 –b1024 –nZONE foo.edu returns “Kfoo.edu.+005+yyyyy” where yyyyy is 5 digit random number Add following lines to zonefile (named db.foo.edu) “$include Kfoo.edu.+005+xxxxx.key” “$include Kfoo.edu.+005+yyyyy.key” Generate db.foo.edu.signed file from input db.foo.edu zonefile (signatures will have a lifetime of 90 days (7776000 seconds)) dnssec-signzone –r/dev/urandom –o foo.edu –k Kfoo.edu.+005+yyyyy \ -e +7776000 db.foo.edu Kfoo.edu.+005+xxxxx.key

5 5 Internet2 Joint Techs DNSSEC BOF July 19, 2006 5 Recruiting new participants DLV registry deployment Deploy our own or use existing? Lobby ARIN to sign in-addr.arpa delegations October ARIN meeting in St. Louis Internet2 trial next steps

6 6 Internet2 Joint Techs DNSSEC BOF July 19, 2006 6 DLV – DNSSEC Lookaside Validation Defined in RFC 4431 Mechanism for publishing DNSSEC trust anchors outside of the DNS delegation chain Several trials available www.isc.org/ops/dlv www.dlv.verisignlabs.com www.iks-jena.de/leistungen/dnssec.php Should we create one for Internet2 DNSSEC trial? Policies for registration?

Download ppt "1 Internet2 Joint Techs DNSSEC BOF July 19, 2006 1 DNSSEC BOF Larry J. Blunk, Merit Network Internet2 Joint Techs Workshop Madison, WI July 19, 2006."

Similar presentations

DNSSEC in Windows Server. DNS Server changes Provide DNSSEC support in the DNS server – Changes should allow federal agencies to comply with SC-20 and.

DNSSEC in Windows Server. DNS Server changes Provide DNSSEC support in the DNS server – Changes should allow federal agencies to comply with SC-20 and.
International Telecommunication Union ENUM Issues and Solutions Houlin Zhao Director Telecommunication Standardization Bureau International Telecommunication.

International Telecommunication Union ENUM Issues and Solutions Houlin Zhao Director Telecommunication Standardization Bureau International Telecommunication.
John Curran APNIC 31 ARIN Update. 2011 Focus Continue development and integration of web-based system (ARIN Online) Outreach on IPv6 adoption DNSSEC and.

John Curran APNIC 31 ARIN Update Focus Continue development and integration of web-based system (ARIN Online) Outreach on IPv6 adoption DNSSEC and.
Projects Awaiting Prioritization Nate Davis. Planned Functionality Projects underway or next in queue Hosted RPKI (Planned 2012 Q2 Deployment) - RPKI.

Projects Awaiting Prioritization Nate Davis. Planned Functionality Projects underway or next in queue Hosted RPKI (Planned 2012 Q2 Deployment) - RPKI.
DNSSEC Brought to you by ISC-BIND, SUNYCT, and: Nick Merante – SUNYIT Comp Sci SysAdmin Nick Gasparovich – SUNYIT Campus SysAdmin Paul Brennan – SUNYIT.

DNSSEC Brought to you by ISC-BIND, SUNYCT, and: Nick Merante – SUNYIT Comp Sci SysAdmin Nick Gasparovich – SUNYIT Campus SysAdmin Paul Brennan – SUNYIT.
An Introduction to Routing Security (and RPKI Tools) Geoff Huston May 2013.

An Introduction to Routing Security (and RPKI Tools) Geoff Huston May 2013.
DNSSEC & Email Validation Tiger Team DHS Federal Network Security (FNS) & Information Security and Identity Management Committee (ISIMC) Earl Crane Department.

DNSSEC & Validation Tiger Team DHS Federal Network Security (FNS) & Information Security and Identity Management Committee (ISIMC) Earl Crane Department.
What’s Next: DNSSEC & RPKI Mark Kosters. Why are DNSSEC and RPKI Important Two critical resources – DNS – Routing Hard to tell when it is compromised.

What’s Next: DNSSEC & RPKI Mark Kosters. Why are DNSSEC and RPKI Important Two critical resources – DNS – Routing Hard to tell when it is compromised.
IANA Status Update ARIN XXVI meeting, Atlanta Barbara Roseman October 2010.

IANA Status Update ARIN XXVI meeting, Atlanta Barbara Roseman October 2010.
DNS Security Extension (DNSSEC). Why DNSSEC? DNS is not secure –Applications depend on DNS ►Known vulnerabilities DNSSEC protects against data spoofing.

DNS Security Extension (DNSSEC). Why DNSSEC? DNS is not secure –Applications depend on DNS ►Known vulnerabilities DNSSEC protects against data spoofing.
RNDC & TSIG. What is RNDC? Remote Name Daemon Controller Command-line control of named daemon Usually on same host, can be across hosts –Locally or remotely.

RNDC & TSIG. What is RNDC? Remote Name Daemon Controller Command-line control of named daemon Usually on same host, can be across hosts –Locally or remotely.
© Afilias Limitedwww.afilias.info SM Challenges of Deploying DNSSEC: Prepare your ccTLD with Secondary DNS services LACNIC Meeting May 2010 Presented by:

© Afilias Limitedwww.afilias.info SM Challenges of Deploying DNSSEC: Prepare your ccTLD with Secondary DNS services LACNIC Meeting May 2010 Presented by:
DNS Security Extensions (DNSSEC) Ryan Dearing. Topics History What is DNS? DNS Stats Security DNSSEC DNSSEC Validation Deployment.

DNS Security Extensions (DNSSEC) Ryan Dearing. Topics History What is DNS? DNS Stats Security DNSSEC DNSSEC Validation Deployment.
Phil Regnauld Hervey Allen June 2009 Papeete, Tahiti DNSSEC overview.

Phil Regnauld Hervey Allen June 2009 Papeete, Tahiti DNSSEC overview.
Technical Area Report Bryon Ellacott, Technical Area Manager APNIC 28.

Technical Area Report Bryon Ellacott, Technical Area Manager APNIC 28.
DomainKeys Identified Mail (DKIM) D. Crocker ~ bbiw.net dkim.org  Consortium spec Derived from Yahoo DomainKeys and Cisco Identified Internet Mail  IETF.

DomainKeys Identified Mail (DKIM) D. Crocker ~ bbiw.net dkim.org  Consortium spec Derived from Yahoo DomainKeys and Cisco Identified Internet Mail  IETF.
Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.

Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.
IANA Activities Update RIPE 68 Warsaw, Poland May 2014.

IANA Activities Update RIPE 68 Warsaw, Poland May 2014.
Forwarding Hint in NFD Junxiao Shi, 2015-05-20 1.

Forwarding Hint in NFD Junxiao Shi,
APNIC eLearning: Intro to RPKI 10 December 2014 12:30 PM AEST Brisbane (UTC+10)

APNIC eLearning: Intro to RPKI 10 December :30 PM AEST Brisbane (UTC+10)

Similar presentations

Ads by Google