Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internet2 DNSSEC Pilot Shumon Huque University of Pennsylvania ESCC/Internet2 Joint Techs Workshop Madison, Wisconsin, U.S.A., July 19 th 2006.

Published bySamantha Beverley Greer Modified over 8 years ago

Similar presentations

Presentation on theme: "Internet2 DNSSEC Pilot Shumon Huque University of Pennsylvania ESCC/Internet2 Joint Techs Workshop Madison, Wisconsin, U.S.A., July 19 th 2006."— Presentation transcript:

1 Internet2 DNSSEC Pilot Shumon Huque University of Pennsylvania ESCC/Internet2 Joint Techs Workshop Madison, Wisconsin, U.S.A., July 19 th 2006

2 Shumon Huque2 Description of the Pilot Goal: Deploy DNSSEC and gain operational experience Participants sign at least one of their zones Exchange keys (trust anchors) that will allow them to mutually validate DNS data Setup security-aware resolvers configured with the trust anchors

3 Shumon Huque3 A little background.. Feb ‘06: DNSSEC Workshop held at Albuquerque Joint Techs Mar ‘06: dnssec@internet2 mailing list Apr ‘06: Internet2 Spring Member meeting Advisory group formed and plans for a pilot project formulated May ‘06: Pilot group began Bi-weekly conference calls and progress reports

4 Shumon Huque4 Co-ordination Internet2 and Shinkuro Partner in DNSSEC Deployment Initiative http://www.dnssec-deployment.org/ Some funding from US government

5 Shumon Huque5 DNSSEC Deployment Efforts so far MAGPI GigaPoP All zones: magpi.{net,org} & 15 reverse zones https://rosetta.upenn.edu/magpi/dnssec.html MERIT radb.net nanog.org NYSERNet - test zone nyserlab.org

6 Shumon Huque6 Deployments in the pipeline.. University of Pennsylvania University of California - Berkeley University of California - Los Angeles University of Massachusetts - Amherst Internet2

7 Shumon Huque7 Ongoing work & discussion To DLV or not? (and if so, which registry?) “DNSSEC Lookaside Validation” Deploy NSEC3 or not? Stub resolver support options Key maintenance & rollover policies Better protection of long term keys Secure delegations from parents.edu,.net,.org,.in-addr.arpa

8 Shumon Huque8 More participants welcome! (participation not restricted to Internet2) Join mailing list Participate in con calls DNSSEC BoF @ lunchtime today

9 Shumon Huque9 References Internet2 DNSSEC Pilot http://www.dnssec-deployment.org/internet2/ http://rosetta.upenn.edu/magpi/dnssec.html Mailing list: dnssec@internet2.edudnssec@internet2.edu https://mail.internet2.edu/wws/info/dnssec Internet2 DNSSEC Workshop http://events.internet2.edu/2006/jt- albuquerque/sessionDetails.cfm?session=2491&ev ent=243

10 Shumon Huque10 References (2) DNSSEC(bis) technical specs: RFC 4033, 4034, 4035 Related: Threat analysis of the DNS: RFC 3833 Operational practices draft-ietf-dnsop-dnssec-operational-practices-08 NSEC3: draft-ietf-dnsext-nsec3-05 DLV: draft-weiler-dnssec-dlv-01 ISC DLV registry: http://www.isc.org/index.pl?/ops/dlv/

11 Shumon Huque11 Questions? Shumon Huque shuque -at- isc.upenn.edu

Download ppt "Internet2 DNSSEC Pilot Shumon Huque University of Pennsylvania ESCC/Internet2 Joint Techs Workshop Madison, Wisconsin, U.S.A., July 19 th 2006."

Similar presentations

DNSSEC in Windows Server. DNS Server changes Provide DNSSEC support in the DNS server – Changes should allow federal agencies to comply with SC-20 and.

DNSSEC in Windows Server. DNS Server changes Provide DNSSEC support in the DNS server – Changes should allow federal agencies to comply with SC-20 and.
APNIC Update AfriNIC 11 November 2009. Overview Services status Policy developments Priority activities Next meetings.

APNIC Update AfriNIC 11 November Overview Services status Policy developments Priority activities Next meetings.
Whois Task Force GNSO Public Forum Wellington March 28, 2006.

Whois Task Force GNSO Public Forum Wellington March 28, 2006.
International Telecommunication Union ENUM Issues and Solutions Houlin Zhao Director Telecommunication Standardization Bureau International Telecommunication.

International Telecommunication Union ENUM Issues and Solutions Houlin Zhao Director Telecommunication Standardization Bureau International Telecommunication.
State of DNS Security Extensions Edward Lewis February 26, 2001 APRICOT 2001 Panel.

State of DNS Security Extensions Edward Lewis February 26, 2001 APRICOT 2001 Panel.
Deploying DNSSEC in Windows Server 2012 David Cates Platform Services Group Microsoft Corporation.

Deploying DNSSEC in Windows Server 2012 David Cates Platform Services Group Microsoft Corporation.
DNSSEC Workshop Planning BOF Internet2/ESNet Joint Techs College Station TX, Feb 2-4, 2009 Joe St Sauver, Ph.D. Manager, Internet2 Security Programs

DNSSEC Workshop Planning BOF Internet2/ESNet Joint Techs College Station TX, Feb 2-4, 2009 Joe St Sauver, Ph.D. Manager, Internet2 Security Programs
What’s Next: DNSSEC & RPKI Mark Kosters. Why are DNSSEC and RPKI Important Two critical resources – DNS – Routing Hard to tell when it is compromised.

What’s Next: DNSSEC & RPKI Mark Kosters. Why are DNSSEC and RPKI Important Two critical resources – DNS – Routing Hard to tell when it is compromised.
DNS Security Extension (DNSSEC). Why DNSSEC? DNS is not secure –Applications depend on DNS ►Known vulnerabilities DNSSEC protects against data spoofing.

DNS Security Extension (DNSSEC). Why DNSSEC? DNS is not secure –Applications depend on DNS ►Known vulnerabilities DNSSEC protects against data spoofing.
1 The State and Challenges of the DNSSEC Deployment Eric Osterweil Michael Ryan Dan Massey Lixia Zhang.

1 The State and Challenges of the DNSSEC Deployment Eric Osterweil Michael Ryan Dan Massey Lixia Zhang.
Technical Area Report Bryon Ellacott, Technical Area Manager APNIC 28.

Technical Area Report Bryon Ellacott, Technical Area Manager APNIC 28.
DomainKeys Identified Mail (DKIM) D. Crocker ~ bbiw.net dkim.org  Consortium spec Derived from Yahoo DomainKeys and Cisco Identified Internet Mail  IETF.

DomainKeys Identified Mail (DKIM) D. Crocker ~ bbiw.net dkim.org  Consortium spec Derived from Yahoo DomainKeys and Cisco Identified Internet Mail  IETF.
Olaf M. Kolkman. Apricot 2003, February 2003, Amsterdam. /disi Steps towards a secured DNS Olaf M. Kolkman, Henk Uijterwaal, Daniel.

Olaf M. Kolkman. Apricot 2003, February 2003, Amsterdam. /disi Steps towards a secured DNS Olaf M. Kolkman, Henk Uijterwaal, Daniel.
IANA Activities Update RIPE 68 Warsaw, Poland May 2014.

IANA Activities Update RIPE 68 Warsaw, Poland May 2014.
Data You Can Trust: The Key to Information Security Dr. Burt Kaliski, Jr. Senior Vice President and CTO, Verisign 25 th HP Information Security Colloquium.

Data You Can Trust: The Key to Information Security Dr. Burt Kaliski, Jr. Senior Vice President and CTO, Verisign 25 th HP Information Security Colloquium.
Deploying Security for the Domain Name System Securing the Infrastructure Panel Allison Mankin, Amy Friedlander Shinkuro, Inc

Deploying Security for the Domain Name System Securing the Infrastructure Panel Allison Mankin, Amy Friedlander Shinkuro, Inc
1 DNSSEC at ESnet ESCC/Internet2 Joint Techs Workshop July 19, 2006 R. Kevin Oberman Network Engineer Lawrence Berkeley National Laboratory.

1 DNSSEC at ESnet ESCC/Internet2 Joint Techs Workshop July 19, 2006 R. Kevin Oberman Network Engineer Lawrence Berkeley National Laboratory.
Security for the Internet’s Domain Name System DNSSEC Current State of Deployment Prepared for Internet2 BoF Amy Friedlander, Shinkuro, Inc. Based on a.

Security for the Internet’s Domain Name System DNSSEC Current State of Deployment Prepared for Internet2 BoF Amy Friedlander, Shinkuro, Inc. Based on a.
1 DNSSEC for the.edu Domain Becky Granger Director, Information Technology and Member Services EDUCAUSE April 29, 2010.

1 DNSSEC for the.edu Domain Becky Granger Director, Information Technology and Member Services EDUCAUSE April 29, 2010.
1 San Diego, California 25 February 2014. 2 Securing Routing: RPKI Overview Mark Kosters Chief Technology Officer.

1 San Diego, California 25 February Securing Routing: RPKI Overview Mark Kosters Chief Technology Officer.

Similar presentations

Ads by Google