Internet2 DNSSEC Pilot Shumon Huque University of Pennsylvania

Slides:



Advertisements
Similar presentations
State of DNS Security Extensions Edward Lewis February 26, 2001 APRICOT 2001 Panel.
Advertisements

Deploying DNSSEC in Windows Server 2012 David Cates Platform Services Group Microsoft Corporation.
DNSSEC Workshop Planning BOF Internet2/ESNet Joint Techs College Station TX, Feb 2-4, 2009 Joe St Sauver, Ph.D. Manager, Internet2 Security Programs
High-Level Awareness of DNSSEC KENIC/NSRC Workshop, Nairobi, May 2011 Phil Regnauld Joe Abley
1 The State and Challenges of the DNSSEC Deployment Eric Osterweil Michael Ryan Dan Massey Lixia Zhang.
Olaf M. Kolkman. Apricot 2003, February 2003, Amsterdam. /disi Steps towards a secured DNS Olaf M. Kolkman, Henk Uijterwaal, Daniel.
Deploying Security for the Domain Name System Securing the Infrastructure Panel Allison Mankin, Amy Friedlander Shinkuro, Inc
1 DNSSEC at ESnet ESCC/Internet2 Joint Techs Workshop July 19, 2006 R. Kevin Oberman Network Engineer Lawrence Berkeley National Laboratory.
Security for the Internet’s Domain Name System DNSSEC Current State of Deployment Prepared for Internet2 BoF Amy Friedlander, Shinkuro, Inc. Based on a.
1 DNSSEC for the.edu Domain Becky Granger Director, Information Technology and Member Services EDUCAUSE April 29, 2010.
Olaf M. Kolkman. Domain Pulse, February 2005, Vienna. DNSSEC Basics, Risks and Benefits Olaf M. Kolkman
Introduction to DNSSEC AROC Bamako, Mali, What is DNSSEC?
© 2015 ISC November 2013 Sunset for the DLV?. © 2015 ISC Background (c) Interested
Olaf M. Kolkman. Apricot 2005, February 2005, Kyoto. DNSSEC An Update Olaf M. Kolkman
Root Zone KSK: The Road Ahead Edward Lewis | DNS-OARC & RIPE DNSWG | May 2015
Phil Regnauld Hervey Allen 15 June 2009 Papeete, French Polynesia DNSSEC Tutorial: Bibliography.
ISOC.NL SIP © 15 March 2007 Stichting NLnet Labs DNSSEC and ENUM Olaf M. Kolkman
1 ESnet DNSSEC Update ESCC/Internet2 Joint Techs Workshop February 14, 2007 R. Kevin Oberman Network Engineer Lawrence Berkeley National Laboratory.
DNSSEC Deployment Initiative: Roadmap Version 2.0 Suresh Krishnaswamy, SPARTA Steve Crocker, Shinkuro, Inc.
1 DNSSEC Deployment: Big Steps Forward; Several Steps to Go NANOG 32 Deployment D N S S E C Rob Austein Steve Crocker
DNSSEC-Deployment.org Secure Naming Infrastructure Pilot (SNIP) A.gov Community Pilot for DNSSEC Deployment JointTechs Workshop July 18, 2007 Scott Rose.
This is the DNSEXT Working Group (where the microphones are at Scandic hights) San Diego IETF60
1 Madison, Wisconsin 9 September14. 2 Security Overlays on Core Internet Protocols – DNSSEC and RPKI Mark Kosters ARIN Engineering.
Joint Techs, Albuquerque Feb © 8 Feb 2006 Stichting NLnet Labs DNS Risks, DNSSEC Olaf M. Kolkman and Allison Mankin
© 2015 ISC November 2013 Sunset for the DLV?. © 2015 ISC Background (c) Interested
1 Internet2 Joint Techs DNSSEC BOF July 19, DNSSEC BOF Larry J. Blunk, Merit Network Internet2 Joint Techs Workshop Madison, WI July 19, 2006.
DNS Security Extension 1. Implication of Kaminsky Attack Dramatically reduces the complexity and increases the effectiveness of DNS cache poisoning –No.
Internet2 DNSSEC Pilot Shumon Huque University of Pennsylvania ESCC/Internet2 Joint Techs Workshop Madison, Wisconsin, U.S.A., July 19 th 2006.
Root Zone KSK Maintenance Jaap Akkerhuis | ENOG -10 | October 2015.
Root Zone KSK: After 5 years Elise Gerich | APNIC 40 | September 2015.
DNSSec.TLD is signed! What next? V.Dolmatov November 2011.
An information sharing and analysis centre for the global DNS. DNS OARC.
Internet2 DNSSEC Pilot Shumon Huque University of Pennsylvania Sprint Internet2 Member Meeting Arlington, Virginia, U.S.A., Apr 23rd 2007.
Deploying DNSSEC. Pulling yourself up by your bootstraps João Damas ISC.
DNS Risks, DNSSEC Olaf M. Kolkman and Allison Mankin
KSK Rollover Update David Conrad, CTO ICANN 59 – ccNSO Members Meeting
Online Canon Printer Support & Customer Services
【New Draft】 France -Japan International Co-funding Joint call Schedule (revised version) APR. 11, 2017 Bpifrance / NEDO final meeting (week of 18/9) Announcement.
Agenda DNSSEC automation overview How to implement it in FRED
Lecture 20 DNS Sec Slides adapted from Olag Kampman
DNS Team IETF 99 Hackathon.
DNS Security.
KSK Rollover Update David Conrad, CTO ICANN 59 – GAC 29 June 2017.
State of DNSSEC deployment ISOC Advisory Council
Defining Namespaces Challenges with Internet Namespaces Jonne Soininen
Configuring and Troubleshooting DNS
Game Technology Standards Study Group
UK Electoral Modernisation Position
Internet2 DNSSEC Pilot Shumon Huque University of Pennsylvania
Paul Wilson RIPE 66 Dublin
DNSSEC Operations in .gov
CZ.NIC in a nutshell Domain, DNSSEC, Turris Project and others
DANE: The Future of Transport Layer Security (TLS)
DNSSEC Basics, Risks and Benefits
IETF Working Group CSCI 344 Spring 2016 Report <Your name>
TRA, UAE May 2017 DNSSEC Introduction TRA, UAE May 2017
IATI workplan implementation, Y4 ( )
DNSSEC: An Update on Global Activities
.edu DNSSEC Testbed Lessons Learned

What DNSSEC Provides Cryptographic signatures in the DNS
Casey Deccio Sandia National Laboratories
Geoff Huston APNIC Labs
Internet2 DNSSEC Pilot Shumon Huque University of Pennsylvania
DNSSEC & KSK Rollover Patrick Jones Middle East DNS Forum & APTLD 75
SC SC SC WS SC S HIS Background document Seminar document
DNSSEC Status Update in UA

MASS BOF IETF63, Paris 4 August 2005
Presentation transcript:

Internet2 DNSSEC Pilot Shumon Huque University of Pennsylvania ESCC/Internet2 Joint Techs Workshop Madison, Wisconsin, U.S.A., July 19th 2006 Title Slide

Description of the Pilot Goal: Deploy DNSSEC and gain operational experience Participants sign at least one of their zones Exchange keys (trust anchors) that will allow them to mutually validate DNS data Setup security-aware resolvers configured with the trust anchors

A little background .. Feb ‘06: DNSSEC Workshop held at Albuquerque Joint Techs Mar ‘06: dnssec@internet2 mailing list Apr ‘06: Internet2 Spring Member meeting Advisory group formed and plans for a pilot project formulated May ‘06: Pilot group began Bi-weekly conference calls and progress reports

Partner in DNSSEC Deployment Initiative Co-ordination Internet2 and Shinkuro Partner in DNSSEC Deployment Initiative http://www.dnssec-deployment.org/ Some funding from US government

DNSSEC Deployment Efforts so far MAGPI GigaPoP All zones: magpi.{net,org} & 15 reverse zones https://rosetta.upenn.edu/magpi/dnssec.html MERIT radb.net nanog.org NYSERNet - test zone nyserlab.org

Deployments in the pipeline .. University of Pennsylvania University of California - Berkeley University of California - Los Angeles University of Massachusetts - Amherst Internet2

Ongoing work & discussion To DLV or not? (and if so, which registry?) “DNSSEC Lookaside Validation” Deploy NSEC3 or not? Stub resolver security Key maintenance & rollover policies Secure delegations from parents .edu, .net, .org, .in-addr.arpa

More participants welcome! (participation not restricted to Internet2) Join mailing list Participate in con calls DNSSEC BoF @ lunchtime today

References Internet2 DNSSEC Pilot Mailing list: dnssec@internet2.edu http://www.dnssec-deployment.org/internet2/ http://rosetta.upenn.edu/magpi/dnssec.html Mailing list: dnssec@internet2.edu https://mail.internet2.edu/wws/info/dnssec Internet2 DNSSEC Workshop http://events.internet2.edu/2006/jt-albuquerque/sessionDetails.cfm?session=2491&event=243

References (2) DNSSEC(bis) technical specs: Related: RFC 4033, 4034, 4035 Related: Threat analysis of the DNS: RFC 3833 Operational practices draft-ietf-dnsop-dnssec-operational-practices-08 NSEC3: draft-ietf-dnsext-nsec3-05 DLV: draft-weiler-dnssec-dlv-01 ISC DLV registry: http://www.isc.org/index.pl?/ops/dlv/

Questions? Shumon Huque shuque -at- isc.upenn.edu

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.