DNS Alphabet Soup. IPv6 Increases packet size Both transport and question/answer sections Preference: goes first Fragmentation done by end points (ICMPv6!)

Slides:

Advertisements

Similar presentations

RIPE NCC DNS Update Anand Buddhdev. Anand Buddhdev, 15 May K-root Service stable with 17 instances – 5 global – 12 local (prefixes announced with.

Advertisements

DNSSEC in Windows Server. DNS Server changes Provide DNSSEC support in the DNS server – Changes should allow federal agencies to comply with SC-20 and.

IDN TLD Variants Implementation Guideline draft-yao-dnsop-idntld-implementation-01.txt Yao Jiankang.

Review iClickers. Ch 1: The Importance of DNS Security.

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.

Deploying DNSSEC in Windows Server 2012 David Cates Platform Services Group Microsoft Corporation.

What’s Next: DNSSEC & RPKI Mark Kosters. Why are DNSSEC and RPKI Important Two critical resources – DNS – Routing Hard to tell when it is compromised.

1 DNSSEC From a protocol bug to a security advantage Lutz Donnerhacke db089309: 1c1c 6311 ef09 d819 e029 65be bfb6 c9cb.

1.ORG DNSSEC Testbed Deployment Edmon Chung Creative Director Afilias Perth, AU 2 March, 2006.

DNS Security Extension (DNSSEC). Why DNSSEC? DNS is not secure –Applications depend on DNS ►Known vulnerabilities DNSSEC protects against data spoofing.

Controlling access with packet filters and firewalls.

1 LACNIC Update October

Domain Name System: DNS

Investigations into BIND Dynamic Update with OpenSSL by David Wilkinson.

DNS Security Extensions (DNSSEC) Ryan Dearing. Topics History What is DNS? DNS Stats Security DNSSEC DNSSEC Validation Deployment.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)

25.1 Chapter 25 Domain Name System Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Domain Name System Security Extensions (DNSSEC) Hackers 2.

Technical Area Report Bryon Ellacott, Technical Area Manager APNIC 28.

Measuring DANE TLSA Deployment Liang Zhu 1, Duane Wessels 2, Allison Mankin 2, John Heidemann 1 1. USC ISI 2. Verisign Labs 1.

Deploying DNSSEC in Windows Server 2012 Rob Kuehfus Program Manager Microsoft Corporation WSV325.

HalFILE 3.0 Active Directory Integration. halFILE 3.0 AD – What is it? Centralized organization of network objects and security – servers, computers,

Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.

Host Identity Protocol

1 Platform for Success of.aero Dot Aero Council Geneva March 23, 2006.

Issues in Internet Security. Securing the Internet How does the internet hold up security-wise? How does the internet hold up security-wise? Not well:

IIT Indore © Neminath Hubballi

Chapter 17 Domain Name System

© NLnet Labs, Licensed under a Creative Commons Attribution 3.0 Unported License.Creative Commons Attribution 3.0 Unported License Troubleshooting.

Tyre Kicking the DNS Testing Transport Considerations of Rolling Roots Geoff Huston APNIC.

TCP/IP Protocol Suite 1 Chapter 17 Upon completion you will be able to: Domain Name System: DNS Understand how the DNS is organized Know the domains in.

Simple Multihoming Experiment draft-huitema-multi6-experiment-00.txt Christian Huitema, Microsoft David Kessens, Nokia.

Rev Mats Dufberg TeliaSonera, Sweden Resolving DNSsec.

An overview of IP addressing history and policy issues Leo Vegoda Number Resources Manager, IANA.

Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014.

Kenya Network Information Centre (KENIC). Introduction KENIC is the registry for the.KE ccTLD. Local and non-profit organization Mandate is to Manage.

1 November 2006 in Dagstuhl, Germany

1 Kyung Hee University Chapter 18 Domain Name System.

FCC CSRIC III Working Group 5 DNSSEC Implementation Practices Steve Crocker CEO, Shinkuro, Inc. March 6, 2013 Working Group 5: DNSSEC.

U.S. General Services Administration Office of Governmentwide Policy GSA EXPO May 4, 2010 Lee Ellis U.S. General Services Administration Office of Governmentwide.

.LV today and tomorrow Katrīna Sataki, NIC.LV Riga, 19 April 2013.

1 DNSSEC Transforming a protocol bug into an admin tool Lutz Donnerhacke db089309: 1c1c 6311 ef09 d819 e029 65be bfb6 c9cb.

How to use DNS during the evolution of ICN? Zhiwei Yan.

1 LACNIC Update November 4th, Vienna, Austria Luisa Villa y Battenberg Customer Manager.

Presented by Rebecca Meinhold But How Does the Internet Work?

* Agenda  What is the DNS ?  Poisoning the cache  Short term solution  Long term solution.

IPv 邱文揚 Joseph 李家福 Frank. Introduction The scale of IPv4 Internet has become far larger than one could ever imagine when designing.

DNS Security 1. Fundamental Problems of Network Security Internet was designed without security in mind –Initial design focused more on how to make it.

Things to Think About Eliot Lear IETF 59. What the document ISN’T This is not a requirements document –We did one of those already – RFC 3582 Not an architectural.

An Analysis of Using Reflectors for Distributed Denial-of- Service Attacks Paper by Vern Paxson.

DNS and IP Scalability Communication Systems Design 2002.

Ch 6: DNSSEC and Beyond Updated DNSSEC Objectives of DNSSEC Data origin authentication – Assurance that the requested data came from the genuine.

EDNS0 - the need for speed Lawrence Conroy Roke Manor Research This draft has been produced by Lawrence Conroy

DNS64 draft-bagnulo-behave-dns64-01 m. bagnulo, P. Matthews, I. van Beijnum, A. Sullivan, M. Endo IETF 73 - Mineapolis.

Networking (Cont’d). Congestion Control l Is achieved by informing nodes along a route that congestion has occurred and asking them to reduce their packet.

Open DNS resolvers have to be closed ● Open resolvers respond to recursive queries from any host on the Internet ● Amplification DNS attack 2.

Monitoring, analyzing and cleaning DNS configuration errors across European NRENs Slavko Gajin University of Belgrade, Serbia

Precision Spine Inc. Mobile Device Setup. Android Devices.

ADDING AND SUBTRACTING MULTIPLYING AND DIVIDING REAL NUMBERS.

EDNS Client Subnet (ECS) in CDN solution

KSK Rollover Update David Conrad, CTO ICANN 59 – ccNSO Members Meeting

100% Exam Passing Guarantee & Money Back Assurance

DNS Privacy: Problem and solutions

Geoff Huston APNIC Labs September 2017

technical-service/ technical-service/

IPv6: Are we really ready to turn off IPv4?

PPPoE Internet Point to Point Protocol over Ethernet

DNSSEC & KSK Rollover Patrick Jones Middle East DNS Forum & APTLD 75

DNSSEC Status Update in UA

IPv6 Reliability Measurements

Presentation transcript:

DNS Alphabet Soup

IPv6 Increases packet size Both transport and question/answer sections Preference: goes first Fragmentation done by end points (ICMPv6!)

DNSSEC Created to add security to server answers Needs chain of trust (from root, now signed) Manual periodic updates by server operator (zone owner, and recursive as well) Significant increase in packet size

EDNS Added size of DNS packets TCP transport Fragmentation may be needed – caution Ipv6 Real servers need to support it (not your home router) Latency issue – especially for mobile operator

IDN домены.на.другом.языке Confusion by user and operator possible Variant IDNs coming – more confusion?

Conclusion Challenges: DNS in new ISP service If it works, your customers happy as before If not, they look elsewhere Technology keeps changing – be aware

Contacts Dmitry Kohmanyuk