1 Root Name Service Stability Lars-Johan Liman, M.Sc. Senior Systems Specialist Autonomica AB (i.root-servers.net)

Slides:



Advertisements
Similar presentations
Olaf M. Kolkman. APNIC, 6 February 2014, Bangkok. DNSSEC and in-addr an update Olaf M. Kolkman
Advertisements

The Domain Name System Continuity of Operations Apricot 2008 Taipei TAIWAN 28feb2008.
European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies Scalability.
Review iClickers. Ch 1: The Importance of DNS Security.
L-Root: Expanding Distribution in Africa. 2 One of 13 root name servers containing Internet Protocol addresses Operated by ICANN using anycast technology.
State of DNS Security Extensions Edward Lewis February 26, 2001 APRICOT 2001 Panel.

Lecture 1: Overview modified from slides of Lawrie Brown.
P2P Network is good or bad? Sang-Hyun Park. P2P Network is good or bad? - Definition of P2P - History of P2P - Economic Impact - Benefits of P2P - Legal.
What is an Information System? Input of DataResourcesProcessing Data Data Control of System Performance Storage of Data Resources Output of InformationProducts.
John Kristoff DePaul Security Forum Network Defenses to Denial of Service Attacks John Kristoff
SESSION 9 THE INTERNET AND THE NEW INFORMATION NEW INFORMATIONTECHNOLOGYINFRASTRUCTURE.
Foundations of Network and Computer Security J J ohn Black Lecture #35 Dec 9 th 2009 CSCI 6268/TLEN 5550, Fall 2009.
Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.
Domain Name System Security Extensions (DNSSEC) Hackers 2.
CSE 461 Section (Week 0x02). Port numbers for applications MAC addresses for hardware IP addresses for a way to send data in a smart, routable way.
Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.
Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.
SSH Secure Login Connections over the Internet
CLOUD COMPUTING & COST MANAGEMENT S. Gurubalasubramaniyan, MSc IT, MTech Presented by.
1 DNSSEC at ESnet ESCC/Internet2 Joint Techs Workshop July 19, 2006 R. Kevin Oberman Network Engineer Lawrence Berkeley National Laboratory.
VoIP security : Not an Afterthought. OVERVIEW What is VoIP? Difference between PSTN and VoIP. Why VoIP? VoIP Security threats Security concerns Design.
CSC 386 – Computer Security Scott Heggen. Agenda Security Management.
By Chris Racki. Outline  Introduction  How DNS works  A typical DNS lookup  Caching for later  Vulnerabilities of DNS  Anatomy of a cache poisoning.
By: Alex Feldman.  A mobile station is connected to the network wirelessly through another device.  In case of WiFi (IEEE ) this would be an access.
© 1998 Irwin/McGraw-Hill 2- 1 Chapter 2: Fundamentals of Information Systems IRWIN © 1998 Irwin/McGraw-Hill James A. O'Brien Fourth Edition Management.
This courseware is copyrighted © 2015 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
Security and Stability of Root Name Server System Jun Murai (From the panel on Nov. 13 th by Paul Vixie, Mark Kosters, Lars-Johan Liman and Jun Murai)
How to Design Open Platform Video Management Software (VMS)
Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.
DNS Security Pacific IT Pros Nov. 5, Topics DoS Attacks on DNS Servers DoS Attacks by DNS Servers Poisoning DNS Records Monitoring DNS Traffic Leakage.
Telö09 from an Internet Perspective Lars-Johan Liman, M.Sc. Senior Systems Specialist Netnod Internet Exchange Internetdagarna
Anycast DNS. WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Outline Current Anycast routing Anycast implemented Problems resolved.
Kenya Network Information Centre (KENIC). Introduction KENIC is the registry for the.KE ccTLD. Local and non-profit organization Mandate is to Manage.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
1 DNSSEC Deployment: Big Steps Forward; Several Steps to Go NANOG 32 Deployment D N S S E C Rob Austein Steve Crocker
.LV today and tomorrow Katrīna Sataki, NIC.LV Riga, 19 April 2013.
1 DNSSEC Transforming a protocol bug into an admin tool Lutz Donnerhacke db089309: 1c1c 6311 ef09 d819 e029 65be bfb6 c9cb.
DNS Hijack Demonstration (Diverting User Application via DNS) Giovanni Marzot, Ólafur Guðmundsson,
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
Security in DNS(DNSSEC) Yalda Edalat Pramodh Pallapothu.
Features Governmental organization Critically important ICT objects Distributed infrastructure Three levels of confidentiality Dozens of subsidiary organizations.
Internet2 AdvCollab Apps 1 Access Grid Vision To create virtual spaces where distributed people can work together. Challenges:
Globally Distributed Content Delivery Presenter: Baoning Wu 03/25/2003.
DNS Security 1. Fundamental Problems of Network Security Internet was designed without security in mind –Initial design focused more on how to make it.
Microsoft and Symantec
Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.
By Team Trojans -1 Arjun Ashok Priyank Mohan Balaji Thirunavukkarasu.
Strategic Agenda We want to be connected to the internet……… We may even want to host our own web site……… We must have a secure network! What are the.
Distributed Systems Ryan Chris Van Kevin. Kinds of Systems Distributed Operating System –Offers Transparent View of Network –Controls multiprocessors.
Internet infrastructure 1. Infrastructure Security r User expectations  Reliable service  Reliable endpoints – although we know of spoofing and phishing.
Kentico Learning Management System The Academy.
Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.
Using Digital Signature with DNS. DNS structure Virtually every application uses the Domain Name System (DNS). DNS database maps: –Name to IP address.
1 Distributed DNS best practices to build redundant, reliable & scalable DNS architecture By Ladislav Vobr SE/SOP/I&eS Etisalat, UAE.
CS457 Introduction to Information Security Systems
Fundamentals of Information Systems, Sixth Edition
Chapter 1 Foundations of Information Systems in Business.
Zueyong Zhu† and J. William Atwood‡
Next Generation Network Security using Software-Defined Networking
University of Technology
IS4680 Security Auditing for Compliance
Lecture 1: Foundation of Network Security
INFORMATION SYSTEMS SECURITY and CONTROL
ECT 589: E-Commerce Management
NET 536 Network Security Lecture 8: DNS Security
CLIENT/SERVER COMPUTING ENVIRONMENT
NET 536 Network Security Lecture 6: DNS Security
ROOTS 1+2 Advocacy toolkit
Cloud Computing for Wireless Networks
Presentation transcript:

1 Root Name Service Stability Lars-Johan Liman, M.Sc. Senior Systems Specialist Autonomica AB (i.root-servers.net)

2 Disclaimer Root server organizations operate indivitually. I can only speak authoritatively for i.root-servers.net operated by Autonomica AB based in Stockholm, Sweden.

3 Stability Factors Server and network operations. –Software and hardware diversity –Location and networking diversity –Diversity in operational models –Organizational diversity –Monitoring –Operational experience Data integrity. –Authenticated data transfers. –Monitoring

4 ISP AS root

5 ISP AS root

6 ISP AS root

7 ISP AS root

8 Unicast: Root NS

9 Anycast: Inter- net Root

10 Strategic Challenges Fundaments –Content governance.  STABILITY IS CRUCIAL! –Technology. Internet Standard compliance –Finance. Scaling –Growing in line with the demand... –... from end users. –... from (top level) domain name holders. –... from the root content authority.

11 Some Direct Threats Distributed Denial of Service Attacks? –Anycast "Packet of Death"? –Software and platform diversity –VERY close relationship with software developers Social Engineering? –Organizational diversity –Very good collaboration btw. root ops

12 Some Direct Threats Bad data? –Need unquestionable authority for data! –Strong editing procedures are essential –Signed data transfers False root servers? –TSIG doesn't scale –SIG(0) might work, but not widespread, cumbersome –Legal prosecution? Slow! –Waiting for DNSSEC (helps authenticating data, not servers, but mitigates problem)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.