The Domain Name System Continuity of Operations Apricot 2008 Taipei TAIWAN 28feb2008.

Slides:

Advertisements

Similar presentations

Technical Services Develop Integrate Operate APNIC technical infrastructure.

Advertisements

The ICANN Experiment CainetCainet Andrew McLaughlin.

ICANN Plan for Enhancing Internet Security, Stability and Resiliency.

May 2 nd, 2001, page n° 1 The Invisible Network. May 2 nd, 2001, page n° 2 List of contents Introduction The invisible network: an example Some trends.

Review iClickers. Ch 1: The Importance of DNS Security.

L-Root: Expanding Distribution in Africa. 2 One of 13 root name servers containing Internet Protocol addresses Operated by ICANN using anycast technology.

State of DNS Security Extensions Edward Lewis February 26, 2001 APRICOT 2001 Panel.

4/27/2015Slide 1 Rethinking the design of the Internet: The end to end arguments vs. the brave new world Marjory S. Blumenthal Computer Science and Telecomms.

Akamai DNS Offerings RSA © Conference ©2013 AKAMAI | FASTER FORWARD TM Akamai DNS Solutions Enhanced DNS (eDNS) Scalable, outsourced, DNS solution.

HUIT dns/dhcp redesign and roadmap Improved dns, right size IB, modern design, linux fallback.

Net Neutrality By Guilherme Martins. Brief Definition of what is Net Neutrality? Network neutrality is best defined as a network design principle. – Think.

DNSSEC & Validation Tiger Team DHS Federal Network Security (FNS) & Information Security and Identity Management Committee (ISIMC) Earl Crane Department.

Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

© Afilias Limitedwww.afilias.info SM Challenges of Deploying DNSSEC: Prepare your ccTLD with Secondary DNS services LACNIC Meeting May 2010 Presented by:

1 The State and Challenges of the DNSSEC Deployment Eric Osterweil Michael Ryan Dan Massey Lixia Zhang.

DNS Security Extensions (DNSSEC) Ryan Dearing. Topics History What is DNS? DNS Stats Security DNSSEC DNSSEC Validation Deployment.

1 System support & Management Protocols Lesson 13 NETS2150/2850 School of Information Technologies.

Domain Name System Security Extensions (DNSSEC) Hackers 2.

Be Smart, Use PwrSmart What Is The Cloud?. Where Did The Cloud Come From? We get the term “Cloud” from the early days of the internet where we drew a.

New.net and Multilingual Names Andrew Duff Director of Mktg and Policy, New.net December 2001.

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

ICANN Mission, Structure and Constituencies Capacity Building Program Dakar, October 2011 Anne-Rachel Inné.

Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.

Configuration Management Supplement 67 Robert Horn, Agfa Healthcare.

ICANN and the Internet Ecosystem. 2  A network of interactions among organisms, and between organisms and their environment.  The Internet is an ecosystem.

Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.

BZUPAGES.COM An Introduction to. BZUPAGES.COM Introduction Large corporations today face the following problems Finding a certain file. Seeing everything.

1 DNSSEC at ESnet ESCC/Internet2 Joint Techs Workshop July 19, 2006 R. Kevin Oberman Network Engineer Lawrence Berkeley National Laboratory.

Business Data Communications, Stallings 1 Chapter 1: Introduction William Stallings Business Data Communications 6 th Edition.

Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.

1 Computer Communication & Networks Lecture 26 Application Layer: Domain Name System Waleed Ejaz.

Project Title : CyberGIS Project Members : M.S.R Perera D.S Kulasuriya W.M.D Jeewantha Project Title : CyberGIS Project Members : M.S.R Perera D.S Kulasuriya.

ICANN Mission, Structure and Constituencies Capacity Building Program June

Module 2 Designing Microsoft® Exchange Server 2010 Integration with the Current Infrastructure.

Is the Internet ready for multimedia? (in production networks) Ed Perry, HP Labs MMNS 2002.

APRICOT 2015 Security Day Cooperation between Security Teams and Network Operators: Actionable Intelligence on ShellShock Arnold S. Yoon Information Security.

Electronic Records Management: A Checklist for Success Jesse Wilkins April 15, 2009.

Root Server Attacks on 6 Feb 2007 A perspective from the L Root Server Steve Conte - ICANN / L Root

XMPP Concrete Implementation Updates: 1. Why XMPP 2 »XMPP protocol provides capabilities that allows realization of the NHIN Direct. Simple – Built on.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

International Telecommunication Union ENUM Implementation Robert Shaw ITU Internet Strategy and Policy Advisor International Telecommunication Union ICANN.

The roots of innovation Future and Emerging Technologies (FET) Future and Emerging Technologies (FET) The roots of innovation Proactive initiative on:

1 DNSSEC Transforming a protocol bug into an admin tool Lutz Donnerhacke db089309: 1c1c 6311 ef09 d819 e029 65be bfb6 c9cb.

Oracle's Distributed Database Bora Yasa. Definition A Distributed Database is a set of databases stored on multiple computers at different locations and.

Networks – Past, Present, and Future Cisco Systems and Department of Management Services Division of Telecommunications.

How to use DNS during the evolution of ICN? Zhiwei Yan.

ECE450 - Software Engineering II1 ECE450 – Software Engineering II Today: Introduction to Software Architecture.

Zone State Revocation (ZSR) for DNSSEC Eric Osterweil (UCLA) Vasileios Pappas (IBM Research) Dan Massey (Colorado State Univ.) Lixia Zhang (UCLA)

Standardisation and regulation on information security Margus Püüa Head of Department Department of State Information Systems Ministry of Economic Affairs.

Application Architecture Internet Architecture David D. Clark MIT CSAIL September 2005.

 2007, Verizon. All rights reserved. Advanced Emergency Network Capabilities & Communications Solutions Presentation to The Joint Advisory Committee on.

Concerns with Network Research Funding S.Floyd & R. Atkinson, Editors Internet Architecture Board draft-iab-research-funding-02.txt.

Paul Graham Software Architect, EPCC PCP – The P robes C oordination P rotocol A secure, robust framework.

Web Browsing *TAKE NOTES*. Millions of people browse the Web every day for research, shopping, job duties and entertainment. Installing a web browser.

Mark Kosters Engineering Status Report. Engineering Theme 2011 success was aided by contractors Lots of work yet to do (but a great deal now done) An.

By Team Trojans -1 Arjun Ashok Priyank Mohan Balaji Thirunavukkarasu.

ITU ccTLD Workshop March 3, 2003 A Survey of ccTLD DNS Vulnerabilities.

APNIC DNSSEC deployment considerations APNIC 23, Bali George Michaelson R&D Officer APNIC.

{ Domain Name System DNS & IP Address Protocols within the Internet Ecosystem. - Amanda Sparling, EMAC 6300.

Lecture 18 Page 1 CS 236 Online Prolog to Lecture 18 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

MED-V - Managing virtual PCs for IT Pros

DNS Security Advanced Network Security Peter Reiher August, 2014

Defining Namespaces Challenges with Internet Namespaces Jonne Soininen

XACML and the Cloud.

Design Decisions / Lessons Learned

Business Contingency Planning

Continuous Quality Improvement (CQI) Start-of-Year Check In L. A

PLANNING A SECURE BASELINE INSTALLATION

DNS Security The Domain Name Service (DNS) translates human-readable names to IP addresses E.g., thesiger.cs.ucla.edu translates to DNS.

Presentation transcript:

The Domain Name System Continuity of Operations Apricot 2008 Taipei TAIWAN 28feb2008

Name Service Evolution Bill Manning B Operations

DNS Questions: Does it work? Is it better than the alternatives? Who runs it? Who cares? Huge changes in software, capabilities, and underlying network technologies e.g. the Cambrian Era

DNS: Defacto naming abstraction tool Rate of Innovative Change dropped Capacity augmentation was key User base changed Required changes required much more coordination and planning Planning for significant changes, some steps were taken

2001 -Stepping up to New Tasks Expanding system under given restraints. New DNS protocol requirements –IPv6 –DNSSEC New operational challenges: –More servers – anycast! –Complexity of large installations. –Various types of attacks.

DNS Roots Today? Root Servers at 140+ sites –... and counting Cryptographically signed data transfers Tight engineering cooperation –Regular meetings 3 times/year –Technical coordination Relationship with ICANN –Root Server System Advisory Committee Change control prevents rapid response

Attacks Yes, they do happen THEY DON'T BREAK THE INTERNET! –DNS is a very, very robust protocol! –Clients cache data, including lists of TLD servers Anycast gives decent protection Very close cooperation with software vendors, Internet service providers, law enforcement, and computer emergency response teams Successful Attacks can still be launched –We lack a good Continuity of Operations Plan

The Future? Still wider spread –Many corners of the world still under provisioned. –This is ongoing. IPv6 DNSSEC Traffic analysis –Preventive measures OR

Have the assumptions Changed? Mobility instead of Anchored Verifiable, Accurate data with Integrity Wisdom of a single namespace Implementation Choices reflect the 1980s design constraints Can new systems leverage off the existing system Do all addressable devices need a name

More thoughts for the future Synthetic devices may need names Other bindings may be useful, e.g. Name to Key or Key to Address Minimize Single points of failure –DDOS –Third Party Caches –Simple Delegation Hierarchy

Thank You