OpenDNSSEC Deployment Tianyi Xing. Roadmap By mid-term – Establish a DNSSEC server within the mobicloud system (Hopfully be done by next week) Successfully.

Slides:

Advertisements

Similar presentations

Practical Considerations for DNSSEC Automation Joe Gersch OARC Presentation September 24, 2008.

Advertisements

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.

Deploying DNSSEC in Windows Server 2012 David Cates Platform Services Group Microsoft Corporation.

Secure Network Bootstrapping Infrastructure May 15, 2014.

An Open Source Google Apps Integration (Bboogle) Patricia Goldweic, Sr. Software Engineer, Northwestern University.

Managing Your Network Environment © 2004 Cisco Systems, Inc. All rights reserved. Managing Cisco IOS Devices INTRO v2.0—9-1.

11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.

System Center Configuration Manager Push Software By, Teresa Behm.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

Rational Unified Process Workflows. The Rational Unified Process.

Physical design. Stage 6 - Physical Design Retrieve the target physical environment Create physical data design Create function component implementation.

1 The State and Challenges of the DNSSEC Deployment Eric Osterweil Michael Ryan Dan Massey Lixia Zhang.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

Domain Name System Security Extensions (DNSSEC) Hackers 2.

Installing a New Windows Server 2008 Domain Controller in a New Windows Server 2008 R2.

PacNOG 6: Nadi, Fiji Installing Ubuntu Server 9.04 Hervey Allen Network Startup Resource Center.

Windows Server 2008 Chapter 8 Last Update

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

Deploying DNSSEC in Windows Server 2012 Rob Kuehfus Program Manager Microsoft Corporation WSV325.

Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.

FileSecure Implementation Training Patch Management Version 1.1.

DNS Workbench Update DNS-OARC Workshop Phoenix, Arizona, USA Sat Oct 5, Jelte Jansen, Antoin Verschuren.

Chapter 7 Installing and Using Windows XP Professional.

Identity Management and DNS Services Tianyi XING.

Identity Management and DNS Services Tianyi XING.

Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.

1 DNSSEC at ESnet ESCC/Internet2 Joint Techs Workshop July 19, 2006 R. Kevin Oberman Network Engineer Lawrence Berkeley National Laboratory.

Tutorial 11 Installing, Updating, and Configuring Software

Troubleshooting. Why Troubleshoot? What Can Go Wrong? –Misconfigured zone –Misconfigured server –Misconfigured host –Misconfigured network.

Copyright ®xSpring Pte Ltd, All rights reserved Versions DateVersionDescriptionAuthor May First version. Modified from Enterprise edition.NBL.

Dynamic and Secure DNS Tianyi Xing.  Establish a dynamic and secure DNS service in the mobicloud system.

What to do for a Financial year end And When to do it.

1 Chapter Overview Using the New Connection Wizard to configure network and Internet connections Using the New Connection Wizard to configure outbound.

Eurotrace Hands-On The Eurotrace File System. 2 The Eurotrace file system Under MS ACCESS EUROTRACE generates several different files when you create.

© Afilias Limitedwww.afilias.info SM Deploying DNSSEC Ram Mohan.

Krit Witwiyaruj Thai Name Server Co., Ltd.th DNSSEC Implementation.

Module 2: Configuring Disks and Device Drivers

QuikTrac 5.5, a validated Motorola Software Solution, allows you to take your Host ERP screens and extend them out to fixed or mobile devices including.

 Chapter 14 – Security Engineering 1 Chapter 12 Dependability and Security Specification 1.

Maintaining Network Health. Active Directory Certificate Services Public Key Infrastructure (PKI) Provides assurance that you are communicating with the.

Week #3 Objectives Partition Disks in Windows® 7 Manage Disk Volumes Maintain Disks in Windows 7 Install and Configure Device Drivers.

DNSSEC deployment in NZ Andy Linton

Troubleshooting Security Issues Lesson 6. Skills Matrix Technology SkillObjective Domain SkillDomain # Monitoring and Troubleshooting with Event Viewer.

Chapter 2 Securing Network Server and User Workstations.

1 Discussion of the new DNS generation system DNS Operations SIG APNIC 18 2nd September 2004, Fiji.

Garrett Drown Tianyi Xing Group #4 CSE548 – Advanced Computer Network Security.

11 CLUSTERING AND AVAILABILITY Chapter 11. Chapter 11: CLUSTERING AND AVAILABILITY2 OVERVIEW  Describe the clustering capabilities of Microsoft Windows.

Linux Operations and Administration

By Team Trojans -1 Arjun Ashok Priyank Mohan Balaji Thirunavukkarasu.

Unit 17: SDLC. Systems Development Life Cycle Five Major Phases Plus Documentation throughout Plus Evaluation…

Lesson 6: Controlling Access to Local Hardware and Applications

DNS Cache Poisoning (pretending to be the authoritative zone) ns.example.co m Webserver ( ) DNS Caching Server Client I want to access

DNSSEC Practices Statement Module 2 CaribNOG 3 12 June 2012, Port of Spain, Trinidad

Troubleshooting Workflow 8 Raymond Cruz, Software Support Engineer.

Maven. Introduction Using Maven (I) – Installing the Maven plugin for Eclipse – Creating a Maven Project – Building the Project Understanding the POM.

Online Data Storage Companies MY Docs Online. Comparison Name Personal Edition Enterprise Edition Transcription Edition Price $9.95 monthly rate $4.99.

Downloading and Installing GRASP-AF Workshop Ian Robson Information Analyst, North of England Cardiovascular Network.

Using Digital Signature with DNS. DNS structure Virtually every application uses the Domain Name System (DNS). DNS database maps: –Name to IP address.

PV204 Security technologies

KSK Rollover Update David Conrad, CTO ICANN 59 – ccNSO Members Meeting

DHCP server & Client Objectives Contents

THE STEPS TO MANAGE THE GRID

Unit 27: Network Operating Systems

DHCP, DNS, Client Connection, Assignment 1 1.3

Lesson #7 MCTS Cert Guide Microsoft Windows 7, Configuring Chapter 7 Configuring Devices and Updates.

Configuration Of A Pull Network.

Chapter 7 –Implementation Issues

PLANNING A SECURE BASELINE INSTALLATION

.uk DNSSEC Status update

Presentation transcript:

OpenDNSSEC Deployment Tianyi Xing

Roadmap By mid-term – Establish a DNSSEC server within the mobicloud system (Hopfully be done by next week) Successfully installed at configuration stage – Configure the network to make sure DNSSEC server serve the right purpose in the mobicloud system (within 3 days) By Final – Perfect its function Dynamically cooperate with the user ID and IP address Dynamically update the ip(ID) and domain pair – Documentation

OpenDNSSEC Working Flow OpenDNSSEC is a complete DNSSEC solution Completely automates the process of keeping track of keys and the signing of zones.

Components (contd.) HSM – the key storage component (Usually in Hardware) – Performs cryptographic operations – Private keys will never appear outside the HSM – It can perform 1-14,000 signature per second SoftHSM – SoftHSM is an implementation of a cryptographic store accessible through a PKCS#11 interface. – Uses Botan for its cryptographic operations and SQLite to store its key material.

Components (contd.) KASP – Decides when zones are resigned – Decides when keys are rolled – Decides which keys are used Signer Engine – Sort Rrsets – Sign RRSets – Keeps the RRSIGs up to day

Components Enforcer – Deal with key rollover and key generation – Conf.xml Signer – Construct signature records to include in to the zone file – Conf.xml

Components Auditor – Check a signed zone against the policy and the unsigned zone – Conf.xml

OpenDNSSEC installation Hardware – Dell Server Software – Xenserver – Ubuntu 10.10

Compile the OpenDNSSEC Dependency – libxml2-dev – libldns-dev Version must be later than Install the ldns – Needs OpenSSl 1.0 – sqLite3 – libsqlite3-dev – rubygems – dnsruby

Configuration Conf.xml – Overall configuration of the system Kasp.xml – Define the Policy of signing Zonelint.xml – List all the zones that you are going to sign Zonefetch.xml (optional) – Zone transfers

Conf.xml /etc/opendnssec/conf.xml Overall configuration of OpenDNSSEC – Logging facilities (syslog only so far) – System paths – Key repositories – Privileges – Database (all key and zone info is stored)

Kasp.xml /etc/opendnssec/kasp.xml Information included – security parameters used for signing zones – timing parameters used for signing zones

Zonelist.xml /etc/opendnssec/kasp.xml The zonelist.xml file is used when first setting up the system, but also used by the ods- signerd when signing zones Information – the zone’s DNS name – the policy from kasp.xml used to sign the zone – how to obtain the zone – how to publish the zone

Zonefetch.xml Configuration about signing zones received from transfer (AXFR). Information included – where to fetch zone data from – protection mechanisms to be used

SoftHSM installation Dependency – Botan later version – Don’t use yum, apt-get or any auto online installation. – Do download from here and install the botan

SoftHSM configuration Add the tokens to the slots: /etc/softhsm.conf – The token databases does not exist at this stage. The given paths are just an indication to SoftHSM on where it should store the information for each token. Each token are now treated as uninitialized. Initialize your tokens – Softhsm tool or PKCS#11 interface Link to this library and use the PKCS#11 interface

Error during Start ods-ksmutil setup ods-control start – enforcer start fail – Signer start fail

Next Step work Make the signer and enforcer successfully run Cooperate with the DHCP Server to automatically add the zone and sign the zone with specific policy and key.