Internet2 DNSSEC Pilot Shumon Huque University of Pennsylvania ESCC/Internet2 Joint Techs Workshop Madison, Wisconsin, U.S.A., July 19 th 2006.

Slides:



Advertisements
Similar presentations
DNSSEC in Windows Server. DNS Server changes Provide DNSSEC support in the DNS server – Changes should allow federal agencies to comply with SC-20 and.
Advertisements

APNIC Update AfriNIC 11 November Overview Services status Policy developments Priority activities Next meetings.
Whois Task Force GNSO Public Forum Wellington March 28, 2006.
International Telecommunication Union ENUM Issues and Solutions Houlin Zhao Director Telecommunication Standardization Bureau International Telecommunication.
State of DNS Security Extensions Edward Lewis February 26, 2001 APRICOT 2001 Panel.
Deploying DNSSEC in Windows Server 2012 David Cates Platform Services Group Microsoft Corporation.
DNSSEC Workshop Planning BOF Internet2/ESNet Joint Techs College Station TX, Feb 2-4, 2009 Joe St Sauver, Ph.D. Manager, Internet2 Security Programs
What’s Next: DNSSEC & RPKI Mark Kosters. Why are DNSSEC and RPKI Important Two critical resources – DNS – Routing Hard to tell when it is compromised.
DNS Security Extension (DNSSEC). Why DNSSEC? DNS is not secure –Applications depend on DNS ►Known vulnerabilities DNSSEC protects against data spoofing.
1 The State and Challenges of the DNSSEC Deployment Eric Osterweil Michael Ryan Dan Massey Lixia Zhang.
Technical Area Report Bryon Ellacott, Technical Area Manager APNIC 28.
DomainKeys Identified Mail (DKIM) D. Crocker ~ bbiw.net dkim.org  Consortium spec Derived from Yahoo DomainKeys and Cisco Identified Internet Mail  IETF.
Olaf M. Kolkman. Apricot 2003, February 2003, Amsterdam. /disi Steps towards a secured DNS Olaf M. Kolkman, Henk Uijterwaal, Daniel.
IANA Activities Update RIPE 68 Warsaw, Poland May 2014.
Data You Can Trust: The Key to Information Security Dr. Burt Kaliski, Jr. Senior Vice President and CTO, Verisign 25 th HP Information Security Colloquium.
Deploying Security for the Domain Name System Securing the Infrastructure Panel Allison Mankin, Amy Friedlander Shinkuro, Inc
1 DNSSEC at ESnet ESCC/Internet2 Joint Techs Workshop July 19, 2006 R. Kevin Oberman Network Engineer Lawrence Berkeley National Laboratory.
Security for the Internet’s Domain Name System DNSSEC Current State of Deployment Prepared for Internet2 BoF Amy Friedlander, Shinkuro, Inc. Based on a.
1 DNSSEC for the.edu Domain Becky Granger Director, Information Technology and Member Services EDUCAUSE April 29, 2010.
1 San Diego, California 25 February Securing Routing: RPKI Overview Mark Kosters Chief Technology Officer.
Olaf M. Kolkman. Domain Pulse, February 2005, Vienna. DNSSEC Basics, Risks and Benefits Olaf M. Kolkman
Update from ICANN staff on SSR Activities Greg Rattray Tuesday 21 st 2010.
© 2015 ISC November 2013 Sunset for the DLV?. © 2015 ISC Background (c) Interested
Update for AP* Retreat Save Vocea Manager Regional Relations – Australasia/Pacific Islands Kuala Lumpur, 28 Feb 2010.
Internet Corporation for Assigned Names & Numbers Update on ITAR Elise Gerich Vice President, IANA.
Olaf M. Kolkman. Apricot 2005, February 2005, Kyoto. DNSSEC An Update Olaf M. Kolkman
International Telecommunication Union ENUM Implementation Robert Shaw ITU Internet Strategy and Policy Advisor International Telecommunication Union ICANN.
Root Zone KSK: The Road Ahead Edward Lewis | DNS-OARC & RIPE DNSWG | May 2015
Phil Regnauld Hervey Allen 15 June 2009 Papeete, French Polynesia DNSSEC Tutorial: Bibliography.
ISOC.NL SIP © 15 March 2007 Stichting NLnet Labs DNSSEC and ENUM Olaf M. Kolkman
1 ESnet DNSSEC Update ESCC/Internet2 Joint Techs Workshop February 14, 2007 R. Kevin Oberman Network Engineer Lawrence Berkeley National Laboratory.
DNSSEC Deployment Initiative: Roadmap Version 2.0 Suresh Krishnaswamy, SPARTA Steve Crocker, Shinkuro, Inc.
DNSSEC deployment in NZ Andy Linton
CcTLD Best Practices & Considerations ccTLD workshop, Guyana 2007 John Crain and Jacob Malthouse Internet Corporation for Assigned Names and Numbers.
1 DNSSEC Deployment: Big Steps Forward; Several Steps to Go NANOG 32 Deployment D N S S E C Rob Austein Steve Crocker
DNSSEC-Deployment.org Secure Naming Infrastructure Pilot (SNIP) A.gov Community Pilot for DNSSEC Deployment JointTechs Workshop July 18, 2007 Scott Rose.
6bone address registry proposal Bob Fink ESnet 17 July 2002 Yokohama.
NSF Cybersecuity Summit May REN-ISAC Goal The goal of the REN-ISAC is to aid and promote cyber security protection and response within the higher.
1 Madison, Wisconsin 9 September14. 2 Security Overlays on Core Internet Protocols – DNSSEC and RPKI Mark Kosters ARIN Engineering.
Joint Techs, Albuquerque Feb © 8 Feb 2006 Stichting NLnet Labs DNS Risks, DNSSEC Olaf M. Kolkman and Allison Mankin
© 2015 ISC November 2013 Sunset for the DLV?. © 2015 ISC Background (c) Interested
Security in DNS(DNSSEC) Yalda Edalat Pramodh Pallapothu.
1 Internet2 Joint Techs DNSSEC BOF July 19, DNSSEC BOF Larry J. Blunk, Merit Network Internet2 Joint Techs Workshop Madison, WI July 19, 2006.
OARC TAR Panel. La Brea Tar Pit What was originally intended to expedite the roll-out of DNSSEC seems to be bogging it down instead People who read press.
DNS Security Extension 1. Implication of Kaminsky Attack Dramatically reduces the complexity and increases the effectiveness of DNS cache poisoning –No.
By Team Trojans -1 Arjun Ashok Priyank Mohan Balaji Thirunavukkarasu.
Twinning Meeting 26 th Oct Present collaborations Technical operation of Angola and Cape Verde DNS ccTLD. Building capacity for future local registry.
Root Zone KSK Maintenance Jaap Akkerhuis | ENOG -10 | October 2015.
Federated Wireless Network Authentication Kevin Miller Duke University Internet2 Joint Techs Salt Lake City February, 2005.
Developing a DNSSEC Policy The Compulsory Zone Distribution Which DNSSEC Protocol Keys – and Managing them Managing the Children Using DNSSEC Mark Elkins.
Root Zone KSK: After 5 years Elise Gerich | APNIC 40 | September 2015.
APNIC DNSSEC deployment considerations APNIC 23, Bali George Michaelson R&D Officer APNIC.
DNSSEC in.edu Matt Larson Vice President, DNS Research.
Internet Governance: A View From the RIPE NCC Paul Rendek Director External Relations, RIPE NCC Ukrainian Internet Governance Forum 2-3 September 2011.
Internet2 DNSSEC Pilot Shumon Huque University of Pennsylvania Sprint Internet2 Member Meeting Arlington, Virginia, U.S.A., Apr 23rd 2007.
Deploying DNSSEC. Pulling yourself up by your bootstraps João Damas ISC.
DNS Risks, DNSSEC Olaf M. Kolkman and Allison Mankin
KSK Rollover Update David Conrad, CTO ICANN 59 – ccNSO Members Meeting
Online Canon Printer Support & Customer Services
State of DNSSEC deployment ISOC Advisory Council
Internet2 DNSSEC Pilot Shumon Huque University of Pennsylvania
Paul Wilson RIPE 66 Dublin
CZ.NIC in a nutshell Domain, DNSSEC, Turris Project and others
DNSSEC: An Update on Global Activities
.edu DNSSEC Testbed Lessons Learned
Internet2 DNSSEC Pilot Shumon Huque University of Pennsylvania
Internet2 DNSSEC Pilot Shumon Huque University of Pennsylvania
DNSSEC & KSK Rollover Patrick Jones Middle East DNS Forum & APTLD 75
DNSSEC Status Update in UA
Presentation transcript:

Internet2 DNSSEC Pilot Shumon Huque University of Pennsylvania ESCC/Internet2 Joint Techs Workshop Madison, Wisconsin, U.S.A., July 19 th 2006

Shumon Huque2 Description of the Pilot Goal: Deploy DNSSEC and gain operational experience Participants sign at least one of their zones Exchange keys (trust anchors) that will allow them to mutually validate DNS data Setup security-aware resolvers configured with the trust anchors

Shumon Huque3 A little background.. Feb ‘06: DNSSEC Workshop held at Albuquerque Joint Techs Mar ‘06: mailing list Apr ‘06: Internet2 Spring Member meeting Advisory group formed and plans for a pilot project formulated May ‘06: Pilot group began Bi-weekly conference calls and progress reports

Shumon Huque4 Co-ordination Internet2 and Shinkuro Partner in DNSSEC Deployment Initiative Some funding from US government

Shumon Huque5 DNSSEC Deployment Efforts so far MAGPI GigaPoP All zones: magpi.{net,org} & 15 reverse zones MERIT radb.net nanog.org NYSERNet - test zone nyserlab.org

Shumon Huque6 Deployments in the pipeline.. University of Pennsylvania University of California - Berkeley University of California - Los Angeles University of Massachusetts - Amherst Internet2

Shumon Huque7 Ongoing work & discussion To DLV or not? (and if so, which registry?) “DNSSEC Lookaside Validation” Deploy NSEC3 or not? Stub resolver support options Key maintenance & rollover policies Better protection of long term keys Secure delegations from parents.edu,.net,.org,.in-addr.arpa

Shumon Huque8 More participants welcome! (participation not restricted to Internet2) Join mailing list Participate in con calls DNSSEC lunchtime today

Shumon Huque9 References Internet2 DNSSEC Pilot Mailing list: Internet2 DNSSEC Workshop albuquerque/sessionDetails.cfm?session=2491&ev ent=243

Shumon Huque10 References (2) DNSSEC(bis) technical specs: RFC 4033, 4034, 4035 Related: Threat analysis of the DNS: RFC 3833 Operational practices draft-ietf-dnsop-dnssec-operational-practices-08 NSEC3: draft-ietf-dnsext-nsec3-05 DLV: draft-weiler-dnssec-dlv-01 ISC DLV registry:

Shumon Huque11 Questions? Shumon Huque shuque -at- isc.upenn.edu

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.