Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internet2 DNSSEC Pilot Shumon Huque University of Pennsylvania

Published bySuzanna Simon Modified over 6 years ago

Similar presentations

Presentation on theme: "Internet2 DNSSEC Pilot Shumon Huque University of Pennsylvania"— Presentation transcript:

1 Internet2 DNSSEC Pilot Shumon Huque University of Pennsylvania
ESCC/Internet2 Joint Techs Workshop Madison, Wisconsin, U.S.A., July 19th 2006 Title Slide

2 Description of the Pilot
Goal: Deploy DNSSEC and gain operational experience Participants sign at least one of their zones Exchange keys (trust anchors) that will allow them to mutually validate DNS data Setup security-aware resolvers configured with the trust anchors

3 A little background .. Feb ‘06: DNSSEC Workshop held at Albuquerque Joint Techs Mar ‘06: mailing list Apr ‘06: Internet2 Spring Member meeting Advisory group formed and plans for a pilot project formulated May ‘06: Pilot group began Bi-weekly conference calls and progress reports

4 Partner in DNSSEC Deployment Initiative
Co-ordination Internet2 and Shinkuro Partner in DNSSEC Deployment Initiative Some funding from US government

5 DNSSEC Deployment Efforts so far
MAGPI GigaPoP All zones: magpi.{net,org} & 15 reverse zones MERIT radb.net nanog.org NYSERNet - test zone nyserlab.org

6 Deployments in the pipeline ..
University of Pennsylvania University of California - Berkeley University of California - Los Angeles University of Massachusetts - Amherst Internet2

7 Ongoing work & discussion
To DLV or not? (and if so, which registry?) “DNSSEC Lookaside Validation” Deploy NSEC3 or not? Stub resolver security Key maintenance & rollover policies Secure delegations from parents .edu, .net, .org, .in-addr.arpa

8 More participants welcome!
(participation not restricted to Internet2) Join mailing list Participate in con calls DNSSEC lunchtime today

9 References Internet2 DNSSEC Pilot Mailing list: dnssec@internet2.edu
Mailing list: Internet2 DNSSEC Workshop

10 References (2) DNSSEC(bis) technical specs: Related:
RFC 4033, 4034, 4035 Related: Threat analysis of the DNS: RFC 3833 Operational practices draft-ietf-dnsop-dnssec-operational-practices-08 NSEC3: draft-ietf-dnsext-nsec3-05 DLV: draft-weiler-dnssec-dlv-01 ISC DLV registry:

11 Questions? Shumon Huque shuque -at- isc.upenn.edu

Download ppt "Internet2 DNSSEC Pilot Shumon Huque University of Pennsylvania"

Similar presentations

State of DNS Security Extensions Edward Lewis February 26, 2001 APRICOT 2001 Panel.

State of DNS Security Extensions Edward Lewis February 26, 2001 APRICOT 2001 Panel.
Deploying DNSSEC in Windows Server 2012 David Cates Platform Services Group Microsoft Corporation.

Deploying DNSSEC in Windows Server 2012 David Cates Platform Services Group Microsoft Corporation.
DNSSEC Workshop Planning BOF Internet2/ESNet Joint Techs College Station TX, Feb 2-4, 2009 Joe St Sauver, Ph.D. Manager, Internet2 Security Programs

DNSSEC Workshop Planning BOF Internet2/ESNet Joint Techs College Station TX, Feb 2-4, 2009 Joe St Sauver, Ph.D. Manager, Internet2 Security Programs
High-Level Awareness of DNSSEC KENIC/NSRC Workshop, Nairobi, May 2011 Phil Regnauld Joe Abley

High-Level Awareness of DNSSEC KENIC/NSRC Workshop, Nairobi, May 2011 Phil Regnauld Joe Abley
1 The State and Challenges of the DNSSEC Deployment Eric Osterweil Michael Ryan Dan Massey Lixia Zhang.

1 The State and Challenges of the DNSSEC Deployment Eric Osterweil Michael Ryan Dan Massey Lixia Zhang.
Olaf M. Kolkman. Apricot 2003, February 2003, Amsterdam. /disi Steps towards a secured DNS Olaf M. Kolkman, Henk Uijterwaal, Daniel.

Olaf M. Kolkman. Apricot 2003, February 2003, Amsterdam. /disi Steps towards a secured DNS Olaf M. Kolkman, Henk Uijterwaal, Daniel.
Deploying Security for the Domain Name System Securing the Infrastructure Panel Allison Mankin, Amy Friedlander Shinkuro, Inc

Deploying Security for the Domain Name System Securing the Infrastructure Panel Allison Mankin, Amy Friedlander Shinkuro, Inc
1 DNSSEC at ESnet ESCC/Internet2 Joint Techs Workshop July 19, 2006 R. Kevin Oberman Network Engineer Lawrence Berkeley National Laboratory.

1 DNSSEC at ESnet ESCC/Internet2 Joint Techs Workshop July 19, 2006 R. Kevin Oberman Network Engineer Lawrence Berkeley National Laboratory.
Security for the Internet’s Domain Name System DNSSEC Current State of Deployment Prepared for Internet2 BoF Amy Friedlander, Shinkuro, Inc. Based on a.

Security for the Internet’s Domain Name System DNSSEC Current State of Deployment Prepared for Internet2 BoF Amy Friedlander, Shinkuro, Inc. Based on a.
1 DNSSEC for the.edu Domain Becky Granger Director, Information Technology and Member Services EDUCAUSE April 29, 2010.

1 DNSSEC for the.edu Domain Becky Granger Director, Information Technology and Member Services EDUCAUSE April 29, 2010.
Olaf M. Kolkman. Domain Pulse, February 2005, Vienna. DNSSEC Basics, Risks and Benefits Olaf M. Kolkman

Olaf M. Kolkman. Domain Pulse, February 2005, Vienna. DNSSEC Basics, Risks and Benefits Olaf M. Kolkman
Introduction to DNSSEC AROC Bamako, Mali, 2010. What is DNSSEC?

Introduction to DNSSEC AROC Bamako, Mali, What is DNSSEC?
© 2015 ISC November 2013 Sunset for the DLV?. © 2015 ISC Background (c) Interested

© 2015 ISC November 2013 Sunset for the DLV?. © 2015 ISC Background (c) Interested
Olaf M. Kolkman. Apricot 2005, February 2005, Kyoto. DNSSEC An Update Olaf M. Kolkman

Olaf M. Kolkman. Apricot 2005, February 2005, Kyoto. DNSSEC An Update Olaf M. Kolkman
Root Zone KSK: The Road Ahead Edward Lewis | DNS-OARC & RIPE DNSWG | May 2015

Root Zone KSK: The Road Ahead Edward Lewis | DNS-OARC & RIPE DNSWG | May 2015
Phil Regnauld Hervey Allen 15 June 2009 Papeete, French Polynesia DNSSEC Tutorial: Bibliography.

Phil Regnauld Hervey Allen 15 June 2009 Papeete, French Polynesia DNSSEC Tutorial: Bibliography.
ISOC.NL SIP © 15 March 2007 Stichting NLnet Labs DNSSEC and ENUM Olaf M. Kolkman

ISOC.NL SIP © 15 March 2007 Stichting NLnet Labs DNSSEC and ENUM Olaf M. Kolkman
1 ESnet DNSSEC Update ESCC/Internet2 Joint Techs Workshop February 14, 2007 R. Kevin Oberman Network Engineer Lawrence Berkeley National Laboratory.

1 ESnet DNSSEC Update ESCC/Internet2 Joint Techs Workshop February 14, 2007 R. Kevin Oberman Network Engineer Lawrence Berkeley National Laboratory.
DNSSEC Deployment Initiative: Roadmap Version 2.0 Suresh Krishnaswamy, SPARTA Steve Crocker, Shinkuro, Inc.

DNSSEC Deployment Initiative: Roadmap Version 2.0 Suresh Krishnaswamy, SPARTA Steve Crocker, Shinkuro, Inc.
1 DNSSEC Deployment: Big Steps Forward; Several Steps to Go NANOG 32 Deployment D N S S E C Rob Austein Steve Crocker

1 DNSSEC Deployment: Big Steps Forward; Several Steps to Go NANOG 32 Deployment D N S S E C Rob Austein Steve Crocker

Similar presentations

Ads by Google