Enviar pesquisa
Carregar
DNSSec: Internet achter de schermen
•
0 gostou
•
984 visualizações
Devnology
Seguir
Presentation about DNSSec for Devnology meetup august 2010 by nlnet labs
Leia menos
Leia mais
Tecnologia
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 64
Baixar agora
Baixar para ler offline
Recomendados
Tutorial 1
Tutorial 1
VIKAS_1705212
ION Durban - DNSSEC, and Why We Can't Avoid It
ION Durban - DNSSEC, and Why We Can't Avoid It
Deploy360 Programme (Internet Society)
Code inspecties
Code inspecties
Devnology
What do we really know about the differences between static and dynamic types?
What do we really know about the differences between static and dynamic types?
Devnology
DNS Measurement Activity on ITB 2010
DNS Measurement Activity on ITB 2010
Affan Basalamah
ION Santiago: What's Happening at the IETF? Internet Standards and How to Get...
ION Santiago: What's Happening at the IETF? Internet Standards and How to Get...
Deploy360 Programme (Internet Society)
ROTLD DNSSEC Implementation
ROTLD DNSSEC Implementation
Kevin Meynell
ROTLD DNSSEC Implementation
ROTLD DNSSEC Implementation
Deploy360 Programme (Internet Society)
Recomendados
Tutorial 1
Tutorial 1
VIKAS_1705212
ION Durban - DNSSEC, and Why We Can't Avoid It
ION Durban - DNSSEC, and Why We Can't Avoid It
Deploy360 Programme (Internet Society)
Code inspecties
Code inspecties
Devnology
What do we really know about the differences between static and dynamic types?
What do we really know about the differences between static and dynamic types?
Devnology
DNS Measurement Activity on ITB 2010
DNS Measurement Activity on ITB 2010
Affan Basalamah
ION Santiago: What's Happening at the IETF? Internet Standards and How to Get...
ION Santiago: What's Happening at the IETF? Internet Standards and How to Get...
Deploy360 Programme (Internet Society)
ROTLD DNSSEC Implementation
ROTLD DNSSEC Implementation
Kevin Meynell
ROTLD DNSSEC Implementation
ROTLD DNSSEC Implementation
Deploy360 Programme (Internet Society)
How to send DNS over anything encrypted
How to send DNS over anything encrypted
Men and Mice
VietOpenStack Boston recap 2017
VietOpenStack Boston recap 2017
Vietnam Open Infrastructure User Group
ION Cape Town - IETF Update and How to Get Involved
ION Cape Town - IETF Update and How to Get Involved
Deploy360 Programme (Internet Society)
RIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinar
Men and Mice
ION Belfast - IETF Update - Chris Grundemann
ION Belfast - IETF Update - Chris Grundemann
Deploy360 Programme (Internet Society)
After summit catch up
After summit catch up
Thanassis Parathyras
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenches
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenches
APNIC
OAS SSIG 2016 - IETF-LAC & LACNOG - Alvaro Retana - Cisco
OAS SSIG 2016 - IETF-LAC & LACNOG - Alvaro Retana - Cisco
Rogerio Mariano
.EDU DNSSEC Testbed
.EDU DNSSEC Testbed
Shumon Huque
ION Toronto - Deploying DNSSEC: A .CA Case Study
ION Toronto - Deploying DNSSEC: A .CA Case Study
Deploy360 Programme (Internet Society)
How the Internet works...and why
How the Internet works...and why
APNIC
Tech 2 Tech IPv6 presentation
Tech 2 Tech IPv6 presentation
Jisc
Introduction to Orchestration and DevOps with OpenStack
Introduction to Orchestration and DevOps with OpenStack
Abderrahmane TEKFI
DNSSEC and DANE Deployment: Trends, Tools and Challenges
DNSSEC and DANE Deployment: Trends, Tools and Challenges
Deploy360 Programme (Internet Society)
Learn OpenStack from trystack.cn
Learn OpenStack from trystack.cn
OpenCity Community
HSB - Secure DNS en BGP ontwikkelingen - Benno Overeinder
HSB - Secure DNS en BGP ontwikkelingen - Benno Overeinder
Splend
DNS resolver 1.1.1.1 from Cloudflare
DNS resolver 1.1.1.1 from Cloudflare
APNIC
Developing on OpenStack Startup Edmonton
Developing on OpenStack Startup Edmonton
serverascode
Cloudstack China User Group Report
Cloudstack China User Group Report
gavin_lee
IPv6 and Telecom: IPv4 Is FInally Running Out. Now What?
IPv6 and Telecom: IPv4 Is FInally Running Out. Now What?
Deploy360 Programme (Internet Society)
Meetup at SIG: Meten is weten
Meetup at SIG: Meten is weten
Devnology
Software Operation Knowledge
Software Operation Knowledge
Devnology
Mais conteúdo relacionado
Semelhante a DNSSec: Internet achter de schermen
How to send DNS over anything encrypted
How to send DNS over anything encrypted
Men and Mice
VietOpenStack Boston recap 2017
VietOpenStack Boston recap 2017
Vietnam Open Infrastructure User Group
ION Cape Town - IETF Update and How to Get Involved
ION Cape Town - IETF Update and How to Get Involved
Deploy360 Programme (Internet Society)
RIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinar
Men and Mice
ION Belfast - IETF Update - Chris Grundemann
ION Belfast - IETF Update - Chris Grundemann
Deploy360 Programme (Internet Society)
After summit catch up
After summit catch up
Thanassis Parathyras
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenches
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenches
APNIC
OAS SSIG 2016 - IETF-LAC & LACNOG - Alvaro Retana - Cisco
OAS SSIG 2016 - IETF-LAC & LACNOG - Alvaro Retana - Cisco
Rogerio Mariano
.EDU DNSSEC Testbed
.EDU DNSSEC Testbed
Shumon Huque
ION Toronto - Deploying DNSSEC: A .CA Case Study
ION Toronto - Deploying DNSSEC: A .CA Case Study
Deploy360 Programme (Internet Society)
How the Internet works...and why
How the Internet works...and why
APNIC
Tech 2 Tech IPv6 presentation
Tech 2 Tech IPv6 presentation
Jisc
Introduction to Orchestration and DevOps with OpenStack
Introduction to Orchestration and DevOps with OpenStack
Abderrahmane TEKFI
DNSSEC and DANE Deployment: Trends, Tools and Challenges
DNSSEC and DANE Deployment: Trends, Tools and Challenges
Deploy360 Programme (Internet Society)
Learn OpenStack from trystack.cn
Learn OpenStack from trystack.cn
OpenCity Community
HSB - Secure DNS en BGP ontwikkelingen - Benno Overeinder
HSB - Secure DNS en BGP ontwikkelingen - Benno Overeinder
Splend
DNS resolver 1.1.1.1 from Cloudflare
DNS resolver 1.1.1.1 from Cloudflare
APNIC
Developing on OpenStack Startup Edmonton
Developing on OpenStack Startup Edmonton
serverascode
Cloudstack China User Group Report
Cloudstack China User Group Report
gavin_lee
IPv6 and Telecom: IPv4 Is FInally Running Out. Now What?
IPv6 and Telecom: IPv4 Is FInally Running Out. Now What?
Deploy360 Programme (Internet Society)
Semelhante a DNSSec: Internet achter de schermen
(20)
How to send DNS over anything encrypted
How to send DNS over anything encrypted
VietOpenStack Boston recap 2017
VietOpenStack Boston recap 2017
ION Cape Town - IETF Update and How to Get Involved
ION Cape Town - IETF Update and How to Get Involved
RIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinar
ION Belfast - IETF Update - Chris Grundemann
ION Belfast - IETF Update - Chris Grundemann
After summit catch up
After summit catch up
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenches
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenches
OAS SSIG 2016 - IETF-LAC & LACNOG - Alvaro Retana - Cisco
OAS SSIG 2016 - IETF-LAC & LACNOG - Alvaro Retana - Cisco
.EDU DNSSEC Testbed
.EDU DNSSEC Testbed
ION Toronto - Deploying DNSSEC: A .CA Case Study
ION Toronto - Deploying DNSSEC: A .CA Case Study
How the Internet works...and why
How the Internet works...and why
Tech 2 Tech IPv6 presentation
Tech 2 Tech IPv6 presentation
Introduction to Orchestration and DevOps with OpenStack
Introduction to Orchestration and DevOps with OpenStack
DNSSEC and DANE Deployment: Trends, Tools and Challenges
DNSSEC and DANE Deployment: Trends, Tools and Challenges
Learn OpenStack from trystack.cn
Learn OpenStack from trystack.cn
HSB - Secure DNS en BGP ontwikkelingen - Benno Overeinder
HSB - Secure DNS en BGP ontwikkelingen - Benno Overeinder
DNS resolver 1.1.1.1 from Cloudflare
DNS resolver 1.1.1.1 from Cloudflare
Developing on OpenStack Startup Edmonton
Developing on OpenStack Startup Edmonton
Cloudstack China User Group Report
Cloudstack China User Group Report
IPv6 and Telecom: IPv4 Is FInally Running Out. Now What?
IPv6 and Telecom: IPv4 Is FInally Running Out. Now What?
Mais de Devnology
Meetup at SIG: Meten is weten
Meetup at SIG: Meten is weten
Devnology
Software Operation Knowledge
Software Operation Knowledge
Devnology
Slides Felienne Hermans Symposium EWI
Slides Felienne Hermans Symposium EWI
Devnology
Devnology auteursrecht en open source 20130205
Devnology auteursrecht en open source 20130205
Devnology
The top 10 security issues in web applications
The top 10 security issues in web applications
Devnology
Hacking Smartcards & RFID
Hacking Smartcards & RFID
Devnology
Learn a language : LISP
Learn a language : LISP
Devnology
Learn a language : LISP
Learn a language : LISP
Devnology
Devnology Back to School: Empirical Evidence on Modeling in Software Development
Devnology Back to School: Empirical Evidence on Modeling in Software Development
Devnology
Devnology Back to School IV - Agility en Architectuur
Devnology Back to School IV - Agility en Architectuur
Devnology
Devnology Back to School III : Software impact
Devnology Back to School III : Software impact
Devnology
Devnology back toschool software reengineering
Devnology back toschool software reengineering
Devnology
Introduction to Software Evolution: The Software Volcano
Introduction to Software Evolution: The Software Volcano
Devnology
Devnology Workshop Genpro 2 feb 2011
Devnology Workshop Genpro 2 feb 2011
Devnology
Devnology Coding Dojo 05-01-2011
Devnology Coding Dojo 05-01-2011
Devnology
Spoofax: ontwikkeling van domeinspecifieke talen in Eclipse
Spoofax: ontwikkeling van domeinspecifieke talen in Eclipse
Devnology
Experimenting with Augmented Reality
Experimenting with Augmented Reality
Devnology
Unit testing and MVVM in Silverlight
Unit testing and MVVM in Silverlight
Devnology
mobl: Een DSL voor mobiele applicatieontwikkeling
mobl: Een DSL voor mobiele applicatieontwikkeling
Devnology
Devnology Fitnesse workshop
Devnology Fitnesse workshop
Devnology
Mais de Devnology
(20)
Meetup at SIG: Meten is weten
Meetup at SIG: Meten is weten
Software Operation Knowledge
Software Operation Knowledge
Slides Felienne Hermans Symposium EWI
Slides Felienne Hermans Symposium EWI
Devnology auteursrecht en open source 20130205
Devnology auteursrecht en open source 20130205
The top 10 security issues in web applications
The top 10 security issues in web applications
Hacking Smartcards & RFID
Hacking Smartcards & RFID
Learn a language : LISP
Learn a language : LISP
Learn a language : LISP
Learn a language : LISP
Devnology Back to School: Empirical Evidence on Modeling in Software Development
Devnology Back to School: Empirical Evidence on Modeling in Software Development
Devnology Back to School IV - Agility en Architectuur
Devnology Back to School IV - Agility en Architectuur
Devnology Back to School III : Software impact
Devnology Back to School III : Software impact
Devnology back toschool software reengineering
Devnology back toschool software reengineering
Introduction to Software Evolution: The Software Volcano
Introduction to Software Evolution: The Software Volcano
Devnology Workshop Genpro 2 feb 2011
Devnology Workshop Genpro 2 feb 2011
Devnology Coding Dojo 05-01-2011
Devnology Coding Dojo 05-01-2011
Spoofax: ontwikkeling van domeinspecifieke talen in Eclipse
Spoofax: ontwikkeling van domeinspecifieke talen in Eclipse
Experimenting with Augmented Reality
Experimenting with Augmented Reality
Unit testing and MVVM in Silverlight
Unit testing and MVVM in Silverlight
mobl: Een DSL voor mobiele applicatieontwikkeling
mobl: Een DSL voor mobiele applicatieontwikkeling
Devnology Fitnesse workshop
Devnology Fitnesse workshop
Último
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Mark Simos
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
LoriGlavin3
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
BookNet Canada
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
Mattias Andersson
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
Addepto
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
LoriGlavin3
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
DianaGray10
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
Florian Wilhelm
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
LoriGlavin3
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
Rizwan Syed
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
BkGupta21
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
Sergiu Bodiu
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
BookNet Canada
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
UiPathCommunity
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
Kalema Edgar
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
Curtis Poe
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
Alan Dix
How to write a Business Continuity Plan
How to write a Business Continuity Plan
Databarracks
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
LoriGlavin3
Último
(20)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
How to write a Business Continuity Plan
How to write a Business Continuity Plan
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
DNSSec: Internet achter de schermen
1.
DNS at NLnet Labs
Matthijs Mekking
2.
Topics
• NLnet Labs • DNS • DNSSEC • Recent events http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
3.
NLnet
• Internet Provider until 1997 – The first internet backbone in Holland • Funding research and software projects that aid the Internet community – 1999, NLnet Labs http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
4.
NLnet Labs
• Founded in 1999, DNSSEC • DNS, DNSSEC, IPv6, routing • Software development – NSD, Unbound, ldns, OpenDNSSEC –C • Work on open standards (IETF) – RFCs 3750, 3904, 4641, 5702, ... • Education – DNS courses, student projects http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
5.
IETF
• Internet Engineering Task Force • “The goal of the IETF is to make the Internet work better” • Technical documents (RFC) • http://www.ietf.org http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
6.
http://www.nlnetlabs.nl/
Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
7.
Topics
• NLnet Labs • DNS • DNSSEC • Recent events http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
8.
What is DNS?
• Domain Name System • We want to refer machines by name – devnology.nl instead of 62.212.74.133 • In the beginning there was HOSTS.TXT... • ... but then the Internet grew • Problems with traffic and load, name collisions http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
9.
What is DNS?
• DNS was created in 1983 by Paul Mockapetris – RFCs 822 and 823 • IETF Full Standard in 1987 – RFCs 1034 and 1035 • Enhanced, updated, modified – RFCs 1123, 1982, 2181, 2308, 2671 (EDNS0), 2672, 3425, 4343, 4592, 5001 (NSID), 5452, 5936 and more http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
10.
DNS at IETF
• Internet Engineering Task Force • “The goal of the IETF is to make the Internet work better” • Technical documents (RFC) • http://www.ietf.org http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
11.
DNS Features
• A lookup mechanism for translating objects into other objects • A globally, distributed, loosely coherent, scalable, reliable, dynamic database • Comprised of three components – Name space – Servers making the name space available – Clients who perform the name resolution http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
12.
Name space http://www.nlnetlabs.nl/
Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
13.
Name space
• Database of DNS Resource Records NAME TYPE CLASS TTL RDLEN RDATA devnology.nl A IN 3600 1 RDATA_A devnology.nl NS IN 3600 1 RDATA_NS • Different RDATA format Domain name ns1.transip.net IPv4 62.212.74.133 http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
14.
Resource records
• SOA: Source of Authority • A: IPv4 Address • AAAA: IPv6 Address • MX: Mail Server • NS: Name Server (delegation) • PTR: Reverse Lookup • TXT: Arbitrary Text • ... http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
15.
Example zonefile
devnology.nl. IN SOA ( ns0.transip.net. hostmaster.transip.nl. 2010032002 14400 1800 604800 86400 ) devnology.nl. IN NS ns0.transip.net. devnology.nl. IN NS ns1.transip.net. devnology.nl. IN NS ns2.transip.net. devnology.nl. IN MX 10 ASPMX.L.GOOGLE.COM. devnology.nl. IN MX 30 ASPMX3.GOOGLEMAIL.COM. ... devnology.nl. IN TXT ( "v=spf1 ip4:62.212.74.133 a mx a:devnology.nl include:aspmx.googlemail.com ~all" ) devnology.nl. IN A 62.212.74.133 www.devnology.nl. IN CNAME devnology.nl. http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
16.
Reverse zone
74.212.62.in-addr.arpa. IN SOA ( ns1.leaseweb.nl. postmaster.leaseweb.nl. 2002111068 14400 7200 604800 86400 ) 74.212.62.in-addr.arpa. IN NS ns2.leaseweb.nl. 74.212.62.in-addr.arpa. IN NS ns3.leaseweb.org. 74.212.62.in-addr.arpa. IN NS ns1.leaseweb.nl. 1.74.212.62.in-addr.arpa. IN PTR hosted-by.leaseweb.com. 2.74.212.62.in-addr.arpa. IN PTR tiltbox.com. ... 133.74.212.62.in-addr.arpa. IN PTR devnology.nl. ... http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
17.
Name resolution http://www.nlnetlabs.nl/
Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
18.
Name resolution
;; QUESTION SECTION: ;www.devnology.nl. IN A ;; AUTHORITY SECTION: nl. 172800 IN NS ns1.nic.nl. nl. 172800 IN NS ns-nl.nic.fr. ;; ADDITIONAL SECTION: ns1.nic.nl. 172800 IN A 193.176.144.2 ns-nl.nic.fr. 172800 IN A 192.93.0.4 ns1.nic.nl. 172800 IN AAAA 2a00:d78:0:102:193:176:144:2 http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
19.
Name resolution
;; QUESTION SECTION: ;www.devnology.nl. IN A ;; AUTHORITY SECTION: devnology.nl. 7200 IN NS ns0.transip.net. devnology.nl. 7200 IN NS ns1.transip.net. devnology.nl. 7200 IN NS ns2.transip.net. ;; ADDITIONAL SECTION: • Additional section is empty, need to query for ns{0,1,2}.transip.net http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
20.
Name resolution
;; QUESTION SECTION: ;www.devnology.nl. IN A ;; ANSWER SECTION: www.devnology.nl. 86400 IN CNAME devnology.nl. devnology.nl. 86400 IN A 62.212.74.133 http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
21.
Reverse zone
; <<>> DiG 9.7.0-P1 <<>> -x 62.212.74.133 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id:23068 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;133.74.212.62.in-addr.arpa. IN PTR ;; AUTHORITY SECTION: 74.212.62.in-addr.arpa. 77364 IN SOA ns1.leaseweb.nl. postmaster.leaseweb.nl. 2002111068 14400 7200 604800 86400 http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
22.
DNS on the
wire +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | ID | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ |QR| Opcode |AA|TC|RD|RA| Z | RCODE | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | QDCOUNT | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | ANCOUNT | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | NSCOUNT | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | ARCOUNT | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
23.
Authoritative NS
• Makes the name space available – Zone files vs Database backends – Master vs. Slaves – Zone transfers • Incremental zone transfers – RFC 1995 • DNS NOTIFY – RFC 1996 • TSIG and SIG(0) – RFC 2845 and 2931 – Dynamic updates (DHCP) – RFC 2136 http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
24.
Topics
• NLnet Labs • DNS • DNSSEC • Recent events http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
25.
What's the threat?
• DNS Threat Analysis (RFC 3833) – Packet interception • Confidentiality, Integrity, Availability – ID Guessing & Query prediction • devnology.nl IN A 6.6.6.6 – Name chaining • devnology.nl IN NS ns0.evilguy.com – Denial of service (flooding name servers) • Slave servers http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
26.
What's the threat?
• Confidentiality? – DNS is public data – IPSec • Availability? – As with any network service – DNSSEC does not prevent Denial of Service (in fact it makes it worse) • Integrity – DNSSEC will ensure integrity http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
27.
Cache poisoning
• Provide false data to a caching name server (query prediction, id guessing) • Based on a flaw in the DNS, first answer is the correct one, ignore duplicates http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
28.
Cache poisoning
• How does a resolver know a response is expected? – Arrives on the same UDP port – Question section matches – Query ID matches – The Authority and Additional sections represent names that are within the same domain as the question: this is known as "bailiwick checking". http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
29.
Kaminsky attack
• Based on ID guessing (16 bits) • Prerequisite is that the data is not in the cache • High TTL is sort of defense mechanism (but not against the Kaminsky attack) http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
30.
Real response
;; QUESTION SECTION: ;111.nlnetlabs.nl. IN NS ;; AUTHORITY SECTION: nlnetlabs.nl. 3600 IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2010080100 28800 7200 604800 3600 http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
31.
Real response
;; QUESTION SECTION: ;www.nlnetlabs.nl. IN A ;; ANSWER SECTION: www.nlnetlabs.nl. 9888 IN A 213.154.224.1 ;; AUTHORITY SECTION: nlnetlabs.nl. 10117 IN NS open.nlnetlabs.nl. nlnetlabs.nl. 10117 IN NS ns3.domain-registry.nl. ;; ADDITIONAL SECTION: open.nlnetlabs.nl. 528 IN A 213.154.224.1 open.nlnetlabs.nl. 9162 IN AAAA 2001:7b8:206:1::53 http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
32.
Fake response
;; QUESTION SECTION: ;111.nlnetlabs.nl. IN A ;; ANSWER SECTION: 111.nlnetlabs.nl. 9888 IN A 6.6.6.1 ;; AUTHORITY SECTION: nlnetlabs.nl. 10117 IN NS ns1.evilguy.com. nlnetlabs.nl. 10117 IN NS ns2.transip.net. ;; ADDITIONAL SECTION: open.nlnetlabs.nl. 528 IN A 213.154.224.1 open.nlnetlabs.nl. 9162 IN AAAA 2001:7b8:206:1::53 http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
33.
Kaminsky attack
1.foo.nl? foo.nl SOA 1.foo.nl! 1.foo.nl! 6.6.6.1 NXDOMAIN Invalid ID Duplicate http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
34.
Kaminsky attack
foo.nl SOA 9.foo.nl A 6.6.6.1 9.foo.nl? foo.nl NS ns.evil 9.foo.nl! 9.foo.nl! 6.6.6.1 NXDOMAIN Duplicate http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
35.
Kaminsky attack
• Solution 1: add more randomness – UDP source port randomization – 2^16 * 2^11 = 2^27 = 134 million – Short term solution • Solution 2: DNSSEC http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
36.
DNSSEC
• DNS Security Extensions – RFC 4034, 4035 • Data origin authentication, data integrity • Public key cryptography – The DNSKEY Record • Adds signatures to responses – The RRSIG Record http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
37.
DNSSEC RRs
• DNSSEC Resource Records NAME TYPE CLASS TTL RDLEN RDATA devnology.nl DNSKEY IN 3600 1 RDATA_DNSKEY devnology.nl RRSIG IN 3600 1 RDATA_RRSIG ORIG TYPE ALGO. LABELS ORIG TTL SIG EXPIRE SIG START SOA RSASHA1 2 3600 01/09/2010 01/08/2010 KEY TAG SIGNER NAME SIGNATURE 12345 devnology.nl AwEE3dF0... FLAGS PROTOCOL ALGORITHM PUBLIC KEY 257 3 RSASHA1 AQPSKmy... http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
38.
DNSSEC RRs
• DNSKEY: Public key • RRSIG: Signature • DS: Delegation Signer – Provides a secure path at the delegation (between parent zone and child zone) • NSEC: Denial of Existence – broodjeaap.nl is proven not to exist • NSEC3: Hashed Denial of Existence http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
39.
DNSSEC RRs
devnology.nl. IN RRSIG SOA 5 2 3600 ( 20100831131949 20100803131949 46792 devnology.nl. RYY.../yik= ) ... devnology.nl. IN DNSKEY 257 3 5 AwE...htWV devnology.nl. IN RRSIG DNSKEY 5 2 3600 ... devnology.nl. IN NSEC www.devnology.nl. A NS SOA MX TXT ( RRSIG NSEC DNSKEY ) devnology.nl. IN RRSIG NSEC 5 2 86400 ... www.devnology.nl. IN CNAME devnology.nl. www.devnology.nl. IN RRSIG CNAME 5 3 360 ... www.devnology.nl. IN NSEC devnology.nl. CNAME RRSIG NSEC www.devnology.nl. IN RRSIG NSEC 5 3 86400 ... http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
40.
DNSSEC query
;; ANSWER SECTION: devnology.nl. 3600 IN A 62.212.74.133 devnology.nl. 3600 IN RRSIG A 5 2 3600 20100831131949 20100803131949 46792 devnology.nl. TO+EysNigcB/rXBZ89mv31OKZnX3/2xp6ClOr96cUg10qNXU11RCoHQteeW705AF tqV0e8WK7QMVFSPu0TRTnXNwcEDIP/qvzBu7bMSjcM7XejDg1ff+WgfJ5Ra4C1Dv rYq4Rj03kKzQPSBiE9DiKO3zcQgUCEVEdJ03YrY+NbY= ;{id = 46792} ;; AUTHORITY SECTION: devnology.nl. 3600 IN NS ns0.transip.net. devnology.nl. 3600 IN NS ns1.transip.net. devnology.nl. 3600 IN RRSIG NS 5 2 3600 20100831131949 20100803131949 46792 devnology.nl. LTqB1Pmq0C3YaBYedq6sHM3tssVwtAx8M1O6I2y0NynCcY2oRyRK4Mti19eJ/0H9 8JOen0j6u9KQtzEUGXb0Ik+MLIBntNwxF1CTBEyvmJp9U+9E6RtOtvt1Np1cH3Ls f+UXaXajPxkeFJpuE/Q6YQsNwP2zqtGkQl/IO9XPWvU= ;{id = 46792} http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
41.
DNSSEC Status
• A response can now be – Secure – Insecure – Bogus – Indeterminate • Up to local policy how to handle these states http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
42.
How to validate?
• Resolver needs to know the public key – Trust Anchor • Key distribution is difficult • Solution: Sign the delegation – The DS Record – DNS Root Trust Anchor: “one key to rule them all” • Luckily, the root has been signed:) – As of 15 July 2010 http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
43.
DNS Root Trust
Anchor . IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhV VLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0Ez rAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaU eVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkj f5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1a pAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCT MjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXf Z57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqr AmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= ; {id = 19036 (ksk), size = 2048b} http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
44.
DNSSEC RRs
• In the root zone: – dk. IN DS 26887 8 2 A1AB8546B80E438A7DFE0EC559A7088EC 5AED3C4E0D26B1B60ED3735F853DFD7 – dk. IN RRSIG DS 8 1 172800 20100810000000 20100802230000 41248 . o23Xc... • Points to the DNSKEY in the dk zone: – dk. IN DNSKEY 256 3 8 AwEAA... ; keytag=55594 – dk. IN DNSKEY 257 3 8 AwEAA... ; keytag=26887 – dk. IN RRSIG DNSKEY 8 1 86400 20100805191323 20100729141045 26887 dk. WLuD3... • Resolver can now build chain of trust http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
45.
Name resolution
;dnssec.dk. IN A @k.root-servers.net ;; AUTHORITY SECTION: dk. 172800 IN NS a.nic.dk. dk. 172800 IN NS b.nic.dk. ... dk. 172800 IN DS 26887 8 2 A1AB8546B80E438A7DFE0EC559A 7088EC5AED3C4E0D26B1B60ED3735 F853DFD7 dk. 172800 IN RRSIG DS 8 1 172800 20100810000000 20100802230000 41248 . o23Xc... ; signed with root key ;; ADDITIONAL SECTION: a.nic.dk. 172800 IN A 212.88.78.122 b.nic.dk. 172800 IN A 193.163.102.222 http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
46.
Name resolution
;dnssec.dk. IN A @a.nic.dk ;; AUTHORITY SECTION: dnssec.dk. IN NS ns1.gratisdns.dk. dnssec.dk. IN NS ns2.gratisdns.dk. 8afgsvl5sgurhqbipm0fdbvr5jq1frp2.dk. 3600 IN NSEC3 1 1 17 FAC981985022A210 8AFHAQVUPD0DDIRUTFL1NE5QONPO1CJ5 A NS SOA TXT RRSIG DNSKEY NSEC3PARAM 8afgsvl5sgurhqbipm0fdbvr5jq1frp2.dk. 3600 IN RRSIG NSEC3 isab28efbcpglup6uanh61dnolc8g0tq.dk. 3600 IN NSEC3 1 1 17 FAC981985022A210 ISAH6L4MDDHLR8KHCHFHC6SG7N6TG708 isab28efbcpglup6uanh61dnolc8g0tq.dk. 3600 IN RRSIG NSEC3 ;; ADDITIONAL SECTION: ns1.gratisdns.dk. 86400 IN A 109.238.48.13 http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
47.
Name resolution
;dnssec.dk. IN A @ns1.gratisdns.dk ;; ANSWER SECTION: dnssec.dk. 43200 IN A 193.3.157.13 dnssec.dk. 43200 IN RRSIG A 5 2 43200 20100901114809 ;; AUTHORITY SECTION: dnssec.dk. 43200 IN NS ns4.gratisdns.dk. dnssec.dk. 43200 IN NS ns3.gratisdns.dk. dnssec.dk. 43200 IN NS ns5.gratisdns.dk. dnssec.dk. 43200 IN NS ns2.gratisdns.dk. dnssec.dk. 43200 IN NS ns1.gratisdns.dk. dnssec.dk. 43200 IN RRSIG NS 5 2 43200 http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
48.
Name resolution
;; Number of trusted keys: 1 ;; Domain: . [T] . 86400 IN DNSKEY 256 3 8 ;{id = 41248 (zsk), ...} . 86400 IN DNSKEY 257 3 8 ;{id = 19036 (ksk), ...} [T] dk. 172800 IN DS 26887 8 2 a1ab8546b80e438a7dfe0ec55 9a7088ec5aed3c4e0d26b1b60ed3735f853dfd7 ;; Domain: dk. [T] dk. 86400 IN DNSKEY 257 3 8 ;{id = 26887 (ksk), ...} dk. 86400 IN DNSKEY 256 3 8 ;{id = 55594 (zsk), ...} ;; Domain: dnssec.dk. [S] dnssec.dk. 43200 IN DNSKEY 257 3 5 ;{id = 58693...} dnssec.dk. 43200 IN DNSKEY 256 3 5 ;{id = 26751...} [S] dnssec.dk. 43200 IN A 193.3.157.13 http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
49.
Denial of existence
;miss.nlnetlabs.nl. IN A @open.nlnetlabs.nl ;; AUTHORITY SECTION nlnetlabs.nl. 3473 IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2010080100 28800 7200 604800 3600 nlnetlabs.nl. 3473 IN RRSIG SOA 5 2 10200 20100829005003 nlnetlabs.nl. 1543 IN NSEC _jabber._tcp.nlnetlabs.nl. A NS SOA MX TXT AAAA NAPTR RRSIG NSEC DNSKEY nlnetlabs.nl. 1543 IN RRSIG NSEC 5 2 3600 20100829005003 mirre.nlnetlabs.nl. 3596 IN NSEC moby-dick.nlnetlabs.nl. A AAAA RRSIG NSEC mirre.nlnetlabs.nl. 3596 IN RRSIG NSEC 5 3 3600 http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
50.
NSEC Issues
• More signatures needed • Zone walking • Solution: Hashed version of Denial of Existence – The NSEC3 Record – RFC 5155 http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
51.
Hashed version
• Simplified ;miss.nlnetlabs.nl. IN A @open.nlnetlabs.nl h(www.nlnetlabs.nl.) = 11 h(miss.nlnetlabs.nl.) = 12 h(_jabber._tcp.nlnetlabs.nl.) = 13 11.nlnetlabs.nl. 1543 IN NSEC3 13.nlnetlabs.nl. A AAAA http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
52.
Hashed version
;dnssec.dk. IN DS @a.nic.dk ;; AUTHORITY SECTION: ... 8afgsvl5sgurhqbipm0fdbvr5jq1frp2.dk. 3600 IN NSEC3 1 1 17 FAC981985022A210 8AFHAQVUPD0DDIRUTFL1NE5QONPO1CJ5 A NS SOA TXT RRSIG DNSKEY NSEC3PARAM 8afgsvl5sgurhqbipm0fdbvr5jq1frp2.dk. 3600 IN RRSIG NSEC3 isab28efbcpglup6uanh61dnolc8g0tq.dk. 3600 IN NSEC3 1 1 17 FAC981985022A210 ISAH6L4MDDHLR8KHCHFHC6SG7N6TG708 isab28efbcpglup6uanh61dnolc8g0tq.dk. 3600 IN RRSIG NSEC3 http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
53.
Operational practices
• RFC 4641 • Re-signing – Signatures have a lifetime to prevent replay attacks – Signature validity period should be long enough to last the weekend • Key rollover – Crypto analysis – Operational practices http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
54.
Key rollover
• Be aware of DNS caches! – Old DNSKEY might still be in the cache – Old RRSIGs might still be in the cache – Switching without care might take your zone offline • Be aware of your delegation! – DS Record in the parent must match your DNSKEY – ZSK / KSK split (Flags: 256 / 257) http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
55.
ZSK vs KSK
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 ?| Protocol | Algorithm | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / / / Public Key / / / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ • SEP (Security Entry Point) bit – 0: 'ZSK' – 1: 'KSK' (Only sign DNSKEY set) – DS record must match a SEP http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
56.
Key rollover
• Double sign your zone – Until old key expires from the cache – Remove old key – Drawback: Increased zone size • Pre-publish your new key – Introduce new key, unused – Retire old key, use new key – Remove old key – Drawback: Increased rollover duration http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
57.
DNSSEC weaknesses
• Increased DNS response packet size • Increased workload for the resolvers • Hierarchical trust level • Time synchronization • Complex to implement and operate – OpenDNSSEC http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
58.
The whole picture
Bind9 NSD Bind9 http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
59.
Topics
• NLnet Labs • DNS • DNSSEC • Recent events http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
60.
Recent events
• The root is signed! – DS in the root: .bg, .br, .cat, .cz, .dk, .edu, .lk, .na, .org, .tm, .uk – Coming: .arpa, .fr, .nl, .se, ... • http://www.youtube.com/watch?v=b9j-sfP9GUU http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
61.
Recent events
• Trust anchor distribution is a pain • Automatic updating of Trust Anchors (at the resolver) – RFC 5011 – Regular polling of SEP keys – Introduces the REVOKED bit – Not meant for those who have a secure delegation – Autotrust: RFC 5011 implementation http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
62.
Recent events
• Algorithm Rollover – RFC 5702 introduces RSASHA2 – DNSSEC says that all RRsets need to be signed with each algorithm – DNSKEY may expire from the cache before its signatures do http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
63.
Recent events
• Algorithm Rollover and Automatic Updating of Trust Anchors – We need to double sign (because of use of multiple algorithms) – We need to revoke http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
64.
?
• http://www.nlnetlabs.nl • http://www.opendnssec.org • http://blog.nominet.org.uk/tech/2010/ 05/24/436 • http://www.root-dnssec.org/ http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
Baixar agora