Enviar pesquisa
Carregar
DNSSec: Internet achter de schermen
•
0 gostou
•
984 visualizações
Devnology
Seguir
Presentation about DNSSec for Devnology meetup august 2010 by nlnet labs
Leia menos
Leia mais
Tecnologia
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 64
Baixar agora
Baixar para ler offline
Recomendados
Tutorial 1
Tutorial 1
VIKAS_1705212
ION Durban - DNSSEC, and Why We Can't Avoid It
ION Durban - DNSSEC, and Why We Can't Avoid It
Deploy360 Programme (Internet Society)
Code inspecties
Code inspecties
Devnology
What do we really know about the differences between static and dynamic types?
What do we really know about the differences between static and dynamic types?
Devnology
DNS Measurement Activity on ITB 2010
DNS Measurement Activity on ITB 2010
Affan Basalamah
ION Santiago: What's Happening at the IETF? Internet Standards and How to Get...
ION Santiago: What's Happening at the IETF? Internet Standards and How to Get...
Deploy360 Programme (Internet Society)
ROTLD DNSSEC Implementation
ROTLD DNSSEC Implementation
Kevin Meynell
ROTLD DNSSEC Implementation
ROTLD DNSSEC Implementation
Deploy360 Programme (Internet Society)
Recomendados
Tutorial 1
Tutorial 1
VIKAS_1705212
ION Durban - DNSSEC, and Why We Can't Avoid It
ION Durban - DNSSEC, and Why We Can't Avoid It
Deploy360 Programme (Internet Society)
Code inspecties
Code inspecties
Devnology
What do we really know about the differences between static and dynamic types?
What do we really know about the differences between static and dynamic types?
Devnology
DNS Measurement Activity on ITB 2010
DNS Measurement Activity on ITB 2010
Affan Basalamah
ION Santiago: What's Happening at the IETF? Internet Standards and How to Get...
ION Santiago: What's Happening at the IETF? Internet Standards and How to Get...
Deploy360 Programme (Internet Society)
ROTLD DNSSEC Implementation
ROTLD DNSSEC Implementation
Kevin Meynell
ROTLD DNSSEC Implementation
ROTLD DNSSEC Implementation
Deploy360 Programme (Internet Society)
How to send DNS over anything encrypted
How to send DNS over anything encrypted
Men and Mice
VietOpenStack Boston recap 2017
VietOpenStack Boston recap 2017
Vietnam Open Infrastructure User Group
ION Cape Town - IETF Update and How to Get Involved
ION Cape Town - IETF Update and How to Get Involved
Deploy360 Programme (Internet Society)
RIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinar
Men and Mice
ION Belfast - IETF Update - Chris Grundemann
ION Belfast - IETF Update - Chris Grundemann
Deploy360 Programme (Internet Society)
After summit catch up
After summit catch up
Thanassis Parathyras
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenches
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenches
APNIC
OAS SSIG 2016 - IETF-LAC & LACNOG - Alvaro Retana - Cisco
OAS SSIG 2016 - IETF-LAC & LACNOG - Alvaro Retana - Cisco
Rogerio Mariano
.EDU DNSSEC Testbed
.EDU DNSSEC Testbed
Shumon Huque
ION Toronto - Deploying DNSSEC: A .CA Case Study
ION Toronto - Deploying DNSSEC: A .CA Case Study
Deploy360 Programme (Internet Society)
How the Internet works...and why
How the Internet works...and why
APNIC
Tech 2 Tech IPv6 presentation
Tech 2 Tech IPv6 presentation
Jisc
Introduction to Orchestration and DevOps with OpenStack
Introduction to Orchestration and DevOps with OpenStack
Abderrahmane TEKFI
DNSSEC and DANE Deployment: Trends, Tools and Challenges
DNSSEC and DANE Deployment: Trends, Tools and Challenges
Deploy360 Programme (Internet Society)
Learn OpenStack from trystack.cn
Learn OpenStack from trystack.cn
OpenCity Community
HSB - Secure DNS en BGP ontwikkelingen - Benno Overeinder
HSB - Secure DNS en BGP ontwikkelingen - Benno Overeinder
Splend
DNS resolver 1.1.1.1 from Cloudflare
DNS resolver 1.1.1.1 from Cloudflare
APNIC
Developing on OpenStack Startup Edmonton
Developing on OpenStack Startup Edmonton
serverascode
Cloudstack China User Group Report
Cloudstack China User Group Report
gavin_lee
IPv6 and Telecom: IPv4 Is FInally Running Out. Now What?
IPv6 and Telecom: IPv4 Is FInally Running Out. Now What?
Deploy360 Programme (Internet Society)
Meetup at SIG: Meten is weten
Meetup at SIG: Meten is weten
Devnology
Software Operation Knowledge
Software Operation Knowledge
Devnology
Mais conteúdo relacionado
Semelhante a DNSSec: Internet achter de schermen
How to send DNS over anything encrypted
How to send DNS over anything encrypted
Men and Mice
VietOpenStack Boston recap 2017
VietOpenStack Boston recap 2017
Vietnam Open Infrastructure User Group
ION Cape Town - IETF Update and How to Get Involved
ION Cape Town - IETF Update and How to Get Involved
Deploy360 Programme (Internet Society)
RIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinar
Men and Mice
ION Belfast - IETF Update - Chris Grundemann
ION Belfast - IETF Update - Chris Grundemann
Deploy360 Programme (Internet Society)
After summit catch up
After summit catch up
Thanassis Parathyras
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenches
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenches
APNIC
OAS SSIG 2016 - IETF-LAC & LACNOG - Alvaro Retana - Cisco
OAS SSIG 2016 - IETF-LAC & LACNOG - Alvaro Retana - Cisco
Rogerio Mariano
.EDU DNSSEC Testbed
.EDU DNSSEC Testbed
Shumon Huque
ION Toronto - Deploying DNSSEC: A .CA Case Study
ION Toronto - Deploying DNSSEC: A .CA Case Study
Deploy360 Programme (Internet Society)
How the Internet works...and why
How the Internet works...and why
APNIC
Tech 2 Tech IPv6 presentation
Tech 2 Tech IPv6 presentation
Jisc
Introduction to Orchestration and DevOps with OpenStack
Introduction to Orchestration and DevOps with OpenStack
Abderrahmane TEKFI
DNSSEC and DANE Deployment: Trends, Tools and Challenges
DNSSEC and DANE Deployment: Trends, Tools and Challenges
Deploy360 Programme (Internet Society)
Learn OpenStack from trystack.cn
Learn OpenStack from trystack.cn
OpenCity Community
HSB - Secure DNS en BGP ontwikkelingen - Benno Overeinder
HSB - Secure DNS en BGP ontwikkelingen - Benno Overeinder
Splend
DNS resolver 1.1.1.1 from Cloudflare
DNS resolver 1.1.1.1 from Cloudflare
APNIC
Developing on OpenStack Startup Edmonton
Developing on OpenStack Startup Edmonton
serverascode
Cloudstack China User Group Report
Cloudstack China User Group Report
gavin_lee
IPv6 and Telecom: IPv4 Is FInally Running Out. Now What?
IPv6 and Telecom: IPv4 Is FInally Running Out. Now What?
Deploy360 Programme (Internet Society)
Semelhante a DNSSec: Internet achter de schermen
(20)
How to send DNS over anything encrypted
How to send DNS over anything encrypted
VietOpenStack Boston recap 2017
VietOpenStack Boston recap 2017
ION Cape Town - IETF Update and How to Get Involved
ION Cape Town - IETF Update and How to Get Involved
RIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinar
ION Belfast - IETF Update - Chris Grundemann
ION Belfast - IETF Update - Chris Grundemann
After summit catch up
After summit catch up
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenches
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenches
OAS SSIG 2016 - IETF-LAC & LACNOG - Alvaro Retana - Cisco
OAS SSIG 2016 - IETF-LAC & LACNOG - Alvaro Retana - Cisco
.EDU DNSSEC Testbed
.EDU DNSSEC Testbed
ION Toronto - Deploying DNSSEC: A .CA Case Study
ION Toronto - Deploying DNSSEC: A .CA Case Study
How the Internet works...and why
How the Internet works...and why
Tech 2 Tech IPv6 presentation
Tech 2 Tech IPv6 presentation
Introduction to Orchestration and DevOps with OpenStack
Introduction to Orchestration and DevOps with OpenStack
DNSSEC and DANE Deployment: Trends, Tools and Challenges
DNSSEC and DANE Deployment: Trends, Tools and Challenges
Learn OpenStack from trystack.cn
Learn OpenStack from trystack.cn
HSB - Secure DNS en BGP ontwikkelingen - Benno Overeinder
HSB - Secure DNS en BGP ontwikkelingen - Benno Overeinder
DNS resolver 1.1.1.1 from Cloudflare
DNS resolver 1.1.1.1 from Cloudflare
Developing on OpenStack Startup Edmonton
Developing on OpenStack Startup Edmonton
Cloudstack China User Group Report
Cloudstack China User Group Report
IPv6 and Telecom: IPv4 Is FInally Running Out. Now What?
IPv6 and Telecom: IPv4 Is FInally Running Out. Now What?
Mais de Devnology
Meetup at SIG: Meten is weten
Meetup at SIG: Meten is weten
Devnology
Software Operation Knowledge
Software Operation Knowledge
Devnology
Slides Felienne Hermans Symposium EWI
Slides Felienne Hermans Symposium EWI
Devnology
Devnology auteursrecht en open source 20130205
Devnology auteursrecht en open source 20130205
Devnology
The top 10 security issues in web applications
The top 10 security issues in web applications
Devnology
Hacking Smartcards & RFID
Hacking Smartcards & RFID
Devnology
Learn a language : LISP
Learn a language : LISP
Devnology
Learn a language : LISP
Learn a language : LISP
Devnology
Devnology Back to School: Empirical Evidence on Modeling in Software Development
Devnology Back to School: Empirical Evidence on Modeling in Software Development
Devnology
Devnology Back to School IV - Agility en Architectuur
Devnology Back to School IV - Agility en Architectuur
Devnology
Devnology Back to School III : Software impact
Devnology Back to School III : Software impact
Devnology
Devnology back toschool software reengineering
Devnology back toschool software reengineering
Devnology
Introduction to Software Evolution: The Software Volcano
Introduction to Software Evolution: The Software Volcano
Devnology
Devnology Workshop Genpro 2 feb 2011
Devnology Workshop Genpro 2 feb 2011
Devnology
Devnology Coding Dojo 05-01-2011
Devnology Coding Dojo 05-01-2011
Devnology
Spoofax: ontwikkeling van domeinspecifieke talen in Eclipse
Spoofax: ontwikkeling van domeinspecifieke talen in Eclipse
Devnology
Experimenting with Augmented Reality
Experimenting with Augmented Reality
Devnology
Unit testing and MVVM in Silverlight
Unit testing and MVVM in Silverlight
Devnology
mobl: Een DSL voor mobiele applicatieontwikkeling
mobl: Een DSL voor mobiele applicatieontwikkeling
Devnology
Devnology Fitnesse workshop
Devnology Fitnesse workshop
Devnology
Mais de Devnology
(20)
Meetup at SIG: Meten is weten
Meetup at SIG: Meten is weten
Software Operation Knowledge
Software Operation Knowledge
Slides Felienne Hermans Symposium EWI
Slides Felienne Hermans Symposium EWI
Devnology auteursrecht en open source 20130205
Devnology auteursrecht en open source 20130205
The top 10 security issues in web applications
The top 10 security issues in web applications
Hacking Smartcards & RFID
Hacking Smartcards & RFID
Learn a language : LISP
Learn a language : LISP
Learn a language : LISP
Learn a language : LISP
Devnology Back to School: Empirical Evidence on Modeling in Software Development
Devnology Back to School: Empirical Evidence on Modeling in Software Development
Devnology Back to School IV - Agility en Architectuur
Devnology Back to School IV - Agility en Architectuur
Devnology Back to School III : Software impact
Devnology Back to School III : Software impact
Devnology back toschool software reengineering
Devnology back toschool software reengineering
Introduction to Software Evolution: The Software Volcano
Introduction to Software Evolution: The Software Volcano
Devnology Workshop Genpro 2 feb 2011
Devnology Workshop Genpro 2 feb 2011
Devnology Coding Dojo 05-01-2011
Devnology Coding Dojo 05-01-2011
Spoofax: ontwikkeling van domeinspecifieke talen in Eclipse
Spoofax: ontwikkeling van domeinspecifieke talen in Eclipse
Experimenting with Augmented Reality
Experimenting with Augmented Reality
Unit testing and MVVM in Silverlight
Unit testing and MVVM in Silverlight
mobl: Een DSL voor mobiele applicatieontwikkeling
mobl: Een DSL voor mobiele applicatieontwikkeling
Devnology Fitnesse workshop
Devnology Fitnesse workshop
Último
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
soniya singh
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
OnBoard
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
Allon Mureinik
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Radu Cotescu
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
BookNet Canada
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Maria Levchenko
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
Paola De la Torre
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
HampshireHUG
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Anna Loughnan Colquhoun
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
Sujit Pal
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
shyamraj55
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Rafal Los
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
2toLead Limited
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
Último
(20)
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
DNSSec: Internet achter de schermen
1.
DNS at NLnet Labs
Matthijs Mekking
2.
Topics
• NLnet Labs • DNS • DNSSEC • Recent events http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
3.
NLnet
• Internet Provider until 1997 – The first internet backbone in Holland • Funding research and software projects that aid the Internet community – 1999, NLnet Labs http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
4.
NLnet Labs
• Founded in 1999, DNSSEC • DNS, DNSSEC, IPv6, routing • Software development – NSD, Unbound, ldns, OpenDNSSEC –C • Work on open standards (IETF) – RFCs 3750, 3904, 4641, 5702, ... • Education – DNS courses, student projects http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
5.
IETF
• Internet Engineering Task Force • “The goal of the IETF is to make the Internet work better” • Technical documents (RFC) • http://www.ietf.org http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
6.
http://www.nlnetlabs.nl/
Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
7.
Topics
• NLnet Labs • DNS • DNSSEC • Recent events http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
8.
What is DNS?
• Domain Name System • We want to refer machines by name – devnology.nl instead of 62.212.74.133 • In the beginning there was HOSTS.TXT... • ... but then the Internet grew • Problems with traffic and load, name collisions http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
9.
What is DNS?
• DNS was created in 1983 by Paul Mockapetris – RFCs 822 and 823 • IETF Full Standard in 1987 – RFCs 1034 and 1035 • Enhanced, updated, modified – RFCs 1123, 1982, 2181, 2308, 2671 (EDNS0), 2672, 3425, 4343, 4592, 5001 (NSID), 5452, 5936 and more http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
10.
DNS at IETF
• Internet Engineering Task Force • “The goal of the IETF is to make the Internet work better” • Technical documents (RFC) • http://www.ietf.org http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
11.
DNS Features
• A lookup mechanism for translating objects into other objects • A globally, distributed, loosely coherent, scalable, reliable, dynamic database • Comprised of three components – Name space – Servers making the name space available – Clients who perform the name resolution http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
12.
Name space http://www.nlnetlabs.nl/
Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
13.
Name space
• Database of DNS Resource Records NAME TYPE CLASS TTL RDLEN RDATA devnology.nl A IN 3600 1 RDATA_A devnology.nl NS IN 3600 1 RDATA_NS • Different RDATA format Domain name ns1.transip.net IPv4 62.212.74.133 http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
14.
Resource records
• SOA: Source of Authority • A: IPv4 Address • AAAA: IPv6 Address • MX: Mail Server • NS: Name Server (delegation) • PTR: Reverse Lookup • TXT: Arbitrary Text • ... http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
15.
Example zonefile
devnology.nl. IN SOA ( ns0.transip.net. hostmaster.transip.nl. 2010032002 14400 1800 604800 86400 ) devnology.nl. IN NS ns0.transip.net. devnology.nl. IN NS ns1.transip.net. devnology.nl. IN NS ns2.transip.net. devnology.nl. IN MX 10 ASPMX.L.GOOGLE.COM. devnology.nl. IN MX 30 ASPMX3.GOOGLEMAIL.COM. ... devnology.nl. IN TXT ( "v=spf1 ip4:62.212.74.133 a mx a:devnology.nl include:aspmx.googlemail.com ~all" ) devnology.nl. IN A 62.212.74.133 www.devnology.nl. IN CNAME devnology.nl. http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
16.
Reverse zone
74.212.62.in-addr.arpa. IN SOA ( ns1.leaseweb.nl. postmaster.leaseweb.nl. 2002111068 14400 7200 604800 86400 ) 74.212.62.in-addr.arpa. IN NS ns2.leaseweb.nl. 74.212.62.in-addr.arpa. IN NS ns3.leaseweb.org. 74.212.62.in-addr.arpa. IN NS ns1.leaseweb.nl. 1.74.212.62.in-addr.arpa. IN PTR hosted-by.leaseweb.com. 2.74.212.62.in-addr.arpa. IN PTR tiltbox.com. ... 133.74.212.62.in-addr.arpa. IN PTR devnology.nl. ... http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
17.
Name resolution http://www.nlnetlabs.nl/
Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
18.
Name resolution
;; QUESTION SECTION: ;www.devnology.nl. IN A ;; AUTHORITY SECTION: nl. 172800 IN NS ns1.nic.nl. nl. 172800 IN NS ns-nl.nic.fr. ;; ADDITIONAL SECTION: ns1.nic.nl. 172800 IN A 193.176.144.2 ns-nl.nic.fr. 172800 IN A 192.93.0.4 ns1.nic.nl. 172800 IN AAAA 2a00:d78:0:102:193:176:144:2 http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
19.
Name resolution
;; QUESTION SECTION: ;www.devnology.nl. IN A ;; AUTHORITY SECTION: devnology.nl. 7200 IN NS ns0.transip.net. devnology.nl. 7200 IN NS ns1.transip.net. devnology.nl. 7200 IN NS ns2.transip.net. ;; ADDITIONAL SECTION: • Additional section is empty, need to query for ns{0,1,2}.transip.net http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
20.
Name resolution
;; QUESTION SECTION: ;www.devnology.nl. IN A ;; ANSWER SECTION: www.devnology.nl. 86400 IN CNAME devnology.nl. devnology.nl. 86400 IN A 62.212.74.133 http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
21.
Reverse zone
; <<>> DiG 9.7.0-P1 <<>> -x 62.212.74.133 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id:23068 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;133.74.212.62.in-addr.arpa. IN PTR ;; AUTHORITY SECTION: 74.212.62.in-addr.arpa. 77364 IN SOA ns1.leaseweb.nl. postmaster.leaseweb.nl. 2002111068 14400 7200 604800 86400 http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
22.
DNS on the
wire +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | ID | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ |QR| Opcode |AA|TC|RD|RA| Z | RCODE | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | QDCOUNT | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | ANCOUNT | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | NSCOUNT | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | ARCOUNT | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
23.
Authoritative NS
• Makes the name space available – Zone files vs Database backends – Master vs. Slaves – Zone transfers • Incremental zone transfers – RFC 1995 • DNS NOTIFY – RFC 1996 • TSIG and SIG(0) – RFC 2845 and 2931 – Dynamic updates (DHCP) – RFC 2136 http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
24.
Topics
• NLnet Labs • DNS • DNSSEC • Recent events http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
25.
What's the threat?
• DNS Threat Analysis (RFC 3833) – Packet interception • Confidentiality, Integrity, Availability – ID Guessing & Query prediction • devnology.nl IN A 6.6.6.6 – Name chaining • devnology.nl IN NS ns0.evilguy.com – Denial of service (flooding name servers) • Slave servers http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
26.
What's the threat?
• Confidentiality? – DNS is public data – IPSec • Availability? – As with any network service – DNSSEC does not prevent Denial of Service (in fact it makes it worse) • Integrity – DNSSEC will ensure integrity http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
27.
Cache poisoning
• Provide false data to a caching name server (query prediction, id guessing) • Based on a flaw in the DNS, first answer is the correct one, ignore duplicates http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
28.
Cache poisoning
• How does a resolver know a response is expected? – Arrives on the same UDP port – Question section matches – Query ID matches – The Authority and Additional sections represent names that are within the same domain as the question: this is known as "bailiwick checking". http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
29.
Kaminsky attack
• Based on ID guessing (16 bits) • Prerequisite is that the data is not in the cache • High TTL is sort of defense mechanism (but not against the Kaminsky attack) http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
30.
Real response
;; QUESTION SECTION: ;111.nlnetlabs.nl. IN NS ;; AUTHORITY SECTION: nlnetlabs.nl. 3600 IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2010080100 28800 7200 604800 3600 http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
31.
Real response
;; QUESTION SECTION: ;www.nlnetlabs.nl. IN A ;; ANSWER SECTION: www.nlnetlabs.nl. 9888 IN A 213.154.224.1 ;; AUTHORITY SECTION: nlnetlabs.nl. 10117 IN NS open.nlnetlabs.nl. nlnetlabs.nl. 10117 IN NS ns3.domain-registry.nl. ;; ADDITIONAL SECTION: open.nlnetlabs.nl. 528 IN A 213.154.224.1 open.nlnetlabs.nl. 9162 IN AAAA 2001:7b8:206:1::53 http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
32.
Fake response
;; QUESTION SECTION: ;111.nlnetlabs.nl. IN A ;; ANSWER SECTION: 111.nlnetlabs.nl. 9888 IN A 6.6.6.1 ;; AUTHORITY SECTION: nlnetlabs.nl. 10117 IN NS ns1.evilguy.com. nlnetlabs.nl. 10117 IN NS ns2.transip.net. ;; ADDITIONAL SECTION: open.nlnetlabs.nl. 528 IN A 213.154.224.1 open.nlnetlabs.nl. 9162 IN AAAA 2001:7b8:206:1::53 http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
33.
Kaminsky attack
1.foo.nl? foo.nl SOA 1.foo.nl! 1.foo.nl! 6.6.6.1 NXDOMAIN Invalid ID Duplicate http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
34.
Kaminsky attack
foo.nl SOA 9.foo.nl A 6.6.6.1 9.foo.nl? foo.nl NS ns.evil 9.foo.nl! 9.foo.nl! 6.6.6.1 NXDOMAIN Duplicate http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
35.
Kaminsky attack
• Solution 1: add more randomness – UDP source port randomization – 2^16 * 2^11 = 2^27 = 134 million – Short term solution • Solution 2: DNSSEC http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
36.
DNSSEC
• DNS Security Extensions – RFC 4034, 4035 • Data origin authentication, data integrity • Public key cryptography – The DNSKEY Record • Adds signatures to responses – The RRSIG Record http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
37.
DNSSEC RRs
• DNSSEC Resource Records NAME TYPE CLASS TTL RDLEN RDATA devnology.nl DNSKEY IN 3600 1 RDATA_DNSKEY devnology.nl RRSIG IN 3600 1 RDATA_RRSIG ORIG TYPE ALGO. LABELS ORIG TTL SIG EXPIRE SIG START SOA RSASHA1 2 3600 01/09/2010 01/08/2010 KEY TAG SIGNER NAME SIGNATURE 12345 devnology.nl AwEE3dF0... FLAGS PROTOCOL ALGORITHM PUBLIC KEY 257 3 RSASHA1 AQPSKmy... http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
38.
DNSSEC RRs
• DNSKEY: Public key • RRSIG: Signature • DS: Delegation Signer – Provides a secure path at the delegation (between parent zone and child zone) • NSEC: Denial of Existence – broodjeaap.nl is proven not to exist • NSEC3: Hashed Denial of Existence http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
39.
DNSSEC RRs
devnology.nl. IN RRSIG SOA 5 2 3600 ( 20100831131949 20100803131949 46792 devnology.nl. RYY.../yik= ) ... devnology.nl. IN DNSKEY 257 3 5 AwE...htWV devnology.nl. IN RRSIG DNSKEY 5 2 3600 ... devnology.nl. IN NSEC www.devnology.nl. A NS SOA MX TXT ( RRSIG NSEC DNSKEY ) devnology.nl. IN RRSIG NSEC 5 2 86400 ... www.devnology.nl. IN CNAME devnology.nl. www.devnology.nl. IN RRSIG CNAME 5 3 360 ... www.devnology.nl. IN NSEC devnology.nl. CNAME RRSIG NSEC www.devnology.nl. IN RRSIG NSEC 5 3 86400 ... http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
40.
DNSSEC query
;; ANSWER SECTION: devnology.nl. 3600 IN A 62.212.74.133 devnology.nl. 3600 IN RRSIG A 5 2 3600 20100831131949 20100803131949 46792 devnology.nl. TO+EysNigcB/rXBZ89mv31OKZnX3/2xp6ClOr96cUg10qNXU11RCoHQteeW705AF tqV0e8WK7QMVFSPu0TRTnXNwcEDIP/qvzBu7bMSjcM7XejDg1ff+WgfJ5Ra4C1Dv rYq4Rj03kKzQPSBiE9DiKO3zcQgUCEVEdJ03YrY+NbY= ;{id = 46792} ;; AUTHORITY SECTION: devnology.nl. 3600 IN NS ns0.transip.net. devnology.nl. 3600 IN NS ns1.transip.net. devnology.nl. 3600 IN RRSIG NS 5 2 3600 20100831131949 20100803131949 46792 devnology.nl. LTqB1Pmq0C3YaBYedq6sHM3tssVwtAx8M1O6I2y0NynCcY2oRyRK4Mti19eJ/0H9 8JOen0j6u9KQtzEUGXb0Ik+MLIBntNwxF1CTBEyvmJp9U+9E6RtOtvt1Np1cH3Ls f+UXaXajPxkeFJpuE/Q6YQsNwP2zqtGkQl/IO9XPWvU= ;{id = 46792} http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
41.
DNSSEC Status
• A response can now be – Secure – Insecure – Bogus – Indeterminate • Up to local policy how to handle these states http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
42.
How to validate?
• Resolver needs to know the public key – Trust Anchor • Key distribution is difficult • Solution: Sign the delegation – The DS Record – DNS Root Trust Anchor: “one key to rule them all” • Luckily, the root has been signed:) – As of 15 July 2010 http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
43.
DNS Root Trust
Anchor . IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhV VLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0Ez rAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaU eVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkj f5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1a pAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCT MjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXf Z57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqr AmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= ; {id = 19036 (ksk), size = 2048b} http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
44.
DNSSEC RRs
• In the root zone: – dk. IN DS 26887 8 2 A1AB8546B80E438A7DFE0EC559A7088EC 5AED3C4E0D26B1B60ED3735F853DFD7 – dk. IN RRSIG DS 8 1 172800 20100810000000 20100802230000 41248 . o23Xc... • Points to the DNSKEY in the dk zone: – dk. IN DNSKEY 256 3 8 AwEAA... ; keytag=55594 – dk. IN DNSKEY 257 3 8 AwEAA... ; keytag=26887 – dk. IN RRSIG DNSKEY 8 1 86400 20100805191323 20100729141045 26887 dk. WLuD3... • Resolver can now build chain of trust http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
45.
Name resolution
;dnssec.dk. IN A @k.root-servers.net ;; AUTHORITY SECTION: dk. 172800 IN NS a.nic.dk. dk. 172800 IN NS b.nic.dk. ... dk. 172800 IN DS 26887 8 2 A1AB8546B80E438A7DFE0EC559A 7088EC5AED3C4E0D26B1B60ED3735 F853DFD7 dk. 172800 IN RRSIG DS 8 1 172800 20100810000000 20100802230000 41248 . o23Xc... ; signed with root key ;; ADDITIONAL SECTION: a.nic.dk. 172800 IN A 212.88.78.122 b.nic.dk. 172800 IN A 193.163.102.222 http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
46.
Name resolution
;dnssec.dk. IN A @a.nic.dk ;; AUTHORITY SECTION: dnssec.dk. IN NS ns1.gratisdns.dk. dnssec.dk. IN NS ns2.gratisdns.dk. 8afgsvl5sgurhqbipm0fdbvr5jq1frp2.dk. 3600 IN NSEC3 1 1 17 FAC981985022A210 8AFHAQVUPD0DDIRUTFL1NE5QONPO1CJ5 A NS SOA TXT RRSIG DNSKEY NSEC3PARAM 8afgsvl5sgurhqbipm0fdbvr5jq1frp2.dk. 3600 IN RRSIG NSEC3 isab28efbcpglup6uanh61dnolc8g0tq.dk. 3600 IN NSEC3 1 1 17 FAC981985022A210 ISAH6L4MDDHLR8KHCHFHC6SG7N6TG708 isab28efbcpglup6uanh61dnolc8g0tq.dk. 3600 IN RRSIG NSEC3 ;; ADDITIONAL SECTION: ns1.gratisdns.dk. 86400 IN A 109.238.48.13 http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
47.
Name resolution
;dnssec.dk. IN A @ns1.gratisdns.dk ;; ANSWER SECTION: dnssec.dk. 43200 IN A 193.3.157.13 dnssec.dk. 43200 IN RRSIG A 5 2 43200 20100901114809 ;; AUTHORITY SECTION: dnssec.dk. 43200 IN NS ns4.gratisdns.dk. dnssec.dk. 43200 IN NS ns3.gratisdns.dk. dnssec.dk. 43200 IN NS ns5.gratisdns.dk. dnssec.dk. 43200 IN NS ns2.gratisdns.dk. dnssec.dk. 43200 IN NS ns1.gratisdns.dk. dnssec.dk. 43200 IN RRSIG NS 5 2 43200 http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
48.
Name resolution
;; Number of trusted keys: 1 ;; Domain: . [T] . 86400 IN DNSKEY 256 3 8 ;{id = 41248 (zsk), ...} . 86400 IN DNSKEY 257 3 8 ;{id = 19036 (ksk), ...} [T] dk. 172800 IN DS 26887 8 2 a1ab8546b80e438a7dfe0ec55 9a7088ec5aed3c4e0d26b1b60ed3735f853dfd7 ;; Domain: dk. [T] dk. 86400 IN DNSKEY 257 3 8 ;{id = 26887 (ksk), ...} dk. 86400 IN DNSKEY 256 3 8 ;{id = 55594 (zsk), ...} ;; Domain: dnssec.dk. [S] dnssec.dk. 43200 IN DNSKEY 257 3 5 ;{id = 58693...} dnssec.dk. 43200 IN DNSKEY 256 3 5 ;{id = 26751...} [S] dnssec.dk. 43200 IN A 193.3.157.13 http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
49.
Denial of existence
;miss.nlnetlabs.nl. IN A @open.nlnetlabs.nl ;; AUTHORITY SECTION nlnetlabs.nl. 3473 IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2010080100 28800 7200 604800 3600 nlnetlabs.nl. 3473 IN RRSIG SOA 5 2 10200 20100829005003 nlnetlabs.nl. 1543 IN NSEC _jabber._tcp.nlnetlabs.nl. A NS SOA MX TXT AAAA NAPTR RRSIG NSEC DNSKEY nlnetlabs.nl. 1543 IN RRSIG NSEC 5 2 3600 20100829005003 mirre.nlnetlabs.nl. 3596 IN NSEC moby-dick.nlnetlabs.nl. A AAAA RRSIG NSEC mirre.nlnetlabs.nl. 3596 IN RRSIG NSEC 5 3 3600 http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
50.
NSEC Issues
• More signatures needed • Zone walking • Solution: Hashed version of Denial of Existence – The NSEC3 Record – RFC 5155 http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
51.
Hashed version
• Simplified ;miss.nlnetlabs.nl. IN A @open.nlnetlabs.nl h(www.nlnetlabs.nl.) = 11 h(miss.nlnetlabs.nl.) = 12 h(_jabber._tcp.nlnetlabs.nl.) = 13 11.nlnetlabs.nl. 1543 IN NSEC3 13.nlnetlabs.nl. A AAAA http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
52.
Hashed version
;dnssec.dk. IN DS @a.nic.dk ;; AUTHORITY SECTION: ... 8afgsvl5sgurhqbipm0fdbvr5jq1frp2.dk. 3600 IN NSEC3 1 1 17 FAC981985022A210 8AFHAQVUPD0DDIRUTFL1NE5QONPO1CJ5 A NS SOA TXT RRSIG DNSKEY NSEC3PARAM 8afgsvl5sgurhqbipm0fdbvr5jq1frp2.dk. 3600 IN RRSIG NSEC3 isab28efbcpglup6uanh61dnolc8g0tq.dk. 3600 IN NSEC3 1 1 17 FAC981985022A210 ISAH6L4MDDHLR8KHCHFHC6SG7N6TG708 isab28efbcpglup6uanh61dnolc8g0tq.dk. 3600 IN RRSIG NSEC3 http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
53.
Operational practices
• RFC 4641 • Re-signing – Signatures have a lifetime to prevent replay attacks – Signature validity period should be long enough to last the weekend • Key rollover – Crypto analysis – Operational practices http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
54.
Key rollover
• Be aware of DNS caches! – Old DNSKEY might still be in the cache – Old RRSIGs might still be in the cache – Switching without care might take your zone offline • Be aware of your delegation! – DS Record in the parent must match your DNSKEY – ZSK / KSK split (Flags: 256 / 257) http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
55.
ZSK vs KSK
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 ?| Protocol | Algorithm | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / / / Public Key / / / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ • SEP (Security Entry Point) bit – 0: 'ZSK' – 1: 'KSK' (Only sign DNSKEY set) – DS record must match a SEP http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
56.
Key rollover
• Double sign your zone – Until old key expires from the cache – Remove old key – Drawback: Increased zone size • Pre-publish your new key – Introduce new key, unused – Retire old key, use new key – Remove old key – Drawback: Increased rollover duration http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
57.
DNSSEC weaknesses
• Increased DNS response packet size • Increased workload for the resolvers • Hierarchical trust level • Time synchronization • Complex to implement and operate – OpenDNSSEC http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
58.
The whole picture
Bind9 NSD Bind9 http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
59.
Topics
• NLnet Labs • DNS • DNSSEC • Recent events http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
60.
Recent events
• The root is signed! – DS in the root: .bg, .br, .cat, .cz, .dk, .edu, .lk, .na, .org, .tm, .uk – Coming: .arpa, .fr, .nl, .se, ... • http://www.youtube.com/watch?v=b9j-sfP9GUU http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
61.
Recent events
• Trust anchor distribution is a pain • Automatic updating of Trust Anchors (at the resolver) – RFC 5011 – Regular polling of SEP keys – Introduces the REVOKED bit – Not meant for those who have a secure delegation – Autotrust: RFC 5011 implementation http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
62.
Recent events
• Algorithm Rollover – RFC 5702 introduces RSASHA2 – DNSSEC says that all RRsets need to be signed with each algorithm – DNSKEY may expire from the cache before its signatures do http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
63.
Recent events
• Algorithm Rollover and Automatic Updating of Trust Anchors – We need to double sign (because of use of multiple algorithms) – We need to revoke http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
64.
?
• http://www.nlnetlabs.nl • http://www.opendnssec.org • http://blog.nominet.org.uk/tech/2010/ 05/24/436 • http://www.root-dnssec.org/ http://www.nlnetlabs.nl/ Devnology, NL, 4 August 2010 © 2010 Stichting NLnet Labs
Baixar agora