Submit Search
Upload
Qunog12-DNS暗号化
•
0 likes
•
72 views
Manabu Sonoda
Follow
Qunog12で発表したDNS暗号化についてです。
Read less
Read more
Engineering
Report
Share
Report
Share
1 of 41
Download now
Download to read offline
Recommended
DoH, DoT and ESNI
DoH, DoT and ESNI
Jisc
Getting Started with a DNS Firewall
Getting Started with a DNS Firewall
APNIC
ION Bucharest - Deploying DNSSEC
ION Bucharest - Deploying DNSSEC
Deploy360 Programme (Internet Society)
ION Bucharest - DANE-DNSSEC-TLS
ION Bucharest - DANE-DNSSEC-TLS
Deploy360 Programme (Internet Society)
Redecentralizing the Web: IPFS and Filecoin
Redecentralizing the Web: IPFS and Filecoin
Facultad de Informática UCM
ION Islamabad - Deploying DNSSEC
ION Islamabad - Deploying DNSSEC
Deploy360 Programme (Internet Society)
Passive DNS Collection – Henry Stern, Cisco
Passive DNS Collection – Henry Stern, Cisco
Henry Stern
InterPlanetary File System (IPFS)
InterPlanetary File System (IPFS)
Gene Leybzon
Recommended
DoH, DoT and ESNI
DoH, DoT and ESNI
Jisc
Getting Started with a DNS Firewall
Getting Started with a DNS Firewall
APNIC
ION Bucharest - Deploying DNSSEC
ION Bucharest - Deploying DNSSEC
Deploy360 Programme (Internet Society)
ION Bucharest - DANE-DNSSEC-TLS
ION Bucharest - DANE-DNSSEC-TLS
Deploy360 Programme (Internet Society)
Redecentralizing the Web: IPFS and Filecoin
Redecentralizing the Web: IPFS and Filecoin
Facultad de Informática UCM
ION Islamabad - Deploying DNSSEC
ION Islamabad - Deploying DNSSEC
Deploy360 Programme (Internet Society)
Passive DNS Collection – Henry Stern, Cisco
Passive DNS Collection – Henry Stern, Cisco
Henry Stern
InterPlanetary File System (IPFS)
InterPlanetary File System (IPFS)
Gene Leybzon
Monitoring for DNS Security
Monitoring for DNS Security
ThousandEyes
BSides Rochester 2018: Chris Partridge: Turning Domain Data Into Domain Intel...
BSides Rochester 2018: Chris Partridge: Turning Domain Data Into Domain Intel...
JosephTesta9
DNSSEC - Domain Name System Security Extensions
DNSSEC - Domain Name System Security Extensions
Peter R. Egli
Tech w22
Tech w22
SelectedPresentations
ION Islamabad - DANE/DNSSEC/TLS Testing in the go6lab
ION Islamabad - DANE/DNSSEC/TLS Testing in the go6lab
Deploy360 Programme (Internet Society)
DNS Security
DNS Security
johnmcclure00
Deploying DNSSEC: A .ZA Case Study - ION Cape Town
Deploying DNSSEC: A .ZA Case Study - ION Cape Town
Deploy360 Programme (Internet Society)
ION Hangzhou - How to Deploy DNSSEC
ION Hangzhou - How to Deploy DNSSEC
Deploy360 Programme (Internet Society)
IPFS introduction
IPFS introduction
Genta M
ION Cape Town - DANE: The Future of Transport Layer Security (TLS)
ION Cape Town - DANE: The Future of Transport Layer Security (TLS)
Deploy360 Programme (Internet Society)
DANE/DNSSEC/TLS Testing in the go6Lab - ION Cape Town
DANE/DNSSEC/TLS Testing in the go6Lab - ION Cape Town
Deploy360 Programme (Internet Society)
IPFS: A Whole New World
IPFS: A Whole New World
ArcBlock
IPWB and IPFS at WAC2017
IPWB and IPFS at WAC2017
David Dias
Securededuplicationschemeforcloudstorage 141128075306-conversion-gate01
Securededuplicationschemeforcloudstorage 141128075306-conversion-gate01
shobhiya kumar
Ipfs
Ipfs
承翰 蔡
Decentralized storage IPFS & Ulord
Decentralized storage IPFS & Ulord
Steven Li
ION Durban - DNSSEC, and Why We Can't Avoid It
ION Durban - DNSSEC, and Why We Can't Avoid It
Deploy360 Programme (Internet Society)
DNSSEC implementation in Russia
DNSSEC implementation in Russia
Регистар националног Интернет домена Србије - РНИДС
Back to Basics 2017: Introduction to Sharding
Back to Basics 2017: Introduction to Sharding
MongoDB
Sizing MongoDB Clusters
Sizing MongoDB Clusters
MongoDB
Encrypted DNS - DNS over TLS / DNS over HTTPS
Encrypted DNS - DNS over TLS / DNS over HTTPS
Alex Mayrhofer
How to send DNS over anything encrypted
How to send DNS over anything encrypted
Men and Mice
More Related Content
What's hot
Monitoring for DNS Security
Monitoring for DNS Security
ThousandEyes
BSides Rochester 2018: Chris Partridge: Turning Domain Data Into Domain Intel...
BSides Rochester 2018: Chris Partridge: Turning Domain Data Into Domain Intel...
JosephTesta9
DNSSEC - Domain Name System Security Extensions
DNSSEC - Domain Name System Security Extensions
Peter R. Egli
Tech w22
Tech w22
SelectedPresentations
ION Islamabad - DANE/DNSSEC/TLS Testing in the go6lab
ION Islamabad - DANE/DNSSEC/TLS Testing in the go6lab
Deploy360 Programme (Internet Society)
DNS Security
DNS Security
johnmcclure00
Deploying DNSSEC: A .ZA Case Study - ION Cape Town
Deploying DNSSEC: A .ZA Case Study - ION Cape Town
Deploy360 Programme (Internet Society)
ION Hangzhou - How to Deploy DNSSEC
ION Hangzhou - How to Deploy DNSSEC
Deploy360 Programme (Internet Society)
IPFS introduction
IPFS introduction
Genta M
ION Cape Town - DANE: The Future of Transport Layer Security (TLS)
ION Cape Town - DANE: The Future of Transport Layer Security (TLS)
Deploy360 Programme (Internet Society)
DANE/DNSSEC/TLS Testing in the go6Lab - ION Cape Town
DANE/DNSSEC/TLS Testing in the go6Lab - ION Cape Town
Deploy360 Programme (Internet Society)
IPFS: A Whole New World
IPFS: A Whole New World
ArcBlock
IPWB and IPFS at WAC2017
IPWB and IPFS at WAC2017
David Dias
Securededuplicationschemeforcloudstorage 141128075306-conversion-gate01
Securededuplicationschemeforcloudstorage 141128075306-conversion-gate01
shobhiya kumar
Ipfs
Ipfs
承翰 蔡
Decentralized storage IPFS & Ulord
Decentralized storage IPFS & Ulord
Steven Li
ION Durban - DNSSEC, and Why We Can't Avoid It
ION Durban - DNSSEC, and Why We Can't Avoid It
Deploy360 Programme (Internet Society)
DNSSEC implementation in Russia
DNSSEC implementation in Russia
Регистар националног Интернет домена Србије - РНИДС
Back to Basics 2017: Introduction to Sharding
Back to Basics 2017: Introduction to Sharding
MongoDB
Sizing MongoDB Clusters
Sizing MongoDB Clusters
MongoDB
What's hot
(20)
Monitoring for DNS Security
Monitoring for DNS Security
BSides Rochester 2018: Chris Partridge: Turning Domain Data Into Domain Intel...
BSides Rochester 2018: Chris Partridge: Turning Domain Data Into Domain Intel...
DNSSEC - Domain Name System Security Extensions
DNSSEC - Domain Name System Security Extensions
Tech w22
Tech w22
ION Islamabad - DANE/DNSSEC/TLS Testing in the go6lab
ION Islamabad - DANE/DNSSEC/TLS Testing in the go6lab
DNS Security
DNS Security
Deploying DNSSEC: A .ZA Case Study - ION Cape Town
Deploying DNSSEC: A .ZA Case Study - ION Cape Town
ION Hangzhou - How to Deploy DNSSEC
ION Hangzhou - How to Deploy DNSSEC
IPFS introduction
IPFS introduction
ION Cape Town - DANE: The Future of Transport Layer Security (TLS)
ION Cape Town - DANE: The Future of Transport Layer Security (TLS)
DANE/DNSSEC/TLS Testing in the go6Lab - ION Cape Town
DANE/DNSSEC/TLS Testing in the go6Lab - ION Cape Town
IPFS: A Whole New World
IPFS: A Whole New World
IPWB and IPFS at WAC2017
IPWB and IPFS at WAC2017
Securededuplicationschemeforcloudstorage 141128075306-conversion-gate01
Securededuplicationschemeforcloudstorage 141128075306-conversion-gate01
Ipfs
Ipfs
Decentralized storage IPFS & Ulord
Decentralized storage IPFS & Ulord
ION Durban - DNSSEC, and Why We Can't Avoid It
ION Durban - DNSSEC, and Why We Can't Avoid It
DNSSEC implementation in Russia
DNSSEC implementation in Russia
Back to Basics 2017: Introduction to Sharding
Back to Basics 2017: Introduction to Sharding
Sizing MongoDB Clusters
Sizing MongoDB Clusters
Similar to Qunog12-DNS暗号化
Encrypted DNS - DNS over TLS / DNS over HTTPS
Encrypted DNS - DNS over TLS / DNS over HTTPS
Alex Mayrhofer
How to send DNS over anything encrypted
How to send DNS over anything encrypted
Men and Mice
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
APNIC
8 technical-dns-workshop-day4
8 technical-dns-workshop-day4
DNS Entrepreneurship Center
RIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinar
Men and Mice
DNS Survival Guide
DNS Survival Guide
APNIC
DNS Survival Guide.
DNS Survival Guide.
Qrator Labs
Rolling the Root Zone DNSSEC Key Signing Key
Rolling the Root Zone DNSSEC Key Signing Key
APNIC
Intelligent DNS Scale
Intelligent DNS Scale
Peter Silva
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenches
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenches
APNIC
Encrypted DNS research @ nic.at
Encrypted DNS research @ nic.at
Alex Mayrhofer
Clemson: Solving the HPC Data Deluge
Clemson: Solving the HPC Data Deluge
inside-BigData.com
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
APNIC
Leveraging DNS to Surface Attacker Activity
Leveraging DNS to Surface Attacker Activity
Sqrrl
DNSSEC signing Tutorial
DNSSEC signing Tutorial
Men and Mice
The DNS of Things
The DNS of Things
F5 Networks
ION Hangzhou - Why Deploy DNSSEC?
ION Hangzhou - Why Deploy DNSSEC?
Deploy360 Programme (Internet Society)
The DNS of Things
The DNS of Things
Peter Silva
Qnap event v1.6
Qnap event v1.6
Amir Ghorbanali
F5's Dynamic DNS Services
F5's Dynamic DNS Services
F5 Networks
Similar to Qunog12-DNS暗号化
(20)
Encrypted DNS - DNS over TLS / DNS over HTTPS
Encrypted DNS - DNS over TLS / DNS over HTTPS
How to send DNS over anything encrypted
How to send DNS over anything encrypted
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
8 technical-dns-workshop-day4
8 technical-dns-workshop-day4
RIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinar
DNS Survival Guide
DNS Survival Guide
DNS Survival Guide.
DNS Survival Guide.
Rolling the Root Zone DNSSEC Key Signing Key
Rolling the Root Zone DNSSEC Key Signing Key
Intelligent DNS Scale
Intelligent DNS Scale
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenches
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenches
Encrypted DNS research @ nic.at
Encrypted DNS research @ nic.at
Clemson: Solving the HPC Data Deluge
Clemson: Solving the HPC Data Deluge
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
Leveraging DNS to Surface Attacker Activity
Leveraging DNS to Surface Attacker Activity
DNSSEC signing Tutorial
DNSSEC signing Tutorial
The DNS of Things
The DNS of Things
ION Hangzhou - Why Deploy DNSSEC?
ION Hangzhou - Why Deploy DNSSEC?
The DNS of Things
The DNS of Things
Qnap event v1.6
Qnap event v1.6
F5's Dynamic DNS Services
F5's Dynamic DNS Services
Recently uploaded
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
Asst.prof M.Gokilavani
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSIS
rknatarajan
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptx
upamatechverse
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Dr.Costas Sachpazis
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
SIVASHANKAR N
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
SIVASHANKAR N
University management System project report..pdf
University management System project report..pdf
Kamal Acharya
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls in Nagpur High Profile
UNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular Conduits
rknatarajan
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
ranjana rawat
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
slot gacor bisa pakai pulsa
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
ranjana rawat
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
ranjana rawat
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
fenichawla
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Call Girls in Nagpur High Profile
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdf
ankushspencer015
Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)
simmis5
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performance
sivaprakash250
Online banking management system project.pdf
Online banking management system project.pdf
Kamal Acharya
Recently uploaded
(20)
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSIS
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptx
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
University management System project report..pdf
University management System project report..pdf
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
UNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular Conduits
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdf
Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performance
Online banking management system project.pdf
Online banking management system project.pdf
Qunog12-DNS暗号化
1.
1© Internet Initiative
Japan Inc. Qunog12 DNS 812 0
2.
2
3.
3 KSK KSK KSK−2017
4.
4 nlnetlabs RIPE Atlas KSK2017
5.
5
6.
6
7.
7 Manabu Sonoda DNS • • ISP
L1 L8 • IIJ • IIJ • IIJ DNS DNS • D.DNS.JP • DNS
8.
8 • DNS • DNS
9.
9 DNS
10.
10 DNSSEC
11.
11 DNSSEC
12.
12 DNSSEC DNS DNSSEC • • • DNS • • •
13.
13 MITM DNS
14.
14 DNS DNS qname minimisation QNAME DNS
15.
15 qname minimisation Qname DNS root jp example.jp www.example.jp jp example.jp www.example.jp www.example.jp www.example.jp Qname
minimisation
16.
16
17.
17 IETF 3 • DNS
over TLS (DoT) • DNS over DTLS (DoD) • DNS over HTTPS (DoH)
18.
18 RFC7858 Specification for
DNS over Transport Layer Security (TLS) DNS over TLS (DoT) • TLS TCP DNS • HTTP HTTPS • 2018 10 IP TCP TLS DNS
19.
19 RFC8094 DNS over
Datagram Transport Layer Security (DTLS) DNS over DTLS (DoD) • DTLS DNS • DTLS • Experimental RFC IP UDP DTLS DNS
20.
20 ietf-doh-dns-over-https DNS over HTTPS
(DoH) • • HTTPS DNS • GET POST IP TCP TLS HTTP/1 HTTP/2 UDP QUICK HTTP/2 DNS
21.
21 ietf-doh-dns-over-https GET :method = GET :scheme
= https :authority = <DoH > :path = /dns-query?dns=<UDP DNS base64uri > Accept = application/dns-message Request Response Content-type = application/dns-message Content-length = <DNS > Cache-control = <DNS TTL > DNS
22.
22 ietf-doh-dns-over-https POST :method = POST :scheme
= https :authority = <DoH > :path = /dns-query Accept = application/dns-message Content-type = application/dns-message Content-length = <DNS > DNS Request Response GET
23.
23 DNS over TLS
24.
24 DNS over TLS •
Unbound • Knot-resolver • Android 9 • systemd-resolved
25.
25 DNS over TLS
26.
26 - DoT -
Unbound Unbound --with-ssl DoT unbound-1.8.1 $ ./configure --with-libevent –with-ssl tls-service-key: “tls.key” # tls-service-pem: “tls.crt” # server: interface: 127.0.0.1@853 # listen address@port interface: 192.168.0.53@853 # listen address@port 2. listen IP IP interface-automatic 0.0.0.0@853 ::0@853 Listen 1. Server
27.
27 - DoT -
knot-resolver Knot-resolver DoT net.tls("tls.cert","tls.key") 1. Kred.conf 2. TLS Listen IP net.listen({’0.0.0.0’,'::'},{tls=true}) 3. Knot-resolver TLS Session Ticket TLS net.tls_sticket_secret(‘pre-shard secret’)
28.
28 - DoT DoT TCP
DNS TLS TLS TCP DNS TLS proxy DoT DoT nginx DNS over TLS https://dnsops.jp/bof/20151119/dnsovertls.pdf BIND DoT IP TCP TLS DNS TLS IP TCP DNS
29.
29 DNS over TLS
30.
30 - DoT -
Android9 Andorid9 DNS DoT • • • DHCP DNS DoT DoT
31.
31 - DoT -
Android9 • • Android OK • SAN • MITM • RFC RFC
32.
32 DNS over HTTPS
33.
33 - DoH DNS over
HTTPS • • cloudflare knot-resolver ) • systemd-resolved • Firefox(Windows,MacOSX,Linux) • Intra(Android) • • curl(master branch) • Chrome
34.
34 DNS over HTTPS
35.
35 - DoH - Native
DoH DoT DoT 1. HTTPS dns 2. UDP 3. TTL TTL Cache-control body BIND DoT IP TCP TLS HTTP DoT IP TCP/UDP DNS
36.
36 DNS over HTTPS
37.
37 - DoH -
Firefox Firefox DoH Trusted Recusive Resolver (TRR) about:config • network.trr.uri DoH • network.trr.mode 1 about:networking#dns TRR true DoH
38.
38 - DoH -
Intra Intra Alphabet Jigsaw Android • Android4.0 • Google Public DNS JSON-API Google • CloudFrare DoH IETF • DoH IETF
39.
39 DNS ISP
40.
40 DNS DNS DNS DNS ISP DNS Hyper Giants
41.
41
Download now