ION Mumbai - Jitender Kumar: DNSSEC

294 views

Published on

Jitender Kumar's presentation from ION Mumbai on 11 October 2012

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
294
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

ION Mumbai - Jitender Kumar: DNSSEC

  1. 1. DNSSEC Jitender Kumar jkumar@afilias.in ION Conference, Mumbai, October 2012
  2. 2. Agenda •  About Afilias •  DNSSEC •  DNSSEC Signing •  DNSSEC Validation •  Afilias’s Role in DNSSEC Deployment ION Conference, Mumbai, October 2012© Afilias Limited
  3. 3. About Afilias • Best known for domain name registry services • Supporting 21M names across 16 TLDs ICANN contracted gTLDs Country Code TLDs© Afilias Limited ION Conference, Mumbai, October 2012
  4. 4. What is DNSSEC ? •  A set of security extensions to the existing DNS protocol added by the Internet Engineering Task Force (IETF). •  DNSSEC provides : –  Authentication of the source of the information in a DNS response –  Integrity of the information in a DNS response –  Authenticated denial of existence •  DNSSEC doesn’t provide : –  Confidentiality, access control lists, or other means of differentiating between inquirers. –  Protection against Denial of Service (DoS) attacks •  Two principle deployment dimensions for us to consider –  Signing; and –  Validating ION Conference, Mumbai, October 2012© Afilias Limited
  5. 5. Signing •  Afilias has been signing TLDs since before the root zone was signed •  We are responsible for the key material used for the signing process, including publication •  .IN Registry has been one of the early adopter of DNSSEC, facilitated by Afilias as we are the registry services provider •  NamesBeyond and Net4India, registrars who have deployed DNSSEC services ION Conference, Mumbai, October 2012© Afilias Limited
  6. 6. Validating •  Our DNS provides authoritative responses when queried about a zone that we manage •  Afilias provides the DS record that enables validation of signed domains in TLDs we host •  Registrars are responsible for ensuring the registry has the public key information it needs for the DS record ION Conference, Mumbai, October 2012© Afilias Limited
  7. 7. Gap In The System •  The public key information needed for the DS record is managed by the DNS hosting provider •  Everything works great as long as the registrar is the DNS hosting provider •  When a third party DNS hosting provider is used there needs to be an interaction between the registrar and that provider •  This is currently a manual copy-and-paste ION Conference, Mumbai, October 2012© Afilias Limited
  8. 8. Reference •  http://www.internetsociety.org/what-we-do/ technology-matters/dnssec ION Conference, Mumbai, October 2012© Afilias Limited
  9. 9. THANK YOU ION Conference, Mumbai, October 2012© Afilias Limited

×