UA DNSSEC Status Update: ENOG3
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
202
On Slideshare
202
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
0
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. DNSSEC in UA - StatusUpdateDmitry KohmanyukMay 22, 20121
  • 2. Test zone UA.UA• November 8th, 2011• Zone UA.UA signed, keys in DLV(dlv.isc.org)• UA has DS record for ua.ua• Test web site (can use Firefox pluginto verify)2
  • 3. Zone UA Key GenerationCeremony• December 2nd, 2011• Key parameters:RSASHA512 (algorithm 10)KSK bits: 2048ZSK bits: 10243
  • 4. DNSSEC TestbedEnvironmentTest signing environment:– BIND 9.8– some shell and Make magic– FreeBSD with jails– rsync4
  • 5. Public server with cloned UA(signed with test key)• Anycast server: ho1.ua.ua195.47.253.172001:67c:258::17• Test trust anchor:ua. IN DS 29019 10 268B5F97978F45398C9C0382161701EA3AB4A882011DCAA4F5188800D D58FE2AD• This is not a production zone, use asyour own risk (but all NS records arethe same)5
  • 6. Public resolver - enabledDNSSEC validation• Announced February 7th 2012 at FifthIPv6 Workshop in Kiev• Code name “Lighthouse”– lh.cctld.ua194.44.71.712001:7f8:55:7::71• Uses test authoritative server6
  • 7. Live Deployment Schedule• KSK in UA - Mach 27th 2012• DS in DLV - March 28th 2012• DS in Root Zone - April 13th 2012• DS delegations in UA -- 6 total:– ua.ua netassist.ua rovno.ua nic.ua;chernovtsy.ua cv.ua (added May21)7
  • 8. DNSSEC traffic, ho1.ns.uaanycast8
  • 9. Questions?www.hostmaster.ua/dnssecinfo@hostmaster.ua9