Your SlideShare is downloading. ×
UA DNSSEC Status Update: ENOG3
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

UA DNSSEC Status Update: ENOG3

46
views

Published on


0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
46
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. DNSSEC in UA - StatusUpdateDmitry KohmanyukMay 22, 20121
  • 2. Test zone UA.UA• November 8th, 2011• Zone UA.UA signed, keys in DLV(dlv.isc.org)• UA has DS record for ua.ua• Test web site (can use Firefox pluginto verify)2
  • 3. Zone UA Key GenerationCeremony• December 2nd, 2011• Key parameters:RSASHA512 (algorithm 10)KSK bits: 2048ZSK bits: 10243
  • 4. DNSSEC TestbedEnvironmentTest signing environment:– BIND 9.8– some shell and Make magic– FreeBSD with jails– rsync4
  • 5. Public server with cloned UA(signed with test key)• Anycast server: ho1.ua.ua195.47.253.172001:67c:258::17• Test trust anchor:ua. IN DS 29019 10 268B5F97978F45398C9C0382161701EA3AB4A882011DCAA4F5188800D D58FE2AD• This is not a production zone, use asyour own risk (but all NS records arethe same)5
  • 6. Public resolver - enabledDNSSEC validation• Announced February 7th 2012 at FifthIPv6 Workshop in Kiev• Code name “Lighthouse”– lh.cctld.ua194.44.71.712001:7f8:55:7::71• Uses test authoritative server6
  • 7. Live Deployment Schedule• KSK in UA - Mach 27th 2012• DS in DLV - March 28th 2012• DS in Root Zone - April 13th 2012• DS delegations in UA -- 6 total:– ua.ua netassist.ua rovno.ua nic.ua;chernovtsy.ua cv.ua (added May21)7
  • 8. DNSSEC traffic, ho1.ns.uaanycast8
  • 9. Questions?www.hostmaster.ua/dnssecinfo@hostmaster.ua9