UA DNSSEC Status Update: ENOG3
Upcoming SlideShare
Loading in...5
×
 

UA DNSSEC Status Update: ENOG3

on

  • 181 views

 

Statistics

Views

Total Views
181
Views on SlideShare
181
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

CC Attribution-ShareAlike LicenseCC Attribution-ShareAlike License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

UA DNSSEC Status Update: ENOG3 UA DNSSEC Status Update: ENOG3 Presentation Transcript

  • DNSSEC in UA - StatusUpdateDmitry KohmanyukMay 22, 20121
  • Test zone UA.UA• November 8th, 2011• Zone UA.UA signed, keys in DLV(dlv.isc.org)• UA has DS record for ua.ua• Test web site (can use Firefox pluginto verify)2
  • Zone UA Key GenerationCeremony• December 2nd, 2011• Key parameters:RSASHA512 (algorithm 10)KSK bits: 2048ZSK bits: 10243
  • DNSSEC TestbedEnvironmentTest signing environment:– BIND 9.8– some shell and Make magic– FreeBSD with jails– rsync4
  • Public server with cloned UA(signed with test key)• Anycast server: ho1.ua.ua195.47.253.172001:67c:258::17• Test trust anchor:ua. IN DS 29019 10 268B5F97978F45398C9C0382161701EA3AB4A882011DCAA4F5188800D D58FE2AD• This is not a production zone, use asyour own risk (but all NS records arethe same)5
  • Public resolver - enabledDNSSEC validation• Announced February 7th 2012 at FifthIPv6 Workshop in Kiev• Code name “Lighthouse”– lh.cctld.ua194.44.71.712001:7f8:55:7::71• Uses test authoritative server6
  • Live Deployment Schedule• KSK in UA - Mach 27th 2012• DS in DLV - March 28th 2012• DS in Root Zone - April 13th 2012• DS delegations in UA -- 6 total:– ua.ua netassist.ua rovno.ua nic.ua;chernovtsy.ua cv.ua (added May21)7
  • DNSSEC traffic, ho1.ns.uaanycast8
  • Questions?www.hostmaster.ua/dnssecinfo@hostmaster.ua9