SlideShare a Scribd company logo

Yeti DNS - Experimenting at the root

Men and Mice
Men and Mice

Yeti-DNS is an international research project with the purpose of testing new technologies and procedures in running the Internet root zone. The project runs tests on DNSSEC key rollovers in the root, as well as experimenting with new ways to manage the DNSSEC keys (multiple zone signing keys). An interview with Shane Kerr, a coordinator for the Yeti-DNS project, forms part of this webinar. The interview sheds light on the technical and political aspects of the project and introduces the latest results from experiments. The webinar also includes a tutorial on how to use the Yeti-DNS root name servers to configure a BIND 9 DNS resolver in order to take part in the project.

Technology
1 of 17
Download to read offline
Yeti-DNS Experimenting at the root 1
© Men & Mice http://menandmice.com Yeti-DNS Interview with Yeti-DNS coordinator Shane Kerr Tutorials - BIND 9 Resolver using Yeti-DNS - Unbound Resolver using Yeti-DNS 2
© Men & Mice http://menandmice.com Interview with Shane Kerr 3
© Men & Mice http://menandmice.com Using Yeti-DNS root The Yeti-DNS project relies on interested networks to run DNS-resolver towards the Yeti-DNS root • to generate "real-world" query traffic • Yeti-DNS is IPv6-only •you need IPv6 connectivity to participate (native IPv6 is best, but a tunnel is fine) • Setup is not hard • but keep in mind that Yeti-DNS is an experimental project, there might be glitches and downtime • do not run a mission critical network via Yeti-DNS • research or internal IT staff networks, Guest-WLAN etc might be fine 4
© Men & Mice http://menandmice.com BIND 9 with Yeti-DNS root Example for Ubuntu 16.04: # apt install bind9 # wget -O /etc/bind/yeti-root.hints 
 https://raw.githubusercontent.com/BII-Lab/Yeti-Project/master/domain/named.cache # vi /etc/bind/named.conf.local ——
 zone "." {
 type hint;
 file "/etc/bind/yeti-root.hints";
 };
 
 managed-keys {
 "." initial-key 257 3 8 "AwEAAaP3gGQ4db0tAiDEky0dcUNGeI1aTDYP5NFxzhbdpD60ZhKLVV4K
 yxPmoSNUpq5Fv5M0iBwK1Tyswsyq/9sMSoZ8zx8aT3ho1YnPsSqQeJfj
 TT1WsX6YZ5Kw6B2QkjRNa6OMGZ96Kn8AI/slqsw+z8hY49Sn3baeo9iJ
 xHPzloNc2dQkW4aLqzNEYxnuoJsthCfGrPSAXlUjY9m3YKIaEWR5WFYQ
 k770fT+gGWLk/54Vp0sG+Lw75JZnwhDhixPFaToTDNqbHQmkEylq1XJL
 O15uZ/+RZNRfTXZKO4fVR0tMEbMAITqRmyP8xLXY4RXbS4J32gnenQbz
 ABX8sQmwO7s=";
 }; 5 Fetching the Yeti-DNS Root-Hints Configure the Yeti-Root- Hints The Yeti-DNS Root KSK for DNSSEC validation
© Men & Mice http://menandmice.com BIND 9 with Yeti-DNS root Example for Ubuntu 16.04: # vi /etc/bind/named.conf.default-zones ----- // prime the server with knowledge of the root servers
 #zone "." {
 # type hint;
 # file "/etc/bind/db.root";
 #}; ------ # named-checkconf # systemctl restart bind9 # systemctl status bind9 6 uncommenting the "official" IANA Root-Hints check the configuration and restart BIND 9
© Men & Mice http://menandmice.com BIND 9 with Yeti-DNS root Example for Ubuntu 16.04: # dig @localhost ns .
 ; <<>> DiG 9.10.3-P4-Ubuntu <<>> @localhost ns .
 ; (1 server found)
 ;; global options: +cmd
 ;; Got answer:
 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52931
 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 25, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION:
 ; EDNS: version: 0, flags:; udp: 4096
 ;; QUESTION SECTION:
 ;. IN NS
 ;; ANSWER SECTION:
 . 86367 IN NS yeti1.ipv6.ernet.in.
 . 86367 IN NS yeti-ns2.dns-lab.net.
 . 86367 IN NS yeti-ns.as59715.net.
 . 86367 IN NS yeti.ipv6.ernet.in.
 . 86367 IN NS dahu2.yeti.eu.org.
 […]
 . 86367 IN NS bii.dns-lab.net.
 . 86367 IN NS yeti-ns.lab.nic.cl.
 . 86367 IN NS yeti-ns.tisf.net.
 . 86367 IN NS 18ac3e7343f016890c510e93f93526.yeti-dns.net. ;; Query time: 0 msec
 ;; SERVER: 127.0.0.1#53(127.0.0.1)
 ;; WHEN: Thu Jun 09 13:06:49 CEST 2016
 ;; MSG SIZE rcvd: 823 7 Query for the Nameserver NS- RRSET of the root zone (must be DNSSEC validated 
 AD-Flag!) the list of Yeti-DNS root server
© Men & Mice http://menandmice.com Unbound with Yeti-DNS root Example for Ubuntu 16.04: # apt install unbound # wget wget -O /etc/unbound/yeti-root.hints 
 https://raw.githubusercontent.com/BII-Lab/Yeti-Project/master/domain/named.cache # vi /etc/unbound/unbound.conf.d/yeti-root.conf
 ——
 server:
 root-hints: "yeti-root.hints" —— 8 fetching the Yeti-DNS root-hints
© Men & Mice http://menandmice.com Unbound with Yeti-DNS root Example for Ubuntu 16.04: ! ! # wget -O /var/lib/unbound/root.key 
 https://raw.githubusercontent.com/BII-Lab/Yeti-Project/master/domain/KSK.pub # echo 'ROOT_TRUST_ANCHOR_UPDATE="false"' >> /etc/default/unbound 9 fetching the Yeti-DNS root-KSK for DNSSEC validation disabling the update of the DNSSEC root KSK via unbound-anchor
© Men & Mice http://menandmice.com Unbound with Yeti-DNS root Example for Ubuntu 16.04: ! ! # unbound-checkconf 
 unbound-checkconf: no errors in /etc/unbound/unbound.conf # systemctl restart unbound # systemctl status unbound ! 10 check the Unbound configuration for errors
© Men & Mice http://menandmice.com Unbound with Yeti-DNS root Example for Ubuntu 16.04: # dig @localhost ns . ; <<>> DiG 9.10.3-P4-Ubuntu <<>> @localhost ns .
 ; (1 server found)
 ;; global options: +cmd
 ;; Got answer:
 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29228
 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 25, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION:
 ; EDNS: version: 0, flags:; udp: 4096
 ;; QUESTION SECTION:
 ;. IN NS ;; ANSWER SECTION: . 86369 IN NS 3f79bb7b435b05321651daefd374cd.yeti-dns.net.
 . […]
 . 86369 IN NS yeti-ns.tisf.net.
 . 86369 IN NS yeti-ns1.dns-lab.net.
 . 86369 IN NS 2e7d2c03a9507ae265ecf5b5356885.yeti-dns.net.
 . 86369 IN NS yeti.ipv6.ernet.in.
 . 86369 IN NS dahu1.yeti.eu.org.
 . 86369 IN NS yeti-ns.wide.ad.jp.
 ;; Query time: 0 msec
 ;; SERVER: 127.0.0.1#53(127.0.0.1)
 ;; WHEN: Thu Jun 09 13:44:23 CEST 2016
 ;; MSG SIZE rcvd: 823 11 Query for the Nameserver NS- RRSET of the root zone (must be DNSSEC validated 
 AD-Flag!) the list of Yeti-DNS root server
© Men & Mice http://menandmice.com Yeti-DNS resources Website: 
 http://yeti-dns.org/ Mailinglist: http://lists.yeti-dns.org/mailman/listinfo/discuss Statistics: http://yeti-dns.org/statistics.html Yeti-Root-Server Monitoring: (via RIPE Atlas) http://yeti-dns.org/monitor.html 12
© Men & Mice http://menandmice.com Upcoming training classes Special 
 4 day IPv6 Intro & Advanced Topics Workshop
 
 August 1 – 4, 2016 Livermore, CA (USA) 13 https://www.menandmice.com/support-training/training/ipv6/
© Men & Mice http://menandmice.com Upcoming training classes KEA-DHCP August 8 – 9, 2016 - Amsterdam, The Netherlands October 13 – 14, 2016 - West Coast, USA October 17 – 18, 2016 - East Coast, USA November 21 – 22, 2016 - Amsterdam, The Netherlands Two days - Hands-On training US$ 1795 14 https://www.menandmice.com/support-training/training/kea-dhcp-training/
© Men & Mice http://menandmice.com more training •August 22 – 24, 2016 Introduction to DNS & BIND Hands-On class Amsterdam, The Netherlands • August 22 – 26, 2016 Introduction & Advanced DNS and BIND Topics Hands-on class Amsterdam, The Netherlands •August 24 – 26, 2016 DNSSEC Technical Workshop – Implementation and Deployment Amsterdam, The Netherlands •October 3 – 5, 2016 Introduction to DNS & BIND Hands-On class Arlington (VA), USA •October 3 – 7, 2016 Introduction & Advanced DNS and BIND Topics Hands- on class Arlington (VA), USA •October 5 – 7, 2016 DNSSEC Technical Workshop – Implementation and Deployment Arlington (VA), USA 15 https://www.menandmice.com/support-training/training/
© Men & Mice http://menandmice.com ISC Webinars Webinar: Extending Kea with Hooks 29 June 2016 - 10:00 AM PST / 5:00 PM UCT https://goo.gl/ZP3NIc 16
© Men & Mice http://menandmice.com Thank you! ! Questions? Comments? 17

Recommended

DNSSEC signing Tutorial
DNSSEC signing Tutorial DNSSEC signing Tutorial
DNSSEC signing Tutorial Men and Mice
 
DNSTap Webinar
DNSTap WebinarDNSTap Webinar
DNSTap WebinarMen and Mice
 
Namespaces for Local Networks
Namespaces for Local NetworksNamespaces for Local Networks
Namespaces for Local NetworksMen and Mice
 
The DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rollsThe DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rollsMen and Mice
 
DNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing SolutionsDNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing SolutionsMen and Mice
 
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOSPart 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOSMen and Mice
 
BIND 9 logging best practices
BIND 9 logging best practicesBIND 9 logging best practices
BIND 9 logging best practicesMen and Mice
 
Part 2 - Local Name Resolution in Windows Networks
Part 2 - Local Name Resolution in Windows NetworksPart 2 - Local Name Resolution in Windows Networks
Part 2 - Local Name Resolution in Windows NetworksMen and Mice
 

Recommended

DNSSEC signing Tutorial
DNSSEC signing Tutorial DNSSEC signing Tutorial
DNSSEC signing Tutorial Men and Mice
 
DNSTap Webinar
DNSTap WebinarDNSTap Webinar
DNSTap WebinarMen and Mice
 
Namespaces for Local Networks
Namespaces for Local NetworksNamespaces for Local Networks
Namespaces for Local NetworksMen and Mice
 
The DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rollsThe DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rollsMen and Mice
 
DNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing SolutionsDNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing SolutionsMen and Mice
 
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOSPart 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOSMen and Mice
 
BIND 9 logging best practices
BIND 9 logging best practicesBIND 9 logging best practices
BIND 9 logging best practicesMen and Mice
 
Part 2 - Local Name Resolution in Windows Networks
Part 2 - Local Name Resolution in Windows NetworksPart 2 - Local Name Resolution in Windows Networks
Part 2 - Local Name Resolution in Windows NetworksMen and Mice
 
What is new in BIND 9.11?
What is new in BIND 9.11?What is new in BIND 9.11?
What is new in BIND 9.11?Men and Mice
 
The CAA-Record for increased encryption security
The CAA-Record for increased encryption securityThe CAA-Record for increased encryption security
The CAA-Record for increased encryption securityMen and Mice
 
How to send DNS over anything encrypted
How to send DNS over anything encryptedHow to send DNS over anything encrypted
How to send DNS over anything encryptedMen and Mice
 
RIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinarRIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinarMen and Mice
 
Keeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runitKeeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runitMen and Mice
 
Windows Server 2016 Webinar
Windows Server 2016 WebinarWindows Server 2016 Webinar
Windows Server 2016 WebinarMen and Mice
 
Kea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCKea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCMen and Mice
 
Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...
Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...
Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...APNIC
 
SMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANESMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANEMen and Mice
 
The KNOT DNS Server
The KNOT DNS ServerThe KNOT DNS Server
The KNOT DNS ServerMen and Mice
 
RIPE 70 Report Webinar
RIPE 70 Report WebinarRIPE 70 Report Webinar
RIPE 70 Report WebinarMen and Mice
 
Why Managed Service Providers Should Embrace Container Technology
Why Managed Service Providers Should Embrace Container TechnologyWhy Managed Service Providers Should Embrace Container Technology
Why Managed Service Providers Should Embrace Container TechnologySagi Brody
 
Passive DNS Collection – Henry Stern, Cisco
Passive DNS Collection – Henry Stern, CiscoPassive DNS Collection – Henry Stern, Cisco
Passive DNS Collection – Henry Stern, CiscoHenry Stern
 
Fighting Abuse with DNS
Fighting Abuse with DNSFighting Abuse with DNS
Fighting Abuse with DNSMen and Mice
 
HAProxy scale out using open source
HAProxy scale out using open sourceHAProxy scale out using open source
HAProxy scale out using open sourceIngo Walz
 
DNSSEC Tutorial; USENIX LISA 2013
DNSSEC Tutorial; USENIX LISA 2013DNSSEC Tutorial; USENIX LISA 2013
DNSSEC Tutorial; USENIX LISA 2013Shumon Huque
 
Get your instance by name integration of nova, neutron and designate
Get your instance by name integration of nova, neutron and designateGet your instance by name integration of nova, neutron and designate
Get your instance by name integration of nova, neutron and designateMiguel Lavalle
 
DNS over HTTPS
DNS over HTTPSDNS over HTTPS
DNS over HTTPSDaniel Stenberg
 
Observability with HAProxy
Observability with HAProxyObservability with HAProxy
Observability with HAProxyHAProxy Technologies
 
Presentation iv implementasi 802x eap tls peap mscha pv2
Presentation iv implementasi 802x eap tls peap mscha pv2Presentation iv implementasi 802x eap tls peap mscha pv2
Presentation iv implementasi 802x eap tls peap mscha pv2Hell19
 
PLNOG 5: Eric Ziegast, Zbigniew Jasinski - DNSSEC
PLNOG 5: Eric Ziegast, Zbigniew Jasinski - DNSSECPLNOG 5: Eric Ziegast, Zbigniew Jasinski - DNSSEC
PLNOG 5: Eric Ziegast, Zbigniew Jasinski - DNSSECPROIDEA
 
Caching and tuning fun for high scalability
Caching and tuning fun for high scalabilityCaching and tuning fun for high scalability
Caching and tuning fun for high scalabilityWim Godden
 

More Related Content

What's hot

What is new in BIND 9.11?
What is new in BIND 9.11?What is new in BIND 9.11?
What is new in BIND 9.11?Men and Mice
 
The CAA-Record for increased encryption security
The CAA-Record for increased encryption securityThe CAA-Record for increased encryption security
The CAA-Record for increased encryption securityMen and Mice
 
How to send DNS over anything encrypted
How to send DNS over anything encryptedHow to send DNS over anything encrypted
How to send DNS over anything encryptedMen and Mice
 
RIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinarRIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinarMen and Mice
 
Keeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runitKeeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runitMen and Mice
 
Windows Server 2016 Webinar
Windows Server 2016 WebinarWindows Server 2016 Webinar
Windows Server 2016 WebinarMen and Mice
 
Kea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCKea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCMen and Mice
 
Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...
Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...
Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...APNIC
 
SMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANESMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANEMen and Mice
 
The KNOT DNS Server
The KNOT DNS ServerThe KNOT DNS Server
The KNOT DNS ServerMen and Mice
 
RIPE 70 Report Webinar
RIPE 70 Report WebinarRIPE 70 Report Webinar
RIPE 70 Report WebinarMen and Mice
 
Why Managed Service Providers Should Embrace Container Technology
Why Managed Service Providers Should Embrace Container TechnologyWhy Managed Service Providers Should Embrace Container Technology
Why Managed Service Providers Should Embrace Container TechnologySagi Brody
 
Passive DNS Collection – Henry Stern, Cisco
Passive DNS Collection – Henry Stern, CiscoPassive DNS Collection – Henry Stern, Cisco
Passive DNS Collection – Henry Stern, CiscoHenry Stern
 
Fighting Abuse with DNS
Fighting Abuse with DNSFighting Abuse with DNS
Fighting Abuse with DNSMen and Mice
 
HAProxy scale out using open source
HAProxy scale out using open sourceHAProxy scale out using open source
HAProxy scale out using open sourceIngo Walz
 
DNSSEC Tutorial; USENIX LISA 2013
DNSSEC Tutorial; USENIX LISA 2013DNSSEC Tutorial; USENIX LISA 2013
DNSSEC Tutorial; USENIX LISA 2013Shumon Huque
 
Get your instance by name integration of nova, neutron and designate
Get your instance by name integration of nova, neutron and designateGet your instance by name integration of nova, neutron and designate
Get your instance by name integration of nova, neutron and designateMiguel Lavalle
 
Presentation iv implementasi 802x eap tls peap mscha pv2
Presentation iv implementasi 802x eap tls peap mscha pv2Presentation iv implementasi 802x eap tls peap mscha pv2
Presentation iv implementasi 802x eap tls peap mscha pv2Hell19
 

What's hot (20)

What is new in BIND 9.11?
What is new in BIND 9.11?What is new in BIND 9.11?
What is new in BIND 9.11?
 
The CAA-Record for increased encryption security
The CAA-Record for increased encryption securityThe CAA-Record for increased encryption security
The CAA-Record for increased encryption security
 
How to send DNS over anything encrypted
How to send DNS over anything encryptedHow to send DNS over anything encrypted
How to send DNS over anything encrypted
 
RIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinarRIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinar
 
Keeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runitKeeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runit
 
Windows Server 2016 Webinar
Windows Server 2016 WebinarWindows Server 2016 Webinar
Windows Server 2016 Webinar
 
Kea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCKea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISC
 
Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...
Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...
Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...
 
SMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANESMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANE
 
The KNOT DNS Server
The KNOT DNS ServerThe KNOT DNS Server
The KNOT DNS Server
 
RIPE 70 Report Webinar
RIPE 70 Report WebinarRIPE 70 Report Webinar
RIPE 70 Report Webinar
 
Why Managed Service Providers Should Embrace Container Technology
Why Managed Service Providers Should Embrace Container TechnologyWhy Managed Service Providers Should Embrace Container Technology
Why Managed Service Providers Should Embrace Container Technology
 
Passive DNS Collection – Henry Stern, Cisco
Passive DNS Collection – Henry Stern, CiscoPassive DNS Collection – Henry Stern, Cisco
Passive DNS Collection – Henry Stern, Cisco
 
Fighting Abuse with DNS
Fighting Abuse with DNSFighting Abuse with DNS
Fighting Abuse with DNS
 
HAProxy scale out using open source
HAProxy scale out using open sourceHAProxy scale out using open source
HAProxy scale out using open source
 
DNSSEC Tutorial; USENIX LISA 2013
DNSSEC Tutorial; USENIX LISA 2013DNSSEC Tutorial; USENIX LISA 2013
DNSSEC Tutorial; USENIX LISA 2013
 
Get your instance by name integration of nova, neutron and designate
Get your instance by name integration of nova, neutron and designateGet your instance by name integration of nova, neutron and designate
Get your instance by name integration of nova, neutron and designate
 
DNS over HTTPS
DNS over HTTPSDNS over HTTPS
DNS over HTTPS
 
Observability with HAProxy
Observability with HAProxyObservability with HAProxy
Observability with HAProxy
 
Presentation iv implementasi 802x eap tls peap mscha pv2
Presentation iv implementasi 802x eap tls peap mscha pv2Presentation iv implementasi 802x eap tls peap mscha pv2
Presentation iv implementasi 802x eap tls peap mscha pv2
 

Similar to Yeti DNS - Experimenting at the root

PLNOG 5: Eric Ziegast, Zbigniew Jasinski - DNSSEC
PLNOG 5: Eric Ziegast, Zbigniew Jasinski - DNSSECPLNOG 5: Eric Ziegast, Zbigniew Jasinski - DNSSEC
PLNOG 5: Eric Ziegast, Zbigniew Jasinski - DNSSECPROIDEA
 
Caching and tuning fun for high scalability
Caching and tuning fun for high scalabilityCaching and tuning fun for high scalability
Caching and tuning fun for high scalabilityWim Godden
 
The New Root Zone DNSSEC KSK
The New Root Zone DNSSEC KSKThe New Root Zone DNSSEC KSK
The New Root Zone DNSSEC KSKAPNIC
 
SUSE - performance analysis-with_ceph
SUSE - performance analysis-with_cephSUSE - performance analysis-with_ceph
SUSE - performance analysis-with_cephinwin stack
 
Ceph Day Chicago - Ceph Deployment at Target: Best Practices and Lessons Learned
Ceph Day Chicago - Ceph Deployment at Target: Best Practices and Lessons LearnedCeph Day Chicago - Ceph Deployment at Target: Best Practices and Lessons Learned
Ceph Day Chicago - Ceph Deployment at Target: Best Practices and Lessons LearnedCeph Community
 
Performance analysis with_ceph
Performance analysis with_cephPerformance analysis with_ceph
Performance analysis with_cephAlex Lau
 
Nagios Conference 2013 - Spenser Reinhardt - Securing Your Nagios Server
Nagios Conference 2013 - Spenser Reinhardt - Securing Your Nagios ServerNagios Conference 2013 - Spenser Reinhardt - Securing Your Nagios Server
Nagios Conference 2013 - Spenser Reinhardt - Securing Your Nagios ServerNagios
 
DNS_Tutorial 2.pptx
DNS_Tutorial 2.pptxDNS_Tutorial 2.pptx
DNS_Tutorial 2.pptxviditsir
 
Ceph Deployment at Target: Customer Spotlight
Ceph Deployment at Target: Customer SpotlightCeph Deployment at Target: Customer Spotlight
Ceph Deployment at Target: Customer SpotlightRed_Hat_Storage
 
Ceph Deployment at Target: Customer Spotlight
Ceph Deployment at Target: Customer SpotlightCeph Deployment at Target: Customer Spotlight
Ceph Deployment at Target: Customer SpotlightColleen Corrice
 
Practical Tips for Novell Cluster Services
Practical Tips for Novell Cluster ServicesPractical Tips for Novell Cluster Services
Practical Tips for Novell Cluster ServicesNovell
 
Oracle 11g R2 RAC setup on rhel 5.0
Oracle 11g R2 RAC setup on rhel 5.0Oracle 11g R2 RAC setup on rhel 5.0
Oracle 11g R2 RAC setup on rhel 5.0Santosh Kangane
 
Mens jan piet_dnssec-in-practice
Mens jan piet_dnssec-in-practiceMens jan piet_dnssec-in-practice
Mens jan piet_dnssec-in-practicekuchinskaya
 
Introduction to Stacki at Atlanta Meetup February 2016
Introduction to Stacki at Atlanta Meetup February 2016Introduction to Stacki at Atlanta Meetup February 2016
Introduction to Stacki at Atlanta Meetup February 2016StackIQ
 
2017 DNSSEC KSK Rollover
2017 DNSSEC KSK Rollover2017 DNSSEC KSK Rollover
2017 DNSSEC KSK RolloverAPNIC
 
Hostvn ceph in production v1.1 dungtq
Hostvn ceph in production v1.1 dungtqHostvn ceph in production v1.1 dungtq
Hostvn ceph in production v1.1 dungtqViet Stack
 
dns-sec-4-slides
dns-sec-4-slidesdns-sec-4-slides
dns-sec-4-slideskj teoh
 

Similar to Yeti DNS - Experimenting at the root (20)

PLNOG 5: Eric Ziegast, Zbigniew Jasinski - DNSSEC
PLNOG 5: Eric Ziegast, Zbigniew Jasinski - DNSSECPLNOG 5: Eric Ziegast, Zbigniew Jasinski - DNSSEC
PLNOG 5: Eric Ziegast, Zbigniew Jasinski - DNSSEC
 
Caching and tuning fun for high scalability
Caching and tuning fun for high scalabilityCaching and tuning fun for high scalability
Caching and tuning fun for high scalability
 
The New Root Zone DNSSEC KSK
The New Root Zone DNSSEC KSKThe New Root Zone DNSSEC KSK
The New Root Zone DNSSEC KSK
 
SUSE - performance analysis-with_ceph
SUSE - performance analysis-with_cephSUSE - performance analysis-with_ceph
SUSE - performance analysis-with_ceph
 
DNSSEC at Penn
DNSSEC at PennDNSSEC at Penn
DNSSEC at Penn
 
Ceph Day Chicago - Ceph Deployment at Target: Best Practices and Lessons Learned
Ceph Day Chicago - Ceph Deployment at Target: Best Practices and Lessons LearnedCeph Day Chicago - Ceph Deployment at Target: Best Practices and Lessons Learned
Ceph Day Chicago - Ceph Deployment at Target: Best Practices and Lessons Learned
 
Performance analysis with_ceph
Performance analysis with_cephPerformance analysis with_ceph
Performance analysis with_ceph
 
Nagios Conference 2013 - Spenser Reinhardt - Securing Your Nagios Server
Nagios Conference 2013 - Spenser Reinhardt - Securing Your Nagios ServerNagios Conference 2013 - Spenser Reinhardt - Securing Your Nagios Server
Nagios Conference 2013 - Spenser Reinhardt - Securing Your Nagios Server
 
DNS_Tutorial 2.pptx
DNS_Tutorial 2.pptxDNS_Tutorial 2.pptx
DNS_Tutorial 2.pptx
 
Ceph Deployment at Target: Customer Spotlight
Ceph Deployment at Target: Customer SpotlightCeph Deployment at Target: Customer Spotlight
Ceph Deployment at Target: Customer Spotlight
 
Ceph Deployment at Target: Customer Spotlight
Ceph Deployment at Target: Customer SpotlightCeph Deployment at Target: Customer Spotlight
Ceph Deployment at Target: Customer Spotlight
 
Practical Tips for Novell Cluster Services
Practical Tips for Novell Cluster ServicesPractical Tips for Novell Cluster Services
Practical Tips for Novell Cluster Services
 
Oracle 11g R2 RAC setup on rhel 5.0
Oracle 11g R2 RAC setup on rhel 5.0Oracle 11g R2 RAC setup on rhel 5.0
Oracle 11g R2 RAC setup on rhel 5.0
 
Big Data on DC/OS
Big Data on DC/OSBig Data on DC/OS
Big Data on DC/OS
 
Mens jan piet_dnssec-in-practice
Mens jan piet_dnssec-in-practiceMens jan piet_dnssec-in-practice
Mens jan piet_dnssec-in-practice
 
Introduction to Stacki at Atlanta Meetup February 2016
Introduction to Stacki at Atlanta Meetup February 2016Introduction to Stacki at Atlanta Meetup February 2016
Introduction to Stacki at Atlanta Meetup February 2016
 
2017 DNSSEC KSK Rollover
2017 DNSSEC KSK Rollover2017 DNSSEC KSK Rollover
2017 DNSSEC KSK Rollover
 
Hostvn ceph in production v1.1 dungtq
Hostvn ceph in production v1.1 dungtqHostvn ceph in production v1.1 dungtq
Hostvn ceph in production v1.1 dungtq
 
Hostvn ceph in production v1.1 dungtq
Hostvn ceph in production v1.1 dungtqHostvn ceph in production v1.1 dungtq
Hostvn ceph in production v1.1 dungtq
 
dns-sec-4-slides
dns-sec-4-slidesdns-sec-4-slides
dns-sec-4-slides
 

More from Men and Mice

Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network StrategiesCisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network StrategiesMen and Mice
 
PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2Men and Mice
 
IETF 93 Review Webinar
IETF 93 Review WebinarIETF 93 Review Webinar
IETF 93 Review WebinarMen and Mice
 
DNSSEC best practices Webinar
DNSSEC best practices WebinarDNSSEC best practices Webinar
DNSSEC best practices WebinarMen and Mice
 
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)Men and Mice
 
DNSSEC and DANE – E-Mail security reloaded
DNSSEC and DANE – E-Mail security reloadedDNSSEC and DANE – E-Mail security reloaded
DNSSEC and DANE – E-Mail security reloadedMen and Mice
 
IETF 90 Report – DNS, DHCP, IPv6 and DANE
IETF 90 Report – DNS, DHCP, IPv6 and DANEIETF 90 Report – DNS, DHCP, IPv6 and DANE
IETF 90 Report – DNS, DHCP, IPv6 and DANEMen and Mice
 
Scripting and automation with the Men & Mice Suite
Scripting and automation with the Men & Mice SuiteScripting and automation with the Men & Mice Suite
Scripting and automation with the Men & Mice SuiteMen and Mice
 

More from Men and Mice (11)

Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network StrategiesCisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
 
PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2
 
PowerDNS Webinar
PowerDNS Webinar PowerDNS Webinar
PowerDNS Webinar
 
IETF 93 Review Webinar
IETF 93 Review WebinarIETF 93 Review Webinar
IETF 93 Review Webinar
 
DNSSEC best practices Webinar
DNSSEC best practices WebinarDNSSEC best practices Webinar
DNSSEC best practices Webinar
 
IETF 92 Webinar
IETF 92 WebinarIETF 92 Webinar
IETF 92 Webinar
 
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
 
DNSSEC and DANE – E-Mail security reloaded
DNSSEC and DANE – E-Mail security reloadedDNSSEC and DANE – E-Mail security reloaded
DNSSEC and DANE – E-Mail security reloaded
 
IETF 90 Report – DNS, DHCP, IPv6 and DANE
IETF 90 Report – DNS, DHCP, IPv6 and DANEIETF 90 Report – DNS, DHCP, IPv6 and DANE
IETF 90 Report – DNS, DHCP, IPv6 and DANE
 
RIPE 68 Webinar
RIPE 68 WebinarRIPE 68 Webinar
RIPE 68 Webinar
 
Scripting and automation with the Men & Mice Suite
Scripting and automation with the Men & Mice SuiteScripting and automation with the Men & Mice Suite
Scripting and automation with the Men & Mice Suite
 

Recently uploaded

CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 

Recently uploaded (20)

CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 

Yeti DNS - Experimenting at the root

  • 2. © Men & Mice http://menandmice.com Yeti-DNS Interview with Yeti-DNS coordinator Shane Kerr Tutorials - BIND 9 Resolver using Yeti-DNS - Unbound Resolver using Yeti-DNS 2
  • 3. © Men & Mice http://menandmice.com Interview with Shane Kerr 3
  • 4. © Men & Mice http://menandmice.com Using Yeti-DNS root The Yeti-DNS project relies on interested networks to run DNS-resolver towards the Yeti-DNS root • to generate "real-world" query traffic • Yeti-DNS is IPv6-only •you need IPv6 connectivity to participate (native IPv6 is best, but a tunnel is fine) • Setup is not hard • but keep in mind that Yeti-DNS is an experimental project, there might be glitches and downtime • do not run a mission critical network via Yeti-DNS • research or internal IT staff networks, Guest-WLAN etc might be fine 4
  • 5. © Men & Mice http://menandmice.com BIND 9 with Yeti-DNS root Example for Ubuntu 16.04: # apt install bind9 # wget -O /etc/bind/yeti-root.hints 
 https://raw.githubusercontent.com/BII-Lab/Yeti-Project/master/domain/named.cache # vi /etc/bind/named.conf.local ——
 zone "." {
 type hint;
 file "/etc/bind/yeti-root.hints";
 };
 
 managed-keys {
 "." initial-key 257 3 8 "AwEAAaP3gGQ4db0tAiDEky0dcUNGeI1aTDYP5NFxzhbdpD60ZhKLVV4K
 yxPmoSNUpq5Fv5M0iBwK1Tyswsyq/9sMSoZ8zx8aT3ho1YnPsSqQeJfj
 TT1WsX6YZ5Kw6B2QkjRNa6OMGZ96Kn8AI/slqsw+z8hY49Sn3baeo9iJ
 xHPzloNc2dQkW4aLqzNEYxnuoJsthCfGrPSAXlUjY9m3YKIaEWR5WFYQ
 k770fT+gGWLk/54Vp0sG+Lw75JZnwhDhixPFaToTDNqbHQmkEylq1XJL
 O15uZ/+RZNRfTXZKO4fVR0tMEbMAITqRmyP8xLXY4RXbS4J32gnenQbz
 ABX8sQmwO7s=";
 }; 5 Fetching the Yeti-DNS Root-Hints Configure the Yeti-Root- Hints The Yeti-DNS Root KSK for DNSSEC validation
  • 6. © Men & Mice http://menandmice.com BIND 9 with Yeti-DNS root Example for Ubuntu 16.04: # vi /etc/bind/named.conf.default-zones ----- // prime the server with knowledge of the root servers
 #zone "." {
 # type hint;
 # file "/etc/bind/db.root";
 #}; ------ # named-checkconf # systemctl restart bind9 # systemctl status bind9 6 uncommenting the "official" IANA Root-Hints check the configuration and restart BIND 9
  • 7. © Men & Mice http://menandmice.com BIND 9 with Yeti-DNS root Example for Ubuntu 16.04: # dig @localhost ns .
 ; <<>> DiG 9.10.3-P4-Ubuntu <<>> @localhost ns .
 ; (1 server found)
 ;; global options: +cmd
 ;; Got answer:
 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52931
 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 25, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION:
 ; EDNS: version: 0, flags:; udp: 4096
 ;; QUESTION SECTION:
 ;. IN NS
 ;; ANSWER SECTION:
 . 86367 IN NS yeti1.ipv6.ernet.in.
 . 86367 IN NS yeti-ns2.dns-lab.net.
 . 86367 IN NS yeti-ns.as59715.net.
 . 86367 IN NS yeti.ipv6.ernet.in.
 . 86367 IN NS dahu2.yeti.eu.org.
 […]
 . 86367 IN NS bii.dns-lab.net.
 . 86367 IN NS yeti-ns.lab.nic.cl.
 . 86367 IN NS yeti-ns.tisf.net.
 . 86367 IN NS 18ac3e7343f016890c510e93f93526.yeti-dns.net. ;; Query time: 0 msec
 ;; SERVER: 127.0.0.1#53(127.0.0.1)
 ;; WHEN: Thu Jun 09 13:06:49 CEST 2016
 ;; MSG SIZE rcvd: 823 7 Query for the Nameserver NS- RRSET of the root zone (must be DNSSEC validated 
 AD-Flag!) the list of Yeti-DNS root server
  • 8. © Men & Mice http://menandmice.com Unbound with Yeti-DNS root Example for Ubuntu 16.04: # apt install unbound # wget wget -O /etc/unbound/yeti-root.hints 
 https://raw.githubusercontent.com/BII-Lab/Yeti-Project/master/domain/named.cache # vi /etc/unbound/unbound.conf.d/yeti-root.conf
 ——
 server:
 root-hints: "yeti-root.hints" —— 8 fetching the Yeti-DNS root-hints
  • 9. © Men & Mice http://menandmice.com Unbound with Yeti-DNS root Example for Ubuntu 16.04: ! ! # wget -O /var/lib/unbound/root.key 
 https://raw.githubusercontent.com/BII-Lab/Yeti-Project/master/domain/KSK.pub # echo 'ROOT_TRUST_ANCHOR_UPDATE="false"' >> /etc/default/unbound 9 fetching the Yeti-DNS root-KSK for DNSSEC validation disabling the update of the DNSSEC root KSK via unbound-anchor
  • 10. © Men & Mice http://menandmice.com Unbound with Yeti-DNS root Example for Ubuntu 16.04: ! ! # unbound-checkconf 
 unbound-checkconf: no errors in /etc/unbound/unbound.conf # systemctl restart unbound # systemctl status unbound ! 10 check the Unbound configuration for errors
  • 11. © Men & Mice http://menandmice.com Unbound with Yeti-DNS root Example for Ubuntu 16.04: # dig @localhost ns . ; <<>> DiG 9.10.3-P4-Ubuntu <<>> @localhost ns .
 ; (1 server found)
 ;; global options: +cmd
 ;; Got answer:
 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29228
 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 25, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION:
 ; EDNS: version: 0, flags:; udp: 4096
 ;; QUESTION SECTION:
 ;. IN NS ;; ANSWER SECTION: . 86369 IN NS 3f79bb7b435b05321651daefd374cd.yeti-dns.net.
 . […]
 . 86369 IN NS yeti-ns.tisf.net.
 . 86369 IN NS yeti-ns1.dns-lab.net.
 . 86369 IN NS 2e7d2c03a9507ae265ecf5b5356885.yeti-dns.net.
 . 86369 IN NS yeti.ipv6.ernet.in.
 . 86369 IN NS dahu1.yeti.eu.org.
 . 86369 IN NS yeti-ns.wide.ad.jp.
 ;; Query time: 0 msec
 ;; SERVER: 127.0.0.1#53(127.0.0.1)
 ;; WHEN: Thu Jun 09 13:44:23 CEST 2016
 ;; MSG SIZE rcvd: 823 11 Query for the Nameserver NS- RRSET of the root zone (must be DNSSEC validated 
 AD-Flag!) the list of Yeti-DNS root server
  • 12. © Men & Mice http://menandmice.com Yeti-DNS resources Website: 
 http://yeti-dns.org/ Mailinglist: http://lists.yeti-dns.org/mailman/listinfo/discuss Statistics: http://yeti-dns.org/statistics.html Yeti-Root-Server Monitoring: (via RIPE Atlas) http://yeti-dns.org/monitor.html 12
  • 13. © Men & Mice http://menandmice.com Upcoming training classes Special 
 4 day IPv6 Intro & Advanced Topics Workshop
 
 August 1 – 4, 2016 Livermore, CA (USA) 13 https://www.menandmice.com/support-training/training/ipv6/
  • 14. © Men & Mice http://menandmice.com Upcoming training classes KEA-DHCP August 8 – 9, 2016 - Amsterdam, The Netherlands October 13 – 14, 2016 - West Coast, USA October 17 – 18, 2016 - East Coast, USA November 21 – 22, 2016 - Amsterdam, The Netherlands Two days - Hands-On training US$ 1795 14 https://www.menandmice.com/support-training/training/kea-dhcp-training/
  • 15. © Men & Mice http://menandmice.com more training •August 22 – 24, 2016 Introduction to DNS & BIND Hands-On class Amsterdam, The Netherlands • August 22 – 26, 2016 Introduction & Advanced DNS and BIND Topics Hands-on class Amsterdam, The Netherlands •August 24 – 26, 2016 DNSSEC Technical Workshop – Implementation and Deployment Amsterdam, The Netherlands •October 3 – 5, 2016 Introduction to DNS & BIND Hands-On class Arlington (VA), USA •October 3 – 7, 2016 Introduction & Advanced DNS and BIND Topics Hands- on class Arlington (VA), USA •October 5 – 7, 2016 DNSSEC Technical Workshop – Implementation and Deployment Arlington (VA), USA 15 https://www.menandmice.com/support-training/training/
  • 16. © Men & Mice http://menandmice.com ISC Webinars Webinar: Extending Kea with Hooks 29 June 2016 - 10:00 AM PST / 5:00 PM UCT https://goo.gl/ZP3NIc 16
  • 17. © Men & Mice http://menandmice.com Thank you! ! Questions? Comments? 17