Matt Larson On DNSSEC: Why? How? So What?

726 views

Published on

So what is DNSSEC? Why do people need to know about it? So what? Dyn Chief Architect Matt Larson talks about that and more in this 20 minute talk at the first-ever Geek Summer Camp.

Watch the video here: http://dyn.wistia.com/medias/pl865m2qp7

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
726
On SlideShare
0
From Embeds
0
Number of Embeds
62
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Matt Larson On DNSSEC: Why? How? So What?

  1. 1. DNSSEC: Why, How, So What? Matt Larson, Chief Architect, Dyn
  2. 2. Security in DNS • There isn’t any • OK, there wasn’t any • DNSSEC: The DNS Security Extensions
  3. 3. The Main Problem • One packet for a query, one packet for a response
  4. 4. The Main Problem • One packet for a query, one packet for a response
  5. 5. Who are you really? • Client has to trust the source address • Source addresses can be spoofed
  6. 6. Who are you really?
  7. 7. Who are you really?
  8. 8. Possible Solutions • Use a connection-oriented protocol • Sign the packets • Sign the DNS data
  9. 9. DNSSEC to the Rescue 1. All DNS data in a zone is signed 2. Zones have public/private key pairs 3. Your parent vouches for your public key
  10. 10. Delegation
  11. 11. Delegation
  12. 12. Delegation
  13. 13. Chain of Trust
  14. 14. Chain of Trust
  15. 15. Chain of Trust
  16. 16. Deploying DNSSEC • Zones: – Sign DNS data – Send public key to parent • Clients: – Configure trust anchor – Validate DNS responses
  17. 17. So What? • No more spoofing • Put stuff you really care about in DNS
  18. 18. Example: DANE

×