SlideShare a Scribd company logo

Internet2 DNSSEC Pilot

Shumon Huque
Shumon Huque

Internet2 DNSSEC Pilot; ESCC/Internet2 Joint Techs Workshop; July 2006

Technology
1 of 11
Download to read offline
Internet2 DNSSEC Pilot Shumon Huque University of Pennsylvania ESCC/Internet2 Joint Techs Workshop Madison, Wisconsin, U.S.A., July 19th 2006
2 Shumon Huque Description of the Pilot • Goal: Deploy DNSSEC and gain operational experience • Participants sign at least one of their zones • Exchange keys (trust anchors) that will allow them to mutually validate DNS data • Setup security-aware resolvers • With these trust anchors configured
3 Shumon Huque A little background .. • Feb ‘06: DNSSEC Workshop held at Albuquerque Joint Techs • Mar ‘06: dnssec@internet2 mailing list • Apr ‘06: Internet2 Spring Member meeting • Advisory group formed and plans for a pilot project formulated • May ‘06: Pilot group began • Bi-weekly conference calls and progress reports
4 Shumon Huque DNSSEC Deployment Efforts so far • MAGPI GigaPoP • All production zones (17 total) • https://rosetta.upenn.edu/magpi/dnssec.html • MERIT • radb.net • nanog.org • NYSERNET - a test zone • nyserlab.org
5 Shumon Huque Deployments in the pipeline .. • University of Pennsylvania • University of California - Berkeley • University of California - Los Angeles • Internet2
6 Shumon Huque Ongoing work & discussion • To DLV or not? (and if so, which registry?) • “DNSSEC Lookaside Validation” • Deploy NSEC3 or not? • Stub resolver support options • Key exchange & maintenance policies • Better protection of long term keys • Secure delegations from parents • .edu, .net, .org, .in-addr.arpa
7 Shumon Huque More participants welcome! • Join mailing list and con calls • Requirements?
8 Shumon Huque References • Internet2 DNSSEC Pilot • http://www.dnssec-deployment.org/internet2/ • http://rosetta.upenn.edu/magpi/dnssec.html • Mailing list: dnssec@internet2.edu • https://mail.internet2.edu/wws/info/dnssec • Internet2 DNSSEC Workshop • http://events.internet2.edu/2006/jt- albuquerque/sessionDetails.cfm?session=2491&ev ent=243
9 Shumon Huque References (2) • DNSSEC(bis) technical specs: • RFC 4033, 4034, 4035 • Related: • Threat analysis of the DNS: RFC 3833 • Operational practices • draft-ietf-dnsop-dnssec-operational-practices-08 • NSEC3: draft-ietf-dnsext-nsec3-05 • DLV: draft-weiler-dnssec-dlv-01 • ISC DLV registry: • http://www.isc.org/index.pl?/ops/dlv/
10 Shumon Huque Questions? • Shumon Huque • shuque -at- isc.upenn.edu
11 Shumon Huque

Recommended

College copy
College copyCollege copy
College copyNikhil Kumar
 
Internet2 DNSSEC Pilot
Internet2 DNSSEC PilotInternet2 DNSSEC Pilot
Internet2 DNSSEC PilotShumon Huque
 
Yoxos 5 to assist with bugday
Yoxos 5 to assist with bugdayYoxos 5 to assist with bugday
Yoxos 5 to assist with bugdayirbull
 
Introduction to open virtual network Dawid Deja
Introduction to open virtual network Dawid DejaIntroduction to open virtual network Dawid Deja
Introduction to open virtual network Dawid DejaOpenInfra Days Poland 2019
 
Find the Hacker
Find the HackerFind the Hacker
Find the HackerSysdig
 
Recovered file 1
Recovered file 1Recovered file 1
Recovered file 1saraabbasii
 
How to Secure Containers
How to Secure ContainersHow to Secure Containers
How to Secure ContainersSysdig
 
Automated Deployment Using Jenkins Across Clusters
Automated Deployment Using Jenkins Across ClustersAutomated Deployment Using Jenkins Across Clusters
Automated Deployment Using Jenkins Across ClustersNaveen S.R
 

Recommended

College copy
College copyCollege copy
College copyNikhil Kumar
 
Internet2 DNSSEC Pilot
Internet2 DNSSEC PilotInternet2 DNSSEC Pilot
Internet2 DNSSEC PilotShumon Huque
 
Yoxos 5 to assist with bugday
Yoxos 5 to assist with bugdayYoxos 5 to assist with bugday
Yoxos 5 to assist with bugdayirbull
 
Introduction to open virtual network Dawid Deja
Introduction to open virtual network Dawid DejaIntroduction to open virtual network Dawid Deja
Introduction to open virtual network Dawid DejaOpenInfra Days Poland 2019
 
Find the Hacker
Find the HackerFind the Hacker
Find the HackerSysdig
 
Recovered file 1
Recovered file 1Recovered file 1
Recovered file 1saraabbasii
 
How to Secure Containers
How to Secure ContainersHow to Secure Containers
How to Secure ContainersSysdig
 
Automated Deployment Using Jenkins Across Clusters
Automated Deployment Using Jenkins Across ClustersAutomated Deployment Using Jenkins Across Clusters
Automated Deployment Using Jenkins Across ClustersNaveen S.R
 
Best social project of Ukraine-2015
Best social project of Ukraine-2015Best social project of Ukraine-2015
Best social project of Ukraine-2015O2 social business group
 
TIK BAB 2
TIK BAB 2TIK BAB 2
TIK BAB 224012008
 
Pet cloths busness plan
Pet cloths busness planPet cloths busness plan
Pet cloths busness planGamini De Silva
 
Eqpo 4 dispositivos de almacenamiento
Eqpo 4 dispositivos de almacenamientoEqpo 4 dispositivos de almacenamiento
Eqpo 4 dispositivos de almacenamientoAlfredo Hernandez
 
Machine learning for java developers
Machine learning for java developersMachine learning for java developers
Machine learning for java developersNirmal Fernando
 
Introduction to Data Mining
Introduction to Data MiningIntroduction to Data Mining
Introduction to Data MiningKai Koenig
 
Sumit Sanyal - SD
Sumit Sanyal - SDSumit Sanyal - SD
Sumit Sanyal - SDSumit Sanyal
 
Recommendation Letter
Recommendation LetterRecommendation Letter
Recommendation LetterNoelle Hecht, FPC
 
Istiqomah Meraih Jaminan Kebahagiaan Hakiki
Istiqomah Meraih Jaminan Kebahagiaan HakikiIstiqomah Meraih Jaminan Kebahagiaan Hakiki
Istiqomah Meraih Jaminan Kebahagiaan HakikiFrenky Suseno Manik
 
Resume - Darcy Hogle
Resume - Darcy HogleResume - Darcy Hogle
Resume - Darcy HogleDarcy Hogle
 
Internet2 DNSSEC Pilot
Internet2 DNSSEC PilotInternet2 DNSSEC Pilot
Internet2 DNSSEC PilotShumon Huque
 
Seabuckthorn
SeabuckthornSeabuckthorn
SeabuckthornAmrullah Amir
 
Mert durmaz b141600025
Mert durmaz b141600025Mert durmaz b141600025
Mert durmaz b141600025Mert Durmaz
 
Movincom
MovincomMovincom
MovincomCashlessWay (present at Money2020 Las Vegas 25,28 october 2015)
 
Is Your Child Ready for the Summer Camp Adventure
Is Your Child Ready for the Summer Camp AdventureIs Your Child Ready for the Summer Camp Adventure
Is Your Child Ready for the Summer Camp AdventureBuzz Marketing Pros
 
Matthew_C_Henson_Resume_9_2016
Matthew_C_Henson_Resume_9_2016Matthew_C_Henson_Resume_9_2016
Matthew_C_Henson_Resume_9_2016Matthew Henson
 
shilpi cv for training othr (3)
shilpi cv for training othr (3)shilpi cv for training othr (3)
shilpi cv for training othr (3)Shilpi Shrivastava
 
Promotion
PromotionPromotion
PromotionVadym Partasyuk
 
Sunday kolawole sholanke resume
Sunday kolawole sholanke resumeSunday kolawole sholanke resume
Sunday kolawole sholanke resumeSunday Kolawole Sholanke
 
Petrified forest
Petrified forestPetrified forest
Petrified forestHIOTELIS IOANNIS
 
IPv6 Campus Deployment Panel
IPv6 Campus Deployment PanelIPv6 Campus Deployment Panel
IPv6 Campus Deployment PanelShumon Huque
 
ION Islamabad - DANE/DNSSEC/TLS Testing in the go6lab
ION Islamabad - DANE/DNSSEC/TLS Testing in the go6labION Islamabad - DANE/DNSSEC/TLS Testing in the go6lab
ION Islamabad - DANE/DNSSEC/TLS Testing in the go6labDeploy360 Programme (Internet Society)
 

More Related Content

Viewers also liked

Eqpo 4 dispositivos de almacenamiento
Eqpo 4 dispositivos de almacenamientoEqpo 4 dispositivos de almacenamiento
Eqpo 4 dispositivos de almacenamientoAlfredo Hernandez
 
Machine learning for java developers
Machine learning for java developersMachine learning for java developers
Machine learning for java developersNirmal Fernando
 
Introduction to Data Mining
Introduction to Data MiningIntroduction to Data Mining
Introduction to Data MiningKai Koenig
 
Istiqomah Meraih Jaminan Kebahagiaan Hakiki
Istiqomah Meraih Jaminan Kebahagiaan HakikiIstiqomah Meraih Jaminan Kebahagiaan Hakiki
Istiqomah Meraih Jaminan Kebahagiaan HakikiFrenky Suseno Manik
 
Resume - Darcy Hogle
Resume - Darcy HogleResume - Darcy Hogle
Resume - Darcy HogleDarcy Hogle
 
Internet2 DNSSEC Pilot
Internet2 DNSSEC PilotInternet2 DNSSEC Pilot
Internet2 DNSSEC PilotShumon Huque
 
Mert durmaz b141600025
Mert durmaz b141600025Mert durmaz b141600025
Mert durmaz b141600025Mert Durmaz
 
Is Your Child Ready for the Summer Camp Adventure
Is Your Child Ready for the Summer Camp AdventureIs Your Child Ready for the Summer Camp Adventure
Is Your Child Ready for the Summer Camp AdventureBuzz Marketing Pros
 
Matthew_C_Henson_Resume_9_2016
Matthew_C_Henson_Resume_9_2016Matthew_C_Henson_Resume_9_2016
Matthew_C_Henson_Resume_9_2016Matthew Henson
 
shilpi cv for training othr (3)
shilpi cv for training othr (3)shilpi cv for training othr (3)
shilpi cv for training othr (3)Shilpi Shrivastava
 

Viewers also liked (20)

Best social project of Ukraine-2015
Best social project of Ukraine-2015Best social project of Ukraine-2015
Best social project of Ukraine-2015
 
TIK BAB 2
TIK BAB 2TIK BAB 2
TIK BAB 2
 
Pet cloths busness plan
Pet cloths busness planPet cloths busness plan
Pet cloths busness plan
 
Eqpo 4 dispositivos de almacenamiento
Eqpo 4 dispositivos de almacenamientoEqpo 4 dispositivos de almacenamiento
Eqpo 4 dispositivos de almacenamiento
 
Machine learning for java developers
Machine learning for java developersMachine learning for java developers
Machine learning for java developers
 
Introduction to Data Mining
Introduction to Data MiningIntroduction to Data Mining
Introduction to Data Mining
 
Sumit Sanyal - SD
Sumit Sanyal - SDSumit Sanyal - SD
Sumit Sanyal - SD
 
Recommendation Letter
Recommendation LetterRecommendation Letter
Recommendation Letter
 
Istiqomah Meraih Jaminan Kebahagiaan Hakiki
Istiqomah Meraih Jaminan Kebahagiaan HakikiIstiqomah Meraih Jaminan Kebahagiaan Hakiki
Istiqomah Meraih Jaminan Kebahagiaan Hakiki
 
Resume - Darcy Hogle
Resume - Darcy HogleResume - Darcy Hogle
Resume - Darcy Hogle
 
Internet2 DNSSEC Pilot
Internet2 DNSSEC PilotInternet2 DNSSEC Pilot
Internet2 DNSSEC Pilot
 
Seabuckthorn
SeabuckthornSeabuckthorn
Seabuckthorn
 
Mert durmaz b141600025
Mert durmaz b141600025Mert durmaz b141600025
Mert durmaz b141600025
 
Movincom
MovincomMovincom
Movincom
 
Is Your Child Ready for the Summer Camp Adventure
Is Your Child Ready for the Summer Camp AdventureIs Your Child Ready for the Summer Camp Adventure
Is Your Child Ready for the Summer Camp Adventure
 
Matthew_C_Henson_Resume_9_2016
Matthew_C_Henson_Resume_9_2016Matthew_C_Henson_Resume_9_2016
Matthew_C_Henson_Resume_9_2016
 
shilpi cv for training othr (3)
shilpi cv for training othr (3)shilpi cv for training othr (3)
shilpi cv for training othr (3)
 
Promotion
PromotionPromotion
Promotion
 
Sunday kolawole sholanke resume
Sunday kolawole sholanke resumeSunday kolawole sholanke resume
Sunday kolawole sholanke resume
 
Petrified forest
Petrified forestPetrified forest
Petrified forest
 

Similar to Internet2 DNSSEC Pilot

IPv6 Campus Deployment Panel
IPv6 Campus Deployment PanelIPv6 Campus Deployment Panel
IPv6 Campus Deployment PanelShumon Huque
 
MAGPI: Advanced Services: IPv6, Multicast, DNSSEC
MAGPI: Advanced Services: IPv6, Multicast, DNSSECMAGPI: Advanced Services: IPv6, Multicast, DNSSEC
MAGPI: Advanced Services: IPv6, Multicast, DNSSECShumon Huque
 
Tech 2 Tech IPv6 presentation
Tech 2 Tech IPv6 presentationTech 2 Tech IPv6 presentation
Tech 2 Tech IPv6 presentationJisc
 
Network research
Network researchNetwork research
Network researchJisc
 
Apache Spark the Hard Way: Challenges with Building an On-Prem Spark Analytic...
Apache Spark the Hard Way: Challenges with Building an On-Prem Spark Analytic...Apache Spark the Hard Way: Challenges with Building an On-Prem Spark Analytic...
Apache Spark the Hard Way: Challenges with Building an On-Prem Spark Analytic...Spark Summit
 
Modern Reconnaissance Phase on APT - protection layer
Modern Reconnaissance Phase on APT - protection layerModern Reconnaissance Phase on APT - protection layer
Modern Reconnaissance Phase on APT - protection layerShakacon
 
Jordi Nin – Hermes: Distributed social network monitoring system - NoSQL matt...
Jordi Nin – Hermes: Distributed social network monitoring system - NoSQL matt...Jordi Nin – Hermes: Distributed social network monitoring system - NoSQL matt...
Jordi Nin – Hermes: Distributed social network monitoring system - NoSQL matt...NoSQLmatters
 
JCP & Adopt-a-JSR @ GeeCon CZ
JCP & Adopt-a-JSR @ GeeCon CZJCP & Adopt-a-JSR @ GeeCon CZ
JCP & Adopt-a-JSR @ GeeCon CZHeather VanCura
 
DNSSEC/DANE/TLS Testing in Go6Lab
DNSSEC/DANE/TLS Testing in Go6LabDNSSEC/DANE/TLS Testing in Go6Lab
DNSSEC/DANE/TLS Testing in Go6LabAPNIC
 
DNS Measurement Activity on ITB 2010
DNS Measurement Activity on ITB 2010DNS Measurement Activity on ITB 2010
DNS Measurement Activity on ITB 2010Affan Basalamah
 
A survey of DNSSEC Deployment in the US R&E Community
A survey of DNSSEC Deployment in the US R&E CommunityA survey of DNSSEC Deployment in the US R&E Community
A survey of DNSSEC Deployment in the US R&E CommunityShumon Huque
 
2nd sdn interest group session2 (121218)
2nd sdn interest group session2 (121218)2nd sdn interest group session2 (121218)
2nd sdn interest group session2 (121218)NAIM Networks, Inc.
 
Getting Started with Splunk Breakout Session
Getting Started with Splunk Breakout SessionGetting Started with Splunk Breakout Session
Getting Started with Splunk Breakout SessionSplunk
 
Kerberos at Penn (MIT Kerberos Consortium)
Kerberos at Penn (MIT Kerberos Consortium)Kerberos at Penn (MIT Kerberos Consortium)
Kerberos at Penn (MIT Kerberos Consortium)Shumon Huque
 
Unicon Nov 2014 IAM Briefing
Unicon Nov 2014 IAM BriefingUnicon Nov 2014 IAM Briefing
Unicon Nov 2014 IAM BriefingJohn Gasper
 

Similar to Internet2 DNSSEC Pilot (20)

IPv6 Campus Deployment Panel
IPv6 Campus Deployment PanelIPv6 Campus Deployment Panel
IPv6 Campus Deployment Panel
 
ION Islamabad - DANE/DNSSEC/TLS Testing in the go6lab
ION Islamabad - DANE/DNSSEC/TLS Testing in the go6labION Islamabad - DANE/DNSSEC/TLS Testing in the go6lab
ION Islamabad - DANE/DNSSEC/TLS Testing in the go6lab
 
MAGPI: Advanced Services: IPv6, Multicast, DNSSEC
MAGPI: Advanced Services: IPv6, Multicast, DNSSECMAGPI: Advanced Services: IPv6, Multicast, DNSSEC
MAGPI: Advanced Services: IPv6, Multicast, DNSSEC
 
Tech 2 Tech IPv6 presentation
Tech 2 Tech IPv6 presentationTech 2 Tech IPv6 presentation
Tech 2 Tech IPv6 presentation
 
Network research
Network researchNetwork research
Network research
 
DNSSEC at Penn
DNSSEC at PennDNSSEC at Penn
DNSSEC at Penn
 
Apache Spark the Hard Way: Challenges with Building an On-Prem Spark Analytic...
Apache Spark the Hard Way: Challenges with Building an On-Prem Spark Analytic...Apache Spark the Hard Way: Challenges with Building an On-Prem Spark Analytic...
Apache Spark the Hard Way: Challenges with Building an On-Prem Spark Analytic...
 
ION Hangzhou - How to Deploy DNSSEC
ION Hangzhou - How to Deploy DNSSECION Hangzhou - How to Deploy DNSSEC
ION Hangzhou - How to Deploy DNSSEC
 
Modern Reconnaissance Phase on APT - protection layer
Modern Reconnaissance Phase on APT - protection layerModern Reconnaissance Phase on APT - protection layer
Modern Reconnaissance Phase on APT - protection layer
 
Jordi Nin – Hermes: Distributed social network monitoring system - NoSQL matt...
Jordi Nin – Hermes: Distributed social network monitoring system - NoSQL matt...Jordi Nin – Hermes: Distributed social network monitoring system - NoSQL matt...
Jordi Nin – Hermes: Distributed social network monitoring system - NoSQL matt...
 
Status of Embedded Linux
Status of Embedded LinuxStatus of Embedded Linux
Status of Embedded Linux
 
JCP & Adopt-a-JSR @ GeeCon CZ
JCP & Adopt-a-JSR @ GeeCon CZJCP & Adopt-a-JSR @ GeeCon CZ
JCP & Adopt-a-JSR @ GeeCon CZ
 
DNSSEC/DANE/TLS Testing in Go6Lab
DNSSEC/DANE/TLS Testing in Go6LabDNSSEC/DANE/TLS Testing in Go6Lab
DNSSEC/DANE/TLS Testing in Go6Lab
 
DNS Measurement Activity on ITB 2010
DNS Measurement Activity on ITB 2010DNS Measurement Activity on ITB 2010
DNS Measurement Activity on ITB 2010
 
A survey of DNSSEC Deployment in the US R&E Community
A survey of DNSSEC Deployment in the US R&E CommunityA survey of DNSSEC Deployment in the US R&E Community
A survey of DNSSEC Deployment in the US R&E Community
 
2nd sdn interest group session2 (121218)
2nd sdn interest group session2 (121218)2nd sdn interest group session2 (121218)
2nd sdn interest group session2 (121218)
 
Getting Started with Splunk Breakout Session
Getting Started with Splunk Breakout SessionGetting Started with Splunk Breakout Session
Getting Started with Splunk Breakout Session
 
Outsourced database
Outsourced databaseOutsourced database
Outsourced database
 
Kerberos at Penn (MIT Kerberos Consortium)
Kerberos at Penn (MIT Kerberos Consortium)Kerberos at Penn (MIT Kerberos Consortium)
Kerberos at Penn (MIT Kerberos Consortium)
 
Unicon Nov 2014 IAM Briefing
Unicon Nov 2014 IAM BriefingUnicon Nov 2014 IAM Briefing
Unicon Nov 2014 IAM Briefing
 

More from Shumon Huque

DANE and DNSSEC Authentication Chain Extension for TLS
DANE and DNSSEC Authentication Chain Extension for TLSDANE and DNSSEC Authentication Chain Extension for TLS
DANE and DNSSEC Authentication Chain Extension for TLSShumon Huque
 
Client Certificates in DANE TLSA Records
Client Certificates in DANE TLSA RecordsClient Certificates in DANE TLSA Records
Client Certificates in DANE TLSA RecordsShumon Huque
 
Query-name Minimization and Authoritative Server Behavior
Query-name Minimization and Authoritative Server BehaviorQuery-name Minimization and Authoritative Server Behavior
Query-name Minimization and Authoritative Server BehaviorShumon Huque
 
DANE and Application Uses of DNSSEC
DANE and Application Uses of DNSSECDANE and Application Uses of DNSSEC
DANE and Application Uses of DNSSECShumon Huque
 
Hands-on getdns Tutorial
Hands-on getdns TutorialHands-on getdns Tutorial
Hands-on getdns TutorialShumon Huque
 
DANE and Application Uses of DNSSEC
DANE and Application Uses of DNSSECDANE and Application Uses of DNSSEC
DANE and Application Uses of DNSSECShumon Huque
 
IPv6 Tutorial; USENIX LISA 2013
IPv6 Tutorial; USENIX LISA 2013IPv6 Tutorial; USENIX LISA 2013
IPv6 Tutorial; USENIX LISA 2013Shumon Huque
 
DNSSEC Tutorial; USENIX LISA 2013
DNSSEC Tutorial; USENIX LISA 2013DNSSEC Tutorial; USENIX LISA 2013
DNSSEC Tutorial; USENIX LISA 2013Shumon Huque
 
IPv6 Transition in Research & Education
IPv6 Transition in Research & EducationIPv6 Transition in Research & Education
IPv6 Transition in Research & EducationShumon Huque
 
Authorization at Penn
Authorization at PennAuthorization at Penn
Authorization at PennShumon Huque
 
IPv6 Deployment Panel
IPv6 Deployment PanelIPv6 Deployment Panel
IPv6 Deployment PanelShumon Huque
 
World IPv6 Launch at Penn
World IPv6 Launch at PennWorld IPv6 Launch at Penn
World IPv6 Launch at PennShumon Huque
 
IPv6 Security Panel (U of Penn)
IPv6 Security Panel (U of Penn)IPv6 Security Panel (U of Penn)
IPv6 Security Panel (U of Penn)Shumon Huque
 
Open Source VoIP at Penn
Open Source VoIP at PennOpen Source VoIP at Penn
Open Source VoIP at PennShumon Huque
 
.EDU DNSSEC Testbed - Lessons Learned
.EDU DNSSEC Testbed - Lessons Learned.EDU DNSSEC Testbed - Lessons Learned
.EDU DNSSEC Testbed - Lessons LearnedShumon Huque
 
.EDU DNSSEC Testbed
.EDU DNSSEC Testbed.EDU DNSSEC Testbed
.EDU DNSSEC TestbedShumon Huque
 
Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...
Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...
Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...Shumon Huque
 
Designing High Availability Networks, Systems, and Software for the Universit...
Designing High Availability Networks, Systems, and Software for the Universit...Designing High Availability Networks, Systems, and Software for the Universit...
Designing High Availability Networks, Systems, and Software for the Universit...Shumon Huque
 
An Introduction to Kerberos
An Introduction to KerberosAn Introduction to Kerberos
An Introduction to KerberosShumon Huque
 

More from Shumon Huque (20)

DANE and DNSSEC Authentication Chain Extension for TLS
DANE and DNSSEC Authentication Chain Extension for TLSDANE and DNSSEC Authentication Chain Extension for TLS
DANE and DNSSEC Authentication Chain Extension for TLS
 
Client Certificates in DANE TLSA Records
Client Certificates in DANE TLSA RecordsClient Certificates in DANE TLSA Records
Client Certificates in DANE TLSA Records
 
Query-name Minimization and Authoritative Server Behavior
Query-name Minimization and Authoritative Server BehaviorQuery-name Minimization and Authoritative Server Behavior
Query-name Minimization and Authoritative Server Behavior
 
DANE and Application Uses of DNSSEC
DANE and Application Uses of DNSSECDANE and Application Uses of DNSSEC
DANE and Application Uses of DNSSEC
 
Hands-on getdns Tutorial
Hands-on getdns TutorialHands-on getdns Tutorial
Hands-on getdns Tutorial
 
DANE and Application Uses of DNSSEC
DANE and Application Uses of DNSSECDANE and Application Uses of DNSSEC
DANE and Application Uses of DNSSEC
 
IPv6 Tutorial; USENIX LISA 2013
IPv6 Tutorial; USENIX LISA 2013IPv6 Tutorial; USENIX LISA 2013
IPv6 Tutorial; USENIX LISA 2013
 
DNSSEC Tutorial; USENIX LISA 2013
DNSSEC Tutorial; USENIX LISA 2013DNSSEC Tutorial; USENIX LISA 2013
DNSSEC Tutorial; USENIX LISA 2013
 
IPv6 Transition in Research & Education
IPv6 Transition in Research & EducationIPv6 Transition in Research & Education
IPv6 Transition in Research & Education
 
Authorization at Penn
Authorization at PennAuthorization at Penn
Authorization at Penn
 
IPv6 Deployment Panel
IPv6 Deployment PanelIPv6 Deployment Panel
IPv6 Deployment Panel
 
World IPv6 Launch at Penn
World IPv6 Launch at PennWorld IPv6 Launch at Penn
World IPv6 Launch at Penn
 
IPv6 Security Panel (U of Penn)
IPv6 Security Panel (U of Penn)IPv6 Security Panel (U of Penn)
IPv6 Security Panel (U of Penn)
 
Open Source VoIP at Penn
Open Source VoIP at PennOpen Source VoIP at Penn
Open Source VoIP at Penn
 
.EDU DNSSEC Testbed - Lessons Learned
.EDU DNSSEC Testbed - Lessons Learned.EDU DNSSEC Testbed - Lessons Learned
.EDU DNSSEC Testbed - Lessons Learned
 
.EDU DNSSEC Testbed
.EDU DNSSEC Testbed.EDU DNSSEC Testbed
.EDU DNSSEC Testbed
 
PennNet and MAGPI
PennNet and MAGPIPennNet and MAGPI
PennNet and MAGPI
 
Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...
Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...
Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...
 
Designing High Availability Networks, Systems, and Software for the Universit...
Designing High Availability Networks, Systems, and Software for the Universit...Designing High Availability Networks, Systems, and Software for the Universit...
Designing High Availability Networks, Systems, and Software for the Universit...
 
An Introduction to Kerberos
An Introduction to KerberosAn Introduction to Kerberos
An Introduction to Kerberos
 

Recently uploaded

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 

Recently uploaded (20)

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 

Internet2 DNSSEC Pilot

  • 1. Internet2 DNSSEC Pilot Shumon Huque University of Pennsylvania ESCC/Internet2 Joint Techs Workshop Madison, Wisconsin, U.S.A., July 19th 2006
  • 2. 2 Shumon Huque Description of the Pilot • Goal: Deploy DNSSEC and gain operational experience • Participants sign at least one of their zones • Exchange keys (trust anchors) that will allow them to mutually validate DNS data • Setup security-aware resolvers • With these trust anchors configured
  • 3. 3 Shumon Huque A little background .. • Feb ‘06: DNSSEC Workshop held at Albuquerque Joint Techs • Mar ‘06: dnssec@internet2 mailing list • Apr ‘06: Internet2 Spring Member meeting • Advisory group formed and plans for a pilot project formulated • May ‘06: Pilot group began • Bi-weekly conference calls and progress reports
  • 4. 4 Shumon Huque DNSSEC Deployment Efforts so far • MAGPI GigaPoP • All production zones (17 total) • https://rosetta.upenn.edu/magpi/dnssec.html • MERIT • radb.net • nanog.org • NYSERNET - a test zone • nyserlab.org
  • 5. 5 Shumon Huque Deployments in the pipeline .. • University of Pennsylvania • University of California - Berkeley • University of California - Los Angeles • Internet2
  • 6. 6 Shumon Huque Ongoing work & discussion • To DLV or not? (and if so, which registry?) • “DNSSEC Lookaside Validation” • Deploy NSEC3 or not? • Stub resolver support options • Key exchange & maintenance policies • Better protection of long term keys • Secure delegations from parents • .edu, .net, .org, .in-addr.arpa
  • 7. 7 Shumon Huque More participants welcome! • Join mailing list and con calls • Requirements?
  • 8. 8 Shumon Huque References • Internet2 DNSSEC Pilot • http://www.dnssec-deployment.org/internet2/ • http://rosetta.upenn.edu/magpi/dnssec.html • Mailing list: dnssec@internet2.edu • https://mail.internet2.edu/wws/info/dnssec • Internet2 DNSSEC Workshop • http://events.internet2.edu/2006/jt- albuquerque/sessionDetails.cfm?session=2491&ev ent=243
  • 9. 9 Shumon Huque References (2) • DNSSEC(bis) technical specs: • RFC 4033, 4034, 4035 • Related: • Threat analysis of the DNS: RFC 3833 • Operational practices • draft-ietf-dnsop-dnssec-operational-practices-08 • NSEC3: draft-ietf-dnsext-nsec3-05 • DLV: draft-weiler-dnssec-dlv-01 • ISC DLV registry: • http://www.isc.org/index.pl?/ops/dlv/
  • 10. 10 Shumon Huque Questions? • Shumon Huque • shuque -at- isc.upenn.edu