APNIC Chief Scientist, Geoff Huston, gives a presentation on DOH and the changing nature of the DNS as infrastructure at NZNOG 2020 in Christchurch, New Zealand, from 28 to 31 January 2020.
APNIC Product Manager, Registry Services George Michaelson present on why RPKI really matters at the 2nd ICANN APAC-TWNIC Engagement Forum, held from 15 to 16 April 2021.
2nd ICANN APAC-TWNIC Engagement Forum: DNS OblivionAPNIC
APNIC Chief Scientist Geoff Huston gives an overview of the complex many-layered model of DNS security, and a new emerging world of choices for protecting traffic, hiding queries, and the future trends in ISP provided, and independent third-party DNS services at the 2nd ICANN APAC-TWNIC Engagement Forum, held from 15 to 16 April 2021.
PacNOG 29: Routing security is more than RPKIAPNIC
APNIC Chief Scientist presented on how much more there is to routing security than just RPKI at PacNOG 29, held online from 29 November to 9 December 2021.
Encrypted DNS - DNS over TLS / DNS over HTTPSAlex Mayrhofer
Encryption is coming to mainstream DNS. This briefing discusses the history, protocols and architecture of encrypted DNS, specifically DNS over TLS and DNS over HTTPS. It also describes the impact of DoT and DoH on various operational models.
This briefing was given during DNSheads Vienna #5 at the nic.at office in Vienna on Jan 30 2018.
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)Dan York
In this talk to the IEPG session at IETF 93 in Prague on 19 July 2015, I outlined some of the challenges associated with deploying new crypto algorithms within DNSSEC and what we potentially need to do to address these challenges.
APNIC Chief Scientist, Geoff Huston, gives a presentation on DOH and the changing nature of the DNS as infrastructure at NZNOG 2020 in Christchurch, New Zealand, from 28 to 31 January 2020.
APNIC Product Manager, Registry Services George Michaelson present on why RPKI really matters at the 2nd ICANN APAC-TWNIC Engagement Forum, held from 15 to 16 April 2021.
2nd ICANN APAC-TWNIC Engagement Forum: DNS OblivionAPNIC
APNIC Chief Scientist Geoff Huston gives an overview of the complex many-layered model of DNS security, and a new emerging world of choices for protecting traffic, hiding queries, and the future trends in ISP provided, and independent third-party DNS services at the 2nd ICANN APAC-TWNIC Engagement Forum, held from 15 to 16 April 2021.
PacNOG 29: Routing security is more than RPKIAPNIC
APNIC Chief Scientist presented on how much more there is to routing security than just RPKI at PacNOG 29, held online from 29 November to 9 December 2021.
Encrypted DNS - DNS over TLS / DNS over HTTPSAlex Mayrhofer
Encryption is coming to mainstream DNS. This briefing discusses the history, protocols and architecture of encrypted DNS, specifically DNS over TLS and DNS over HTTPS. It also describes the impact of DoT and DoH on various operational models.
This briefing was given during DNSheads Vienna #5 at the nic.at office in Vienna on Jan 30 2018.
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)Dan York
In this talk to the IEPG session at IETF 93 in Prague on 19 July 2015, I outlined some of the challenges associated with deploying new crypto algorithms within DNSSEC and what we potentially need to do to address these challenges.
DNS-OARC-36: Measurement of DNSSEC Validation with RSA-4096APNIC
APNIC Chief Scientist Geoff Huston presents on why using larger keys for RSA in the context of DNSSEC impairs the robustness of DNSSEC validation for the signed name at DNS-OARC 36, held online from 29 to 30 November 2021.
CNIT 40: 5: Prevention, protection, and mitigation of DNS service disruptionSam Bowne
Slides for a college course based on "DNS Security" by Anestis Karasaridis.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/40/40_F16.shtml
This presentation is a tutorial intro to DANE (DNS Authentication of Named Entities). It describes the root problem, a possible solution using DANE, and briefly shows how you can starting using DANE and TLSA records yourself.
This is a presentation about DNS Cache Poisoning which was presented to the Grey H@t club at Georgia Tech. It covers the basics of DNS, how DNS is vulnerable, the effect of exploiting DNS, and the Kaminsky attack.
23rd PITA AGM and Conference: DNS Security - A holistic view APNIC
Security Specialist Jamie Gillespie presents on DNS Security, examining the complex interactions of this system, from domain registration to name resolution, the security risks of each component, and the mitigation options currently available at 23rd PITA AGM and Annual Conference in Nadi, Fiji from 8 to 12 April 2019.
BSides: BGP Hijacking and Secure Internet RoutingAPNIC
APNIC Senior Network Analyst/Technical Trainer Warren Finch and APNIC Training Delivery Manager Tashi Phuntsho present on current tool and techniques, how Resource Public Key Infrastructure (RPKI) is just a piece in the puzzle, and what we should all do to secure Internet routing at BSides in Brisbane, Australia on 12 December 2020.
More details on implementing broadcast/multicast messaging in IoT networking running Haystack + DASH7 networking software. Also implementing CBOR to enable queries over MQTT.
Short overview on the evolution of NFC to accommodate broader IoT use cases including security, two-factor authentication and other applications of long range, low power wireless networking.
DNS-OARC-36: Measurement of DNSSEC Validation with RSA-4096APNIC
APNIC Chief Scientist Geoff Huston presents on why using larger keys for RSA in the context of DNSSEC impairs the robustness of DNSSEC validation for the signed name at DNS-OARC 36, held online from 29 to 30 November 2021.
CNIT 40: 5: Prevention, protection, and mitigation of DNS service disruptionSam Bowne
Slides for a college course based on "DNS Security" by Anestis Karasaridis.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/40/40_F16.shtml
This presentation is a tutorial intro to DANE (DNS Authentication of Named Entities). It describes the root problem, a possible solution using DANE, and briefly shows how you can starting using DANE and TLSA records yourself.
This is a presentation about DNS Cache Poisoning which was presented to the Grey H@t club at Georgia Tech. It covers the basics of DNS, how DNS is vulnerable, the effect of exploiting DNS, and the Kaminsky attack.
23rd PITA AGM and Conference: DNS Security - A holistic view APNIC
Security Specialist Jamie Gillespie presents on DNS Security, examining the complex interactions of this system, from domain registration to name resolution, the security risks of each component, and the mitigation options currently available at 23rd PITA AGM and Annual Conference in Nadi, Fiji from 8 to 12 April 2019.
BSides: BGP Hijacking and Secure Internet RoutingAPNIC
APNIC Senior Network Analyst/Technical Trainer Warren Finch and APNIC Training Delivery Manager Tashi Phuntsho present on current tool and techniques, how Resource Public Key Infrastructure (RPKI) is just a piece in the puzzle, and what we should all do to secure Internet routing at BSides in Brisbane, Australia on 12 December 2020.
More details on implementing broadcast/multicast messaging in IoT networking running Haystack + DASH7 networking software. Also implementing CBOR to enable queries over MQTT.
Short overview on the evolution of NFC to accommodate broader IoT use cases including security, two-factor authentication and other applications of long range, low power wireless networking.
The Domain Name System (DNS) is a critical part of Internet infrastructure and the largest distributed Internet directory service. DNS translates names to IP addresses, a required process for web navigation, email delivery, and other Internet functions. However, the DNS infrastructure is not secure enough unless the security mechanisms such as Transaction Signatures (TSIG) and DNS Security Extensions (DNSSEC) are implemented. To guarantee the availability and the secure Internet services, it is important for networking professionals to understand DNS concepts, DNS Security, configurations, and operations.
This course will discuss the concept of DNS Operations in detail, mechanisms to authenticate the communication between DNS Servers, mechanisms to establish authenticity, and integrity of DNS data and mechanisms to delegate trust to public keys of third parties. Participant will be involved in Lab exercises and do configurations based on number of scenarios.
ION Bucharest, 12 October 2016 - DNSSEC helps prevent attackers from subverting and modifying DNS messages and sending users to wrong (and potentially malicious) sites. So what needs to be done for DNSSEC to be deployed on a large scale? We’ll discuss the business reasons for, and financial implications of, deploying DNSSEC, from staying ahead of the technological curve, to staying ahead of your competition, to keeping your customers satisfied and secure on the Internet. We’ll also examine some of the challenges operators have faced and the opportunities to address those challenges and move deployment forward.
Signing DNSSEC answers on the fly at the edge: challenges and solutionsAPNIC
Signing DNSSEC answers on the fly at the edge: challenges and solutions, by Jono Bergquist.
A presentation given at the APNIC 40 APOPS 2 session on Tue, 8 Sep 2015.
Deploying DNSSEC: A .LK Case Study
Sashika Suren (LK Domain Registry)
This session will explore LK Domain Registry’s technical solution for deploying DNSSEC support in the .LK registry. With a goal of making it easier for domain name holders to easily add DNSSEC, we will take a quick look at our DNSSEC implementation strategy, the status/progress of .LK signed domains, and our lessons learned and challenges for increasing the percentage of signed domain names.
This webinar is designed as an easy-to-follow tutorial on DNSSEC signing a zone for DNS admins. Our focus will be on DNSSEC zone signing automation with the Knot DNS Server and BIND 9.
Internet Week 2018: APNIC Reverse DNS service outage report: May 2018APNIC
APNIC Senior R&D Scientist George Michaelson presents on a rDNS outage APNIC experienced in May 2018 at the DNS Day session at Internet Week 2018 in Tokyo, Japan from 27 to 30 November 2018.
Rolling the Root Zone DNSSEC Key Signing Key, by Edward Lewis.
A presentation given at APNIC 42's DNS and INR Security session on Monday, 3 October 2016.
ION Islamabad, 25 January 2017
By Champika Wijayatunga, ICANN
DNSSEC helps prevent attackers from subverting and modifying DNS messages and sending users to wrong (and potentially malicious) sites. So what needs to be done for DNSSEC to be deployed on a large scale? We’ll discuss the business reasons for, and financial implications of, deploying DNSSEC, from staying ahead of the technological curve, to staying ahead of your competition, to keeping your customers satisfied and secure on the Internet. We’ll also examine some of the challenges operators have faced and the opportunities to address those challenges and move deployment forward.
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...APNIC
Chimi Dorji, Internet Resource Analyst at APNIC, presented on Registry Data Accuracy Improvements at SANOG 41 jointly held with INNOG 7 in Mumbai, India from 25 to 30 April 2024.
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC
Sunny Chendi, Senior Advisor, Membership and Policy at APNIC, presents 'APNIC Policy Roundup' at the 5th ICANN APAC-TWNIC Engagement Forum and 41st TWNIC OPM in Taipei, Taiwan from 23 to 24 April.
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
Dave Phelan, Senior Network Analyst/Technical Trainer at APNIC, presents 'DDoS In Oceania and the Pacific' at NZNOG 2024 held in Nelson, New Zealand from 8 to 12 April 2024.
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
Geoff Huston, Chief Scientist at APNIC deliver keynote presentation on the 'Future Evolution of the Internet' at the Everything Open 2024 conference in Gladstone, Australia from 16 to 18 April 2024.
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
Paul Wilson, Director General of APNIC delivers a presentation on IP addressing and IPv6 to the Policymakers Program during IETF 119 in Brisbane Australia from 16 to 22 March 2024.
draft-harrison-sidrops-manifest-number-01, presented at IETF 119APNIC
Tom Harrison, Product and Delivery Manager at APNIC presents at the Registration Protocols Extensions working group during IETF 119 in Brisbane, Australia from 16-22 March 2024
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
Che-Hoo Cheng, Senior Director, Development at APNIC presents on the "Benefits of doing Internet peering and running an Internet Exchange (IX)" at the Communications Regulatory Commission of Mongolia's IPv6, IXP, Datacenter - Policy and Regulation International Trends Forum in Ulaanbaatar, Mongolia on 7 March 2024
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC
APNIC Senior Advisor, Membership and Policy, Sunny Chendi presented on APNIC updates and RIR Policies for ccTLDs at APTLD 85 in Goa, India from 19-22 February 2024.
Italy Agriculture Equipment Market Outlook to 2027harveenkaur52
Agriculture and Animal Care
Ken Research has an expertise in Agriculture and Animal Care sector and offer vast collection of information related to all major aspects such as Agriculture equipment, Crop Protection, Seed, Agriculture Chemical, Fertilizers, Protected Cultivators, Palm Oil, Hybrid Seed, Animal Feed additives and many more.
Our continuous study and findings in agriculture sector provide better insights to companies dealing with related product and services, government and agriculture associations, researchers and students to well understand the present and expected scenario.
Our Animal care category provides solutions on Animal Healthcare and related products and services, including, animal feed additives, vaccination
Gen Z and the marketplaces - let's translate their needsLaura Szabó
The product workshop focused on exploring the requirements of Generation Z in relation to marketplace dynamics. We delved into their specific needs, examined the specifics in their shopping preferences, and analyzed their preferred methods for accessing information and making purchases within a marketplace. Through the study of real-life cases , we tried to gain valuable insights into enhancing the marketplace experience for Generation Z.
The workshop was held on the DMA Conference in Vienna June 2024.
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfFlorence Consulting
Quattordicesimo Meetup di Milano, tenutosi a Milano il 23 Maggio 2024 dalle ore 17:00 alle ore 18:30 in presenza e da remoto.
Abbiamo parlato di come Axpo Italia S.p.A. ha ridotto il technical debt migrando le proprie APIs da Mule 3.9 a Mule 4.4 passando anche da on-premises a CloudHub 1.0.
Understanding User Behavior with Google Analytics.pdfSEO Article Boost
Unlocking the full potential of Google Analytics is crucial for understanding and optimizing your website’s performance. This guide dives deep into the essential aspects of Google Analytics, from analyzing traffic sources to understanding user demographics and tracking user engagement.
Traffic Sources Analysis:
Discover where your website traffic originates. By examining the Acquisition section, you can identify whether visitors come from organic search, paid campaigns, direct visits, social media, or referral links. This knowledge helps in refining marketing strategies and optimizing resource allocation.
User Demographics Insights:
Gain a comprehensive view of your audience by exploring demographic data in the Audience section. Understand age, gender, and interests to tailor your marketing strategies effectively. Leverage this information to create personalized content and improve user engagement and conversion rates.
Tracking User Engagement:
Learn how to measure user interaction with your site through key metrics like bounce rate, average session duration, and pages per session. Enhance user experience by analyzing engagement metrics and implementing strategies to keep visitors engaged.
Conversion Rate Optimization:
Understand the importance of conversion rates and how to track them using Google Analytics. Set up Goals, analyze conversion funnels, segment your audience, and employ A/B testing to optimize your website for higher conversions. Utilize ecommerce tracking and multi-channel funnels for a detailed view of your sales performance and marketing channel contributions.
Custom Reports and Dashboards:
Create custom reports and dashboards to visualize and interpret data relevant to your business goals. Use advanced filters, segments, and visualization options to gain deeper insights. Incorporate custom dimensions and metrics for tailored data analysis. Integrate external data sources to enrich your analytics and make well-informed decisions.
This guide is designed to help you harness the power of Google Analytics for making data-driven decisions that enhance website performance and achieve your digital marketing objectives. Whether you are looking to improve SEO, refine your social media strategy, or boost conversion rates, understanding and utilizing Google Analytics is essential for your success.
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
DNSSEC Deployment for .VN and share information of DNSSEC's plan in 2017
1. DNSSEC Deployment for .VN
Nguyen Trung Kien | Ho Chi Minh City | Feb 2017
MINISTRY OF INFORMATION AND COMUNICATIONS
VIETNAM INTERNET NETWORK INFORMATION CENTER
3. Current Status for DNSSEC Deployment
• For TLDs (24 Jan 2017):
o 1528 TLDs in the root zone in total
o 1383 TLDs are signed (~ 90%)
• For ccTLDs:
www.vnnic.vn
4. DNSSEC in Vietnam
• From 2012
Experimental
• 10/2014
Announced
• 2015
Partial
• 2016
DS in Root
• 2017 -
Operational
1. Experimental:
Attended the forum, conference
Research for DNSSEC
2. Announced:
DNSSEC OT&E
Training
3. Partial
Signing & Roller Key
Tools & software development
4. DS in Root:
Generation & submission
Monitoring
5. Operational:
Support to deploy DNSSEC
Upgrades and improvements
Debugging
www.vnnic.vn
6. DNSSEC Plan
2015
• Preparation
• Planning
• Preparing human and technical resources
• Promote co-operate activities, training
• Policy, procedure, process
2016
• Implementation
• Key generation & zone signing for .VN
• .VN zone is signed & DS has been published to DNS ROOT
• Continue promotion activities, training
2017
• Accomplishment
• Upgrade SRS to support EPP
• ISP, Registrar, DNS Owner in Vietnam
www.vnnic.vn
7. DNSSEC in 2016
No. Tasks
1 DNSSEC Plan for .VN domain name
2 Established DNSSEC team & Training skills
3 Infrastructure for DNSSEC:
- Topology: DC/DR
- DNSSEC System: DNS/DNSSEC server & HSM
4 DNSSEC documents & DPS
5 DNSSEC Production for VN zone:
- DNS & HSM Integrated
- Inline-signing bump in the wire
- DNSSEC Monitoring
6 SRS-EPP OTE support DNSSEC
7 Key signing ceremony scripts
8 Signing VN zone & update DS to root
www.vnnic.vn
8. Topology
• Resilient: built with DC and DR (HN & HCM city)
o Active – stanby, each site serve as a backup to the
other.
o Each site contains two independent instances of
equipment which is able to sign the .VN zone
• Policy:
o Private keys are stored in HSM
o Public keys are stored in zone data (DNSKEY
record), publish to the community
• Roles for signing key operator:
o KGA (Key Generation Administrator)
o SA (System Administrator)
o SO (Security Officer)
o WI (Witness)
• Activities:
o Key generation (KSK, ZSK)
o Key rollover (KSK, ZSK)
o Key revocation (KSK, ZSK)
www.vnnic.vn
10. Security Area
1. Security Area 3
- Network Operations Center (NOC)
- Authentication: Fingerprint, SmartCard
2. Security Area 2
- Server Room
- Authentication: SmartCard
3. Security Area 1
- DNSSEC Cage:
o Cabinet 3: KGA, SA, SO access
o Cabinet 2: SA (Facility, Network) access
o Cabinet 1: SA (DNS, HSM), SO access
- Authentication: Fingerprint, Password
Facility,
Network
DNS/DNSSEC,
HSM
Sercurity Area 2
Security Area 3
Security Area 1
Cabinet2
Cabinet1
Cabinet3
HSM Smartcard
Key, Card
www.vnnic.vn
12. • Key Generation:
o HSM Master gererate and store new KSK, ZSK
o HSM Master synchonize the key to other HSM (Manual synchonize)
o DNSSEC Signer loads key label from HSM (only private key)
o DNSSEC Signer config the DNSSEC keys, HSM will use private key to sign data.
o Update DS to the parent zone (only with KSK generation)
o Require a KGA, SA, SO, WI
• Key Rollover:
o ZSK Rollover: Pre-Publish; KSK Rollover: Double Signing
o Time to rollover:
KSK: 30 days before key expires.
ZSK: 2 days before key expires.
o Procedure:
ZSK: Automatic rollover – by script.
KSK: Manual rollover – key signing ceremony + update DS to parent zone.
Key Generation & Rollover
www.vnnic.vn
14. • We deployed a new DNSSEC Production system:
o New DNSSEC Hidden/Master
o Zone transfer from DNS Hidden/Master to DNSSEC Hidden/Master
• Zone signing VN zone on DNSSEC production:
o DC-DR model.
o Signing with HSM Cluster (4 DNSSEC Signer/HSM)
• DNS services (without DNSSEC) on-line for resolving, DNSSEC services off-line for trial operation
Zone Signing
Zone
Generation
Hidden
Master
Name
Servers
Signer box
Test Name
Servers
www.vnnic.vn
15. • Key Signing Ceremony for VN zone (20 Dec 2016):
o Internal Ceremony in VNNIC
o Key Generation for VN zone (KSKs, ZSKs)
• Change DNS Master to DNSSEC master to publish vn signed zone.
• Check DNS Secondary after zone transfer vn signed zone (only for 5 minutes)
• Passed IANA’s validation for DS Record of .VN
• DS for .VN becomes effective in 31 Dec 2016 in the root zone
DNSSEC Online
Zone
Generation
Hidden
Master
Name Servers
Signer box
www.vnnic.vn
16. • Use Nagios for monitor DNSSEC system
• Monitoring:
o Zone size
o Signature Expiry
o Zone signing process
o KSK, ZSK parameters
DNSSEC Monitoring
www.vnnic.vn
18. No. Tasks
1 Sign DNSSEC for:
• Sub-domain SLD, example: com.vn, net.vn, provinces domain…
• Reserve domain
• VNNIC’s domain
2 Open testbed for Registrar to update DS
3 Support, training ISP, DNS Hosting Provider, DNS Owner to deploy DNSSEC
DNSSEC in 2017
www.vnnic.vn
19. • Network:
o DNSSEC adds digital signatures to DNS response packets,
which often exceed 1,500 bytes Increase Bandwidth.
o Allow DNS query over TCP
o Handle large UDP packets (>512 bytes, ≤4,000 bytes).
• Pre-Deployment:
o Software supports DNSSEC: BIND version 9.7+, Unbound
version 1.4+, Microsoft Windows Server 2012, Knot DNS
1.4.0, PowerDNS 3.0+
o Server systems are sufficiently modern
o Large UDP DNS packets are allowed through firewall
o UDP fragments are not blocked by firewall
DNSSEC for ISPs
www.vnnic.vn
20. • Upgrade secdns-1.1 for EPP system for support DNSSEC.
• Connect to VNNIC’s EPP system.
DNSSEC for Registrars
www.vnnic.vn
21. • Upgrade DNS to support DNSSEC.
• Implement Signing box
• Connect to registrar to update DS records.
• Recommendation:
o Signing box:
Open Source (BIND, NSD, opendnssec, softhsm…)
Hardware (HSM)
o Operation:
Follow policies, procedures
Key management (KSK, ZSK)
Key parameters (Algorithm, key size, NSEC/NSEC3)
DNSSEC for DNS Hosting Providers
www.vnnic.vn
22. • How to push ISP, DNS Hosting to support DNSSEC?
• Automated DS change with RFC 7344 “Automating DNSSEC Delegation Trust Maintenance”
https://tools.ietf.org/html/rfc7344
Conclusion
www.vnnic.vn