SlideShare a Scribd company logo
© Men & Mice http://menandmice.com
DNSTAP
a deep(er) look into DNS server operations 

(featuring Unbound, Knot-DNS and BIND 9)
1
© Men & Mice http://menandmice.com
before we start (1)
… please note: BIND 9 security issue
CVE: CVE-2015-8000
Document Version: 2.0

Posting date: 15 December 2015

Program Impacted: BIND

Versions affected: 9.0.x -> 9.9.8, 9.10.0 -> 9.10.3

Severity: Critical

Exploitable: Remotely
Description:
An error in the parsing of incoming responses allows some records with an
incorrect class to be be accepted by BIND instead of being rejected as malformed.
This can trigger a REQUIRE assertion failure when those records are subsequently
cached. Intentional exploitation of this condition is possible and could be used as a
denial-of-service vector against servers performing recursive queries.
2
© Men & Mice http://menandmice.com
before we start (2)
… please note: BIND 9 security issue
CVE: CVE-2015-8461

Document Version: 2.0

Posting date: 15 December 2015

Program Impacted: BIND

Versions affected: 9.9.8 -> 9.9.8-P1, 9.9.8-S1 -> 9.9.8-S2, 9.10.3 ->

9.10.3-P1

Severity: Medium

Exploitable: Remotely
Description:
Beginning with the September 2015 maintenance releases 9.9.8 and

9.10.3, an error was introduced into BIND 9 which can cause a

server to exit after encountering an INSIST assertion failure

in resolver.c
3
© Men & Mice http://menandmice.com
before we start (3)
… please note: 

Concerning a recent OpenSSL security issue and new BIND
build-time checks
The OpenSSL project recently announced several security
issues including OpenSSL Security Advisory CVE-2015-1794.
The official advisory from the OpenSSL project can be found
at http://openssl.org/news/secadv/20151203.txt
but in brief: versions 1.0.2 through 1.0.2d have a vulnerability
that potentially weakens encryption security in BIND.
Version 1.0.2e is recommended as the secured version.
4
© Men & Mice http://menandmice.com
DNS server operations monitoring
it is difficult to monitor the internal operation of a
DNS server
•classic monitoring has a huge performance impact
(on busy DNS servers)
• Example: BIND 9 query-logging via "rndc querylog"
• up to 200% performance loss seen
• speed of the disk storage is the limiting factor
5
© Men & Mice http://menandmice.com
Network packet capture
an alternative solution is to look from the outside via a network
traffic capture tool
• no performance impact on the DNS server
• can only observe from the outside (no internal DNS server
events, like cache-events, seen)
• difficult to work with UDP fragments and DNS data in TCP
streams
• Example: Men & Mice DNS Traffic Monitor
• Example: DNS statistics collector (DSC) 

https://www.caida.org/tools/utilities/dsc/
6
© Men & Mice http://menandmice.com
dnstap
dnstap is an open protocol to capture and store
DNS server events
• events are recorded inside the server
• fast and lightweight protocol
• non-blocking, designed to have minimal impact
on the DNS servers performance
7
© Men & Mice http://menandmice.com
dnstap
8
DNS client
DNS resolver
DNS authoritative
server
© Men & Mice http://menandmice.com
dnstap
9
DNS client
DNS resolver
DNS authoritative
server
DNS query
DNSTAP
Ring-Buffer
© Men & Mice http://menandmice.com
dnstap
10
DNS client
DNS resolver
DNS authoritative
server
DNS query
DNSTAP
Ring-Buffer
event
© Men & Mice http://menandmice.com
dnstap
11
DNS client
DNS resolver
DNS authoritative
server
DNS query
DNSTAP
Ring-Buffer
event
IO
Thread
write to file
© Men & Mice http://menandmice.com
dnstap
12
DNS client
DNS resolver
DNS authoritative
server
DNS query
DNSTAP
Ring-Buffer
IO
Thread
© Men & Mice http://menandmice.com
dnstap
13
DNS client
DNS resolver
DNS authoritative
server
DNS query
DNSTAP
Ring-Buffer
IO
Thread
event write to file
© Men & Mice http://menandmice.com
dnstap
14
DNS client
DNS resolver
DNS authoritative
server
DNS answer
DNSTAP
Ring-Buffer
IO
Thread
DNS answer
© Men & Mice http://menandmice.com
dnstap
15
DNS client
DNS resolver
DNS authoritative
server
DNS answer
DNSTAP
Ring-Buffer
IO
Thread
event write to file
DNS answer
© Men & Mice http://menandmice.com
dnstap
16
DNS client
DNS resolver
DNS authoritative
server
DNSTAP
Ring-Buffer
IO
Thread
event(s) write to file
DNS queries
one event
lost
© Men & Mice http://menandmice.com
dnstap implementations
dnstap has been developed by Farsight Security 

(Paul Vixie and Robert Edmonds)
homepage is http://dnstap.info
• Unbound
• Knot 2.x
• BIND 9.11 (upcoming)
• NSD (planned)
• PowerDNS (planned)
17
© Men & Mice http://menandmice.com
using dnstap in your DNS server
dnstap is a compile-time option
• usually not enabled in distribution package code
• requires compilation from source
• can me made available in the Men & Mice build
packages for Unbound and BIND 9 (please let us
know)

http://packages.menandmice.com/unbound
18
© Men & Mice http://menandmice.com
dnstap dependencies
fstrm (Frame Streams data transport protocol)
lightweight protocol to transport frames of data,

can be used with any data serialisation format that

produces byte sequences
https://github.com/farsightsec/fstrm
19
© Men & Mice http://menandmice.com
dnstap dependencies
Google Protocol Buffers
Protocol buffers are a language-neutral, platform-
neutral extensible mechanism for serialising
structured data.
https://developers.google.com/protocol-buffers/
20
© Men & Mice http://menandmice.com
dnstap tools
tools to read DNSTAP data files
•dnstap-golang

https://github.com/dnstap/golang-dnstap
•dnstap-ldns

https://github.com/dnstap/dnstap-ldns
•dnstap-read (part of BIND 9.11)

http://source.isc.org
•Wireshark with dnstap support

https://github.com/dnstap/wireshark
21
© Men & Mice http://menandmice.com
Demo: dnstap with unbound
simple Unbound configuration
server:

verbosity: 1

chroot: ""

username: ""

logfile: "unbound.log"

use-syslog: no



remote-control:

control-enable: yes
dnstap:

dnstap-enable: yes

dnstap-socket-path: "/opt/dnstap.unbound"

dnstap-send-identity: yes

dnstap-send-version: yes

dnstap-log-resolver-response-messages: yes

dnstap-log-client-query-messages: yes
22
© Men & Mice http://menandmice.com
Demo: dnstap with unbound
catching the DNSTAP stream from the socket and
writing to a file
# fstrm_capture -t protobuf:dnstap.Dnstap 

-u /opt/dnstap.unbound 

-w /opt/dnstap.out 

-ddddd
23
Protobuf information
Unix socket to read
file to write
heavy debug output
© Men & Mice http://menandmice.com
Demo: dnstap with unbound
reading a DNSTAP data file (overview)
# /usr/local/bin/dnstap-ldns -r /opt/dnstap.out
2015-12-15 17:04:48.672530 CQ ::1 UDP 43b "menandmice.com." IN A

2015-12-15 17:04:52.704455 CQ ::1 UDP 43b "menandmice.com." IN A

2015-12-15 17:05:25.255258 CQ ::1 UDP 41b "dnssec.works." IN A

2015-12-15 17:05:34.783531 CQ ::1 UDP 41b "dnssec.works." IN A

2015-12-15 17:05:58.998672 CQ ::1 UDP 48b "larger.dnssec.works." IN A

2015-12-15 17:06:05.958735 CQ ::1 UDP 49b "largerr.dnssec.works." IN A

2015-12-15 17:06:15.198618 CQ ::1 UDP 49b "largerr.dnssec.works." IN TXT

2015-12-15 17:06:20.493485 CQ ::1 UDP 48b "larger.dnssec.works." IN TXT
24
file with binary
DNSTAP data
CQ = Client Query
command to read
DNSTAP file
© Men & Mice http://menandmice.com
Demo: dnstap with unbound
reading a DNSTAP data file (with details)
# /usr/local/bin/dnstap-ldns -y —r /opt/dnstap.out
type: MESSAGE

identity: "csmobile4.home.strotmann.de"

version: "unbound 1.5.7"

message:

type: CLIENT_QUERY

query_time: !!timestamp 2015-12-15 17:06:20.493485

socket_family: INET6

socket_protocol: UDP

query_address: ::1

query_port: 48107

query_message: |

;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 50271

;; flags: rd ad ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0



;; QUESTION SECTION:

;larger.dnssec.works. IN TXT



;; ANSWER SECTION:



;; AUTHORITY SECTION:



;; ADDITIONAL SECTION:



;; EDNS: version 0; flags: do ; udp: 4096
25
file with binary
DNSTAP data
details output as
YAML
© Men & Mice http://menandmice.com
simple Knot 2.x configuration
server:

listen: 0.0.0.0@53

listen: ::@53
log:

- target: syslog

any: info
mod-dnstap:

- id: capture_all

sink: /opt/dnstap.knot
template:

- id: default

storage: "/opt/knot-dnstap/var/lib/knot"

global-module: mod-dnstap/capture_all
zone:

- domain: example.com

file: "/opt/knot-dnstap/etc/knot/example.com.zone"
Demo: dnstap with knot-dns
26
© Men & Mice http://menandmice.com
simple BIND 9.11 resolver configuration
options {

directory "/opt/bind9-dnstap";

dnstap { all; }; // client, auth, resolver, forwarder | query, response

dnstap-output file "/opt/bind9.tap";

dnstap-identity hostname;

dnstap-version "9.11.devel";
dnssec-validation auto;

};
Demo: dnstap with BIND
9.11(devel)
27
© Men & Mice http://menandmice.com
reading a DNSTAP file with dnstap-read
# dnstap-read /opt/bind9.dtp
15-Dec-2015 18:53:35.467 RQ 2001:503:ba3e::2:30 UDP 40b ./IN/DNSKEY

15-Dec-2015 18:53:35.503 RR 2001:503:ba3e::2:30 UDP 509b ./IN/NS

15-Dec-2015 18:53:35.514 RQ 2001:500:2d::d TCP 40b ./IN/DNSKEY

15-Dec-2015 18:53:35.550 RR 2001:503:ba3e::2:30 TCP 736b ./IN/DNSKEY

15-Dec-2015 18:53:35.468 RQ 2001:503:ba3e::2:30 UDP 40b ./IN/NS

15-Dec-2015 18:53:35.503 RR 2001:503:ba3e::2:30 UDP 28b ./IN/DNSKEY

15-Dec-2015 18:53:35.514 RR 2001:500:2d::d UDP 28b ./IN/DNSKEY

15-Dec-2015 18:53:35.503 RQ 2001:500:2d::d UDP 40b ./IN/DNSKEY

15-Dec-2015 18:53:35.534 RR 2001:500:2d::d TCP 736b ./IN/DNSKEY

15-Dec-2015 18:53:35.503 RQ 2001:503:ba3e::2:30 TCP 40b ./IN/DNSKEY
Demo: dnstap with BIND
9.11(devel)
28
RQ: RESOLVER_QUERY
RR: RESOLVER_RESPONSE
CQ: CLIENT_QUERY
CR: CLIENT_RESPONSE
FQ: FORWARDER_QUERY
FR: FORWARDER_RESPONSE
[…]
date and
time
ip address of
remote
machine
transport protcol
(UDP or TCP)
Size of (DNSTAP)
data
domain, class and
record type
© Men & Mice http://menandmice.com
reading a DNSTAP file with dnstap-read including packet data
# dnstap-read -p /opt/bind9.dtp
15-Dec-2015 18:53:52.725 RQ 2001:7fe::53 UDP 67b demand.gamma.aridns.net.au/IN/AAAA

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23009

;; flags: cd; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags: do; udp: 512

; COOKIE: f7208c0ca722db34

;; QUESTION SECTION:

;demand.gamma.aridns.net.au. IN AAAA



15-Dec-2015 18:53:52.758 RR 2001:7fe::53 UDP 510b demand.delta.aridns.net.au/IN/AAAA

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37169

;; flags: qr cd; QUESTION: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags: do; udp: 4096

;; QUESTION SECTION:

;demand.delta.aridns.net.au. IN AAAA


;; AUTHORITY SECTION:

au. 172800 IN NS a.au.

[…]

au. 172800 IN NS u.au.

au. 86400 IN DS 37976 8 1 ACCF50B2687DB697C404163DC1B9A07EE022E794

au. 86400 IN DS 37976 8 2 EA7CDFAB57E4D9CB5F09BE95EC5EBD4F4A113DFA3F120AC9D6065282 D910B8A5

au. 86400 IN DS 41491 8 1 C104274A2F94B01DB84E76B298B69A53B3FB4919

au. 86400 IN DS 41491 8 2 FCAABD135FFD9D1015438FC4AF8ACE4E9D2BEA04748C4DB3975CFD7C ABC30B88

au. 86400 IN RRSIG DS 8 1 86400 20151225170000 20151215160000 62530 . ccUToKhPaKIGE2O1fJgW/HjPAg/
La2aQUNH1EVMgmTGyynx54IkS3NGY V1+xgqHRyYfp3Zr4lv2MLPC1w4ix+yMuAorPbdOxMDgxS3/D0PM8bTO4 Fs2CHSZ++NGML2WtUP2r8EGVYak+pysUgOBK8DvV8RQK+neXb7eoRwF0
Mag=
Demo: dnstap with BIND
9.11(devel)
29
© Men & Mice http://menandmice.com
dnstap summary
a new, open standard for DNS server operation
monitoring
• designed for large, busy DNS server
• minimal performance loss
• wide adoption among open source DNS server
implementations
30
© Men & Mice http://menandmice.com
don't miss our next webinars
•January 2016 – the DNS server in Windows 2016
Server – a big leap forward (views, response rate
limiting, ACLs and more)
•February 2016 - an Update on DNSSEC and DANE:
new implementations, adoption in the market, new
Internet Standards



Signup @ 

https://www.menandmice.com/resources/educational-resources/webinars/
31
© Men & Mice http://menandmice.com
Q/A
32
?
2016 Schedule, Slides, Links, Recording and errata
will be published @

https://www.menandmice.com/resources/educational-resources/webinars/

More Related Content

What's hot

PostgreSQL - Haute disponibilité avec Patroni
PostgreSQL - Haute disponibilité avec PatroniPostgreSQL - Haute disponibilité avec Patroni
PostgreSQL - Haute disponibilité avec Patroni
slardiere
 
Grafana.pptx
Grafana.pptxGrafana.pptx
Grafana.pptx
Bhushan Rane
 
PostgreSQL and RAM usage
PostgreSQL and RAM usagePostgreSQL and RAM usage
PostgreSQL and RAM usage
Alexey Bashtanov
 
Data Pipelines with Kafka Connect
Data Pipelines with Kafka ConnectData Pipelines with Kafka Connect
Data Pipelines with Kafka Connect
Kaufman Ng
 
RAPIDS Overview
RAPIDS OverviewRAPIDS Overview
RAPIDS Overview
NVIDIA Japan
 
High-Performance Networking Using eBPF, XDP, and io_uring
High-Performance Networking Using eBPF, XDP, and io_uringHigh-Performance Networking Using eBPF, XDP, and io_uring
High-Performance Networking Using eBPF, XDP, and io_uring
ScyllaDB
 
Introduction to SLURM
Introduction to SLURMIntroduction to SLURM
Ceph Object Storage Reference Architecture Performance and Sizing Guide
Ceph Object Storage Reference Architecture Performance and Sizing GuideCeph Object Storage Reference Architecture Performance and Sizing Guide
Ceph Object Storage Reference Architecture Performance and Sizing Guide
Karan Singh
 
Best Practices for Getting Started with NGINX Open Source
Best Practices for Getting Started with NGINX Open SourceBest Practices for Getting Started with NGINX Open Source
Best Practices for Getting Started with NGINX Open Source
NGINX, Inc.
 
Ilya Kosmodemiansky - An ultimate guide to upgrading your PostgreSQL installa...
Ilya Kosmodemiansky - An ultimate guide to upgrading your PostgreSQL installa...Ilya Kosmodemiansky - An ultimate guide to upgrading your PostgreSQL installa...
Ilya Kosmodemiansky - An ultimate guide to upgrading your PostgreSQL installa...
PostgreSQL-Consulting
 
Patroni - HA PostgreSQL made easy
Patroni - HA PostgreSQL made easyPatroni - HA PostgreSQL made easy
Patroni - HA PostgreSQL made easy
Alexander Kukushkin
 
Odoo Online platform: architecture and challenges
Odoo Online platform: architecture and challengesOdoo Online platform: architecture and challenges
Odoo Online platform: architecture and challenges
Odoo
 
Monitoring MySQL Replication lag with Prometheus & pt-heartbeat
Monitoring MySQL Replication lag with Prometheus & pt-heartbeatMonitoring MySQL Replication lag with Prometheus & pt-heartbeat
Monitoring MySQL Replication lag with Prometheus & pt-heartbeat
Julien Pivotto
 
Extreme Apache Spark: how in 3 months we created a pipeline that can process ...
Extreme Apache Spark: how in 3 months we created a pipeline that can process ...Extreme Apache Spark: how in 3 months we created a pipeline that can process ...
Extreme Apache Spark: how in 3 months we created a pipeline that can process ...
Josef A. Habdank
 
Kafka basics
Kafka basicsKafka basics
What are Hadoop Components? Hadoop Ecosystem and Architecture | Edureka
What are Hadoop Components? Hadoop Ecosystem and Architecture | EdurekaWhat are Hadoop Components? Hadoop Ecosystem and Architecture | Edureka
What are Hadoop Components? Hadoop Ecosystem and Architecture | Edureka
Edureka!
 
MySQL Monitoring with Zabbix
MySQL Monitoring with ZabbixMySQL Monitoring with Zabbix
MySQL Monitoring with Zabbix
FromDual GmbH
 
MongoDB World 2019: Finding the Right MongoDB Atlas Cluster Size: Does This I...
MongoDB World 2019: Finding the Right MongoDB Atlas Cluster Size: Does This I...MongoDB World 2019: Finding the Right MongoDB Atlas Cluster Size: Does This I...
MongoDB World 2019: Finding the Right MongoDB Atlas Cluster Size: Does This I...
MongoDB
 
Kvm performance optimization for ubuntu
Kvm performance optimization for ubuntuKvm performance optimization for ubuntu
Kvm performance optimization for ubuntu
Sim Janghoon
 
How to Manage Scale-Out Environments with MariaDB MaxScale
How to Manage Scale-Out Environments with MariaDB MaxScaleHow to Manage Scale-Out Environments with MariaDB MaxScale
How to Manage Scale-Out Environments with MariaDB MaxScale
MariaDB plc
 

What's hot (20)

PostgreSQL - Haute disponibilité avec Patroni
PostgreSQL - Haute disponibilité avec PatroniPostgreSQL - Haute disponibilité avec Patroni
PostgreSQL - Haute disponibilité avec Patroni
 
Grafana.pptx
Grafana.pptxGrafana.pptx
Grafana.pptx
 
PostgreSQL and RAM usage
PostgreSQL and RAM usagePostgreSQL and RAM usage
PostgreSQL and RAM usage
 
Data Pipelines with Kafka Connect
Data Pipelines with Kafka ConnectData Pipelines with Kafka Connect
Data Pipelines with Kafka Connect
 
RAPIDS Overview
RAPIDS OverviewRAPIDS Overview
RAPIDS Overview
 
High-Performance Networking Using eBPF, XDP, and io_uring
High-Performance Networking Using eBPF, XDP, and io_uringHigh-Performance Networking Using eBPF, XDP, and io_uring
High-Performance Networking Using eBPF, XDP, and io_uring
 
Introduction to SLURM
Introduction to SLURMIntroduction to SLURM
Introduction to SLURM
 
Ceph Object Storage Reference Architecture Performance and Sizing Guide
Ceph Object Storage Reference Architecture Performance and Sizing GuideCeph Object Storage Reference Architecture Performance and Sizing Guide
Ceph Object Storage Reference Architecture Performance and Sizing Guide
 
Best Practices for Getting Started with NGINX Open Source
Best Practices for Getting Started with NGINX Open SourceBest Practices for Getting Started with NGINX Open Source
Best Practices for Getting Started with NGINX Open Source
 
Ilya Kosmodemiansky - An ultimate guide to upgrading your PostgreSQL installa...
Ilya Kosmodemiansky - An ultimate guide to upgrading your PostgreSQL installa...Ilya Kosmodemiansky - An ultimate guide to upgrading your PostgreSQL installa...
Ilya Kosmodemiansky - An ultimate guide to upgrading your PostgreSQL installa...
 
Patroni - HA PostgreSQL made easy
Patroni - HA PostgreSQL made easyPatroni - HA PostgreSQL made easy
Patroni - HA PostgreSQL made easy
 
Odoo Online platform: architecture and challenges
Odoo Online platform: architecture and challengesOdoo Online platform: architecture and challenges
Odoo Online platform: architecture and challenges
 
Monitoring MySQL Replication lag with Prometheus & pt-heartbeat
Monitoring MySQL Replication lag with Prometheus & pt-heartbeatMonitoring MySQL Replication lag with Prometheus & pt-heartbeat
Monitoring MySQL Replication lag with Prometheus & pt-heartbeat
 
Extreme Apache Spark: how in 3 months we created a pipeline that can process ...
Extreme Apache Spark: how in 3 months we created a pipeline that can process ...Extreme Apache Spark: how in 3 months we created a pipeline that can process ...
Extreme Apache Spark: how in 3 months we created a pipeline that can process ...
 
Kafka basics
Kafka basicsKafka basics
Kafka basics
 
What are Hadoop Components? Hadoop Ecosystem and Architecture | Edureka
What are Hadoop Components? Hadoop Ecosystem and Architecture | EdurekaWhat are Hadoop Components? Hadoop Ecosystem and Architecture | Edureka
What are Hadoop Components? Hadoop Ecosystem and Architecture | Edureka
 
MySQL Monitoring with Zabbix
MySQL Monitoring with ZabbixMySQL Monitoring with Zabbix
MySQL Monitoring with Zabbix
 
MongoDB World 2019: Finding the Right MongoDB Atlas Cluster Size: Does This I...
MongoDB World 2019: Finding the Right MongoDB Atlas Cluster Size: Does This I...MongoDB World 2019: Finding the Right MongoDB Atlas Cluster Size: Does This I...
MongoDB World 2019: Finding the Right MongoDB Atlas Cluster Size: Does This I...
 
Kvm performance optimization for ubuntu
Kvm performance optimization for ubuntuKvm performance optimization for ubuntu
Kvm performance optimization for ubuntu
 
How to Manage Scale-Out Environments with MariaDB MaxScale
How to Manage Scale-Out Environments with MariaDB MaxScaleHow to Manage Scale-Out Environments with MariaDB MaxScale
How to Manage Scale-Out Environments with MariaDB MaxScale
 

Viewers also liked

What is new in BIND 9.11?
What is new in BIND 9.11?What is new in BIND 9.11?
What is new in BIND 9.11?
Men and Mice
 
DNSSEC best practices Webinar
DNSSEC best practices WebinarDNSSEC best practices Webinar
DNSSEC best practices Webinar
Men and Mice
 
PowerDNS Webinar
PowerDNS Webinar PowerDNS Webinar
PowerDNS Webinar
Men and Mice
 
Keeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runitKeeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runit
Men and Mice
 
Fighting Abuse with DNS
Fighting Abuse with DNSFighting Abuse with DNS
Fighting Abuse with DNS
Men and Mice
 
Fleet Commander - Flock 2017
Fleet Commander - Flock 2017Fleet Commander - Flock 2017
Fleet Commander - Flock 2017
Alberto Ruiz
 
Ps3 linux
Ps3 linuxPs3 linux
Ps3 linux
Keith Wright
 
Centos 7 Installation Steps
Centos 7 Installation StepsCentos 7 Installation Steps
Centos 7 Installation Steps
Keith Wright
 
PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2
Men and Mice
 
Rh199 rhel 7
Rh199   rhel 7Rh199   rhel 7
Rh199 rhel 7
Ranjeet Kumar Azad
 
Linux system administrators-guide
Linux system administrators-guideLinux system administrators-guide
Linux system administrators-guide
Keith Wright
 
Rooting your internals - Exploiting Internal Network Vulns via the Browser Us...
Rooting your internals - Exploiting Internal Network Vulns via the Browser Us...Rooting your internals - Exploiting Internal Network Vulns via the Browser Us...
Rooting your internals - Exploiting Internal Network Vulns via the Browser Us...
Michele Orru
 
RHEL-7 Administrator Guide for RedHat 7
RHEL-7  Administrator Guide for RedHat 7RHEL-7  Administrator Guide for RedHat 7
RHEL-7 Administrator Guide for RedHat 7
Hemnath R.
 
BIND 9 logging best practices
BIND 9 logging best practicesBIND 9 logging best practices
BIND 9 logging best practices
Men and Mice
 
Install Linux CentOS 7.0
Install Linux CentOS 7.0Install Linux CentOS 7.0
Install Linux CentOS 7.0
Mehdi Poustchi Amin
 
Implementing ossec
Implementing ossecImplementing ossec
Implementing ossec
Jeronimo Zucco
 
Trabalho Linux - Red Hat
Trabalho Linux -  Red HatTrabalho Linux -  Red Hat
Trabalho Linux - Red Hat
AwsomeInfo
 
RHCE (RED HAT CERTIFIED ENGINEERING)
RHCE (RED HAT CERTIFIED ENGINEERING)RHCE (RED HAT CERTIFIED ENGINEERING)
RHCE (RED HAT CERTIFIED ENGINEERING)
Sumant Garg
 
Red hat linux
Red hat linuxRed hat linux
Red hat linux
luiiis1
 

Viewers also liked (20)

What is new in BIND 9.11?
What is new in BIND 9.11?What is new in BIND 9.11?
What is new in BIND 9.11?
 
DNSSEC best practices Webinar
DNSSEC best practices WebinarDNSSEC best practices Webinar
DNSSEC best practices Webinar
 
PowerDNS Webinar
PowerDNS Webinar PowerDNS Webinar
PowerDNS Webinar
 
Keeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runitKeeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runit
 
Fighting Abuse with DNS
Fighting Abuse with DNSFighting Abuse with DNS
Fighting Abuse with DNS
 
Fleet Commander - Flock 2017
Fleet Commander - Flock 2017Fleet Commander - Flock 2017
Fleet Commander - Flock 2017
 
Ps3 linux
Ps3 linuxPs3 linux
Ps3 linux
 
Centos 7 Installation Steps
Centos 7 Installation StepsCentos 7 Installation Steps
Centos 7 Installation Steps
 
PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2
 
Rh199 rhel 7
Rh199   rhel 7Rh199   rhel 7
Rh199 rhel 7
 
Linux system administrators-guide
Linux system administrators-guideLinux system administrators-guide
Linux system administrators-guide
 
Rooting your internals - Exploiting Internal Network Vulns via the Browser Us...
Rooting your internals - Exploiting Internal Network Vulns via the Browser Us...Rooting your internals - Exploiting Internal Network Vulns via the Browser Us...
Rooting your internals - Exploiting Internal Network Vulns via the Browser Us...
 
RHEL-7 Administrator Guide for RedHat 7
RHEL-7  Administrator Guide for RedHat 7RHEL-7  Administrator Guide for RedHat 7
RHEL-7 Administrator Guide for RedHat 7
 
BIND 9 logging best practices
BIND 9 logging best practicesBIND 9 logging best practices
BIND 9 logging best practices
 
Install Linux CentOS 7.0
Install Linux CentOS 7.0Install Linux CentOS 7.0
Install Linux CentOS 7.0
 
Rh318 rhev3
Rh318 rhev3Rh318 rhev3
Rh318 rhev3
 
Implementing ossec
Implementing ossecImplementing ossec
Implementing ossec
 
Trabalho Linux - Red Hat
Trabalho Linux -  Red HatTrabalho Linux -  Red Hat
Trabalho Linux - Red Hat
 
RHCE (RED HAT CERTIFIED ENGINEERING)
RHCE (RED HAT CERTIFIED ENGINEERING)RHCE (RED HAT CERTIFIED ENGINEERING)
RHCE (RED HAT CERTIFIED ENGINEERING)
 
Red hat linux
Red hat linuxRed hat linux
Red hat linux
 

Similar to DNSTap Webinar

DNSSEC signing Tutorial
DNSSEC signing Tutorial DNSSEC signing Tutorial
DNSSEC signing Tutorial
Men and Mice
 
1049: Best and Worst Practices for Deploying IBM Connections - IBM Connect 2016
1049: Best and Worst Practices for Deploying IBM Connections - IBM Connect 20161049: Best and Worst Practices for Deploying IBM Connections - IBM Connect 2016
1049: Best and Worst Practices for Deploying IBM Connections - IBM Connect 2016
panagenda
 
How to send DNS over anything encrypted
How to send DNS over anything encryptedHow to send DNS over anything encrypted
How to send DNS over anything encrypted
Men and Mice
 
Windows Server 2016 Webinar
Windows Server 2016 WebinarWindows Server 2016 Webinar
Windows Server 2016 Webinar
Men and Mice
 
RIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinarRIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinar
Men and Mice
 
EDNS (in)Compatibility: Adventures in Protocol Extension
EDNS (in)Compatibility: Adventures in Protocol ExtensionEDNS (in)Compatibility: Adventures in Protocol Extension
EDNS (in)Compatibility: Adventures in Protocol Extension
APNIC
 
WinConnections Spring, 2011 - How to Securely Connect Remote Desktop Services...
WinConnections Spring, 2011 - How to Securely Connect Remote Desktop Services...WinConnections Spring, 2011 - How to Securely Connect Remote Desktop Services...
WinConnections Spring, 2011 - How to Securely Connect Remote Desktop Services...
Concentrated Technology
 
Best And Worst Practices Deploying IBM Connections
Best And Worst Practices Deploying IBM ConnectionsBest And Worst Practices Deploying IBM Connections
Best And Worst Practices Deploying IBM Connections
LetsConnect
 
RNUG - HCL Notes 11.0.1 FP2 — Performance Boost Re-Reloaded
RNUG - HCL Notes 11.0.1 FP2 — Performance Boost Re-ReloadedRNUG - HCL Notes 11.0.1 FP2 — Performance Boost Re-Reloaded
RNUG - HCL Notes 11.0.1 FP2 — Performance Boost Re-Reloaded
Christoph Adler
 
RNUG 2020: HCL Notes 11.0.1 FP2 - Performance Boost Re-Reloaded
RNUG 2020: HCL Notes 11.0.1 FP2 - Performance Boost Re-ReloadedRNUG 2020: HCL Notes 11.0.1 FP2 - Performance Boost Re-Reloaded
RNUG 2020: HCL Notes 11.0.1 FP2 - Performance Boost Re-Reloaded
panagenda
 
The Forefront of the Development for NVDIMM on Linux Kernel
The Forefront of the Development for NVDIMM on Linux KernelThe Forefront of the Development for NVDIMM on Linux Kernel
The Forefront of the Development for NVDIMM on Linux Kernel
Yasunori Goto
 
Are your ready for in memory applications?
Are your ready for in memory applications?Are your ready for in memory applications?
Are your ready for in memory applications?
G2MCommunications
 
Encrypted DNS - DNS over TLS / DNS over HTTPS
Encrypted DNS - DNS over TLS / DNS over HTTPSEncrypted DNS - DNS over TLS / DNS over HTTPS
Encrypted DNS - DNS over TLS / DNS over HTTPS
Alex Mayrhofer
 
DNS Flag Day and beyond - how will it affect you?
DNS Flag Day and beyond - how will it affect you?DNS Flag Day and beyond - how will it affect you?
DNS Flag Day and beyond - how will it affect you?
APNIC
 
Ubuntu And Parental Controls
Ubuntu And Parental ControlsUbuntu And Parental Controls
Ubuntu And Parental Controls
jasonholtzapple
 
Debugging IBM Connections for the Impatient Admin - Social Connections VII
Debugging IBM Connections for the Impatient Admin - Social Connections VIIDebugging IBM Connections for the Impatient Admin - Social Connections VII
Debugging IBM Connections for the Impatient Admin - Social Connections VII
Martin Leyrer
 
Analyzing RDP traffc with Bro
Analyzing RDP traffc with BroAnalyzing RDP traffc with Bro
Analyzing RDP traffc with Bro
Josh Liburdi
 
COSCUP 2019 - CDN in an Edge Box
COSCUP 2019 - CDN in an Edge BoxCOSCUP 2019 - CDN in an Edge Box
COSCUP 2019 - CDN in an Edge Box
Shihta Kuan
 
Visual Mapping of Clickstream Data
Visual Mapping of Clickstream DataVisual Mapping of Clickstream Data
Visual Mapping of Clickstream Data
DataWorks Summit
 
FreeBSD and Hardening Web Server
FreeBSD and Hardening Web ServerFreeBSD and Hardening Web Server
FreeBSD and Hardening Web Server
Muhammad Moinur Rahman
 

Similar to DNSTap Webinar (20)

DNSSEC signing Tutorial
DNSSEC signing Tutorial DNSSEC signing Tutorial
DNSSEC signing Tutorial
 
1049: Best and Worst Practices for Deploying IBM Connections - IBM Connect 2016
1049: Best and Worst Practices for Deploying IBM Connections - IBM Connect 20161049: Best and Worst Practices for Deploying IBM Connections - IBM Connect 2016
1049: Best and Worst Practices for Deploying IBM Connections - IBM Connect 2016
 
How to send DNS over anything encrypted
How to send DNS over anything encryptedHow to send DNS over anything encrypted
How to send DNS over anything encrypted
 
Windows Server 2016 Webinar
Windows Server 2016 WebinarWindows Server 2016 Webinar
Windows Server 2016 Webinar
 
RIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinarRIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinar
 
EDNS (in)Compatibility: Adventures in Protocol Extension
EDNS (in)Compatibility: Adventures in Protocol ExtensionEDNS (in)Compatibility: Adventures in Protocol Extension
EDNS (in)Compatibility: Adventures in Protocol Extension
 
WinConnections Spring, 2011 - How to Securely Connect Remote Desktop Services...
WinConnections Spring, 2011 - How to Securely Connect Remote Desktop Services...WinConnections Spring, 2011 - How to Securely Connect Remote Desktop Services...
WinConnections Spring, 2011 - How to Securely Connect Remote Desktop Services...
 
Best And Worst Practices Deploying IBM Connections
Best And Worst Practices Deploying IBM ConnectionsBest And Worst Practices Deploying IBM Connections
Best And Worst Practices Deploying IBM Connections
 
RNUG - HCL Notes 11.0.1 FP2 — Performance Boost Re-Reloaded
RNUG - HCL Notes 11.0.1 FP2 — Performance Boost Re-ReloadedRNUG - HCL Notes 11.0.1 FP2 — Performance Boost Re-Reloaded
RNUG - HCL Notes 11.0.1 FP2 — Performance Boost Re-Reloaded
 
RNUG 2020: HCL Notes 11.0.1 FP2 - Performance Boost Re-Reloaded
RNUG 2020: HCL Notes 11.0.1 FP2 - Performance Boost Re-ReloadedRNUG 2020: HCL Notes 11.0.1 FP2 - Performance Boost Re-Reloaded
RNUG 2020: HCL Notes 11.0.1 FP2 - Performance Boost Re-Reloaded
 
The Forefront of the Development for NVDIMM on Linux Kernel
The Forefront of the Development for NVDIMM on Linux KernelThe Forefront of the Development for NVDIMM on Linux Kernel
The Forefront of the Development for NVDIMM on Linux Kernel
 
Are your ready for in memory applications?
Are your ready for in memory applications?Are your ready for in memory applications?
Are your ready for in memory applications?
 
Encrypted DNS - DNS over TLS / DNS over HTTPS
Encrypted DNS - DNS over TLS / DNS over HTTPSEncrypted DNS - DNS over TLS / DNS over HTTPS
Encrypted DNS - DNS over TLS / DNS over HTTPS
 
DNS Flag Day and beyond - how will it affect you?
DNS Flag Day and beyond - how will it affect you?DNS Flag Day and beyond - how will it affect you?
DNS Flag Day and beyond - how will it affect you?
 
Ubuntu And Parental Controls
Ubuntu And Parental ControlsUbuntu And Parental Controls
Ubuntu And Parental Controls
 
Debugging IBM Connections for the Impatient Admin - Social Connections VII
Debugging IBM Connections for the Impatient Admin - Social Connections VIIDebugging IBM Connections for the Impatient Admin - Social Connections VII
Debugging IBM Connections for the Impatient Admin - Social Connections VII
 
Analyzing RDP traffc with Bro
Analyzing RDP traffc with BroAnalyzing RDP traffc with Bro
Analyzing RDP traffc with Bro
 
COSCUP 2019 - CDN in an Edge Box
COSCUP 2019 - CDN in an Edge BoxCOSCUP 2019 - CDN in an Edge Box
COSCUP 2019 - CDN in an Edge Box
 
Visual Mapping of Clickstream Data
Visual Mapping of Clickstream DataVisual Mapping of Clickstream Data
Visual Mapping of Clickstream Data
 
FreeBSD and Hardening Web Server
FreeBSD and Hardening Web ServerFreeBSD and Hardening Web Server
FreeBSD and Hardening Web Server
 

More from Men and Mice

Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network StrategiesCisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Men and Mice
 
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOSPart 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Men and Mice
 
Part 2 - Local Name Resolution in Windows Networks
Part 2 - Local Name Resolution in Windows NetworksPart 2 - Local Name Resolution in Windows Networks
Part 2 - Local Name Resolution in Windows Networks
Men and Mice
 
Namespaces for Local Networks
Namespaces for Local NetworksNamespaces for Local Networks
Namespaces for Local Networks
Men and Mice
 
The DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rollsThe DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rolls
Men and Mice
 
The CAA-Record for increased encryption security
The CAA-Record for increased encryption securityThe CAA-Record for increased encryption security
The CAA-Record for increased encryption security
Men and Mice
 
SMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANESMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANE
Men and Mice
 
Yeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the rootYeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the root
Men and Mice
 
Kea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCKea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISC
Men and Mice
 
IETF 93 Review Webinar
IETF 93 Review WebinarIETF 93 Review Webinar
IETF 93 Review Webinar
Men and Mice
 
RIPE 70 Report Webinar
RIPE 70 Report WebinarRIPE 70 Report Webinar
RIPE 70 Report Webinar
Men and Mice
 
IETF 92 Webinar
IETF 92 WebinarIETF 92 Webinar
IETF 92 Webinar
Men and Mice
 
The KNOT DNS Server
The KNOT DNS ServerThe KNOT DNS Server
The KNOT DNS Server
Men and Mice
 
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
Men and Mice
 
DNSSEC and DANE – E-Mail security reloaded
DNSSEC and DANE – E-Mail security reloadedDNSSEC and DANE – E-Mail security reloaded
DNSSEC and DANE – E-Mail security reloaded
Men and Mice
 
IETF 90 Report – DNS, DHCP, IPv6 and DANE
IETF 90 Report – DNS, DHCP, IPv6 and DANEIETF 90 Report – DNS, DHCP, IPv6 and DANE
IETF 90 Report – DNS, DHCP, IPv6 and DANE
Men and Mice
 
RIPE 68 Webinar
RIPE 68 WebinarRIPE 68 Webinar
RIPE 68 Webinar
Men and Mice
 
Scripting and automation with the Men & Mice Suite
Scripting and automation with the Men & Mice SuiteScripting and automation with the Men & Mice Suite
Scripting and automation with the Men & Mice Suite
Men and Mice
 

More from Men and Mice (18)

Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network StrategiesCisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
 
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOSPart 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
 
Part 2 - Local Name Resolution in Windows Networks
Part 2 - Local Name Resolution in Windows NetworksPart 2 - Local Name Resolution in Windows Networks
Part 2 - Local Name Resolution in Windows Networks
 
Namespaces for Local Networks
Namespaces for Local NetworksNamespaces for Local Networks
Namespaces for Local Networks
 
The DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rollsThe DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rolls
 
The CAA-Record for increased encryption security
The CAA-Record for increased encryption securityThe CAA-Record for increased encryption security
The CAA-Record for increased encryption security
 
SMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANESMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANE
 
Yeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the rootYeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the root
 
Kea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCKea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISC
 
IETF 93 Review Webinar
IETF 93 Review WebinarIETF 93 Review Webinar
IETF 93 Review Webinar
 
RIPE 70 Report Webinar
RIPE 70 Report WebinarRIPE 70 Report Webinar
RIPE 70 Report Webinar
 
IETF 92 Webinar
IETF 92 WebinarIETF 92 Webinar
IETF 92 Webinar
 
The KNOT DNS Server
The KNOT DNS ServerThe KNOT DNS Server
The KNOT DNS Server
 
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
 
DNSSEC and DANE – E-Mail security reloaded
DNSSEC and DANE – E-Mail security reloadedDNSSEC and DANE – E-Mail security reloaded
DNSSEC and DANE – E-Mail security reloaded
 
IETF 90 Report – DNS, DHCP, IPv6 and DANE
IETF 90 Report – DNS, DHCP, IPv6 and DANEIETF 90 Report – DNS, DHCP, IPv6 and DANE
IETF 90 Report – DNS, DHCP, IPv6 and DANE
 
RIPE 68 Webinar
RIPE 68 WebinarRIPE 68 Webinar
RIPE 68 Webinar
 
Scripting and automation with the Men & Mice Suite
Scripting and automation with the Men & Mice SuiteScripting and automation with the Men & Mice Suite
Scripting and automation with the Men & Mice Suite
 

Recently uploaded

Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy
Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyyActive Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy
Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy
RaminGhanbari2
 
Observability For You and Me with OpenTelemetry
Observability For You and Me with OpenTelemetryObservability For You and Me with OpenTelemetry
Observability For You and Me with OpenTelemetry
Eric D. Schabell
 
Coordinate Systems in FME 101 - Webinar Slides
Coordinate Systems in FME 101 - Webinar SlidesCoordinate Systems in FME 101 - Webinar Slides
Coordinate Systems in FME 101 - Webinar Slides
Safe Software
 
Choose our Linux Web Hosting for a seamless and successful online presence
Choose our Linux Web Hosting for a seamless and successful online presenceChoose our Linux Web Hosting for a seamless and successful online presence
Choose our Linux Web Hosting for a seamless and successful online presence
rajancomputerfbd
 
Comparison Table of DiskWarrior Alternatives.pdf
Comparison Table of DiskWarrior Alternatives.pdfComparison Table of DiskWarrior Alternatives.pdf
Comparison Table of DiskWarrior Alternatives.pdf
Andrey Yasko
 
Advanced Techniques for Cyber Security Analysis and Anomaly Detection
Advanced Techniques for Cyber Security Analysis and Anomaly DetectionAdvanced Techniques for Cyber Security Analysis and Anomaly Detection
Advanced Techniques for Cyber Security Analysis and Anomaly Detection
Bert Blevins
 
BLOCKCHAIN FOR DUMMIES: GUIDEBOOK FOR ALL
BLOCKCHAIN FOR DUMMIES: GUIDEBOOK FOR ALLBLOCKCHAIN FOR DUMMIES: GUIDEBOOK FOR ALL
BLOCKCHAIN FOR DUMMIES: GUIDEBOOK FOR ALL
Liveplex
 
WPRiders Company Presentation Slide Deck
WPRiders Company Presentation Slide DeckWPRiders Company Presentation Slide Deck
WPRiders Company Presentation Slide Deck
Lidia A.
 
Password Rotation in 2024 is still Relevant
Password Rotation in 2024 is still RelevantPassword Rotation in 2024 is still Relevant
Password Rotation in 2024 is still Relevant
Bert Blevins
 
Quantum Communications Q&A with Gemini LLM
Quantum Communications Q&A with Gemini LLMQuantum Communications Q&A with Gemini LLM
Quantum Communications Q&A with Gemini LLM
Vijayananda Mohire
 
Three New Criminal Laws in India 1 July 2024
Three New Criminal Laws in India 1 July 2024Three New Criminal Laws in India 1 July 2024
Three New Criminal Laws in India 1 July 2024
aakash malhotra
 
Data Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining DataData Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining Data
Safe Software
 
How RPA Help in the Transportation and Logistics Industry.pptx
How RPA Help in the Transportation and Logistics Industry.pptxHow RPA Help in the Transportation and Logistics Industry.pptx
How RPA Help in the Transportation and Logistics Industry.pptx
SynapseIndia
 
Understanding Insider Security Threats: Types, Examples, Effects, and Mitigat...
Understanding Insider Security Threats: Types, Examples, Effects, and Mitigat...Understanding Insider Security Threats: Types, Examples, Effects, and Mitigat...
Understanding Insider Security Threats: Types, Examples, Effects, and Mitigat...
Bert Blevins
 
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
Kief Morris
 
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdfWhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
ArgaBisma
 
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - MydbopsScaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Mydbops
 
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptxRPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
SynapseIndia
 
Evolution of iPaaS - simplify IT workloads to provide a unified view of data...
Evolution of iPaaS - simplify IT workloads to provide a unified view of  data...Evolution of iPaaS - simplify IT workloads to provide a unified view of  data...
Evolution of iPaaS - simplify IT workloads to provide a unified view of data...
Torry Harris
 
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Muhammad Ali
 

Recently uploaded (20)

Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy
Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyyActive Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy
Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy
 
Observability For You and Me with OpenTelemetry
Observability For You and Me with OpenTelemetryObservability For You and Me with OpenTelemetry
Observability For You and Me with OpenTelemetry
 
Coordinate Systems in FME 101 - Webinar Slides
Coordinate Systems in FME 101 - Webinar SlidesCoordinate Systems in FME 101 - Webinar Slides
Coordinate Systems in FME 101 - Webinar Slides
 
Choose our Linux Web Hosting for a seamless and successful online presence
Choose our Linux Web Hosting for a seamless and successful online presenceChoose our Linux Web Hosting for a seamless and successful online presence
Choose our Linux Web Hosting for a seamless and successful online presence
 
Comparison Table of DiskWarrior Alternatives.pdf
Comparison Table of DiskWarrior Alternatives.pdfComparison Table of DiskWarrior Alternatives.pdf
Comparison Table of DiskWarrior Alternatives.pdf
 
Advanced Techniques for Cyber Security Analysis and Anomaly Detection
Advanced Techniques for Cyber Security Analysis and Anomaly DetectionAdvanced Techniques for Cyber Security Analysis and Anomaly Detection
Advanced Techniques for Cyber Security Analysis and Anomaly Detection
 
BLOCKCHAIN FOR DUMMIES: GUIDEBOOK FOR ALL
BLOCKCHAIN FOR DUMMIES: GUIDEBOOK FOR ALLBLOCKCHAIN FOR DUMMIES: GUIDEBOOK FOR ALL
BLOCKCHAIN FOR DUMMIES: GUIDEBOOK FOR ALL
 
WPRiders Company Presentation Slide Deck
WPRiders Company Presentation Slide DeckWPRiders Company Presentation Slide Deck
WPRiders Company Presentation Slide Deck
 
Password Rotation in 2024 is still Relevant
Password Rotation in 2024 is still RelevantPassword Rotation in 2024 is still Relevant
Password Rotation in 2024 is still Relevant
 
Quantum Communications Q&A with Gemini LLM
Quantum Communications Q&A with Gemini LLMQuantum Communications Q&A with Gemini LLM
Quantum Communications Q&A with Gemini LLM
 
Three New Criminal Laws in India 1 July 2024
Three New Criminal Laws in India 1 July 2024Three New Criminal Laws in India 1 July 2024
Three New Criminal Laws in India 1 July 2024
 
Data Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining DataData Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining Data
 
How RPA Help in the Transportation and Logistics Industry.pptx
How RPA Help in the Transportation and Logistics Industry.pptxHow RPA Help in the Transportation and Logistics Industry.pptx
How RPA Help in the Transportation and Logistics Industry.pptx
 
Understanding Insider Security Threats: Types, Examples, Effects, and Mitigat...
Understanding Insider Security Threats: Types, Examples, Effects, and Mitigat...Understanding Insider Security Threats: Types, Examples, Effects, and Mitigat...
Understanding Insider Security Threats: Types, Examples, Effects, and Mitigat...
 
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
 
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdfWhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
 
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - MydbopsScaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
 
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptxRPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
 
Evolution of iPaaS - simplify IT workloads to provide a unified view of data...
Evolution of iPaaS - simplify IT workloads to provide a unified view of  data...Evolution of iPaaS - simplify IT workloads to provide a unified view of  data...
Evolution of iPaaS - simplify IT workloads to provide a unified view of data...
 
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
 

DNSTap Webinar

  • 1. © Men & Mice http://menandmice.com DNSTAP a deep(er) look into DNS server operations 
 (featuring Unbound, Knot-DNS and BIND 9) 1
  • 2. © Men & Mice http://menandmice.com before we start (1) … please note: BIND 9 security issue CVE: CVE-2015-8000 Document Version: 2.0
 Posting date: 15 December 2015
 Program Impacted: BIND
 Versions affected: 9.0.x -> 9.9.8, 9.10.0 -> 9.10.3
 Severity: Critical
 Exploitable: Remotely Description: An error in the parsing of incoming responses allows some records with an incorrect class to be be accepted by BIND instead of being rejected as malformed. This can trigger a REQUIRE assertion failure when those records are subsequently cached. Intentional exploitation of this condition is possible and could be used as a denial-of-service vector against servers performing recursive queries. 2
  • 3. © Men & Mice http://menandmice.com before we start (2) … please note: BIND 9 security issue CVE: CVE-2015-8461
 Document Version: 2.0
 Posting date: 15 December 2015
 Program Impacted: BIND
 Versions affected: 9.9.8 -> 9.9.8-P1, 9.9.8-S1 -> 9.9.8-S2, 9.10.3 ->
 9.10.3-P1
 Severity: Medium
 Exploitable: Remotely Description: Beginning with the September 2015 maintenance releases 9.9.8 and
 9.10.3, an error was introduced into BIND 9 which can cause a
 server to exit after encountering an INSIST assertion failure
 in resolver.c 3
  • 4. © Men & Mice http://menandmice.com before we start (3) … please note: 
 Concerning a recent OpenSSL security issue and new BIND build-time checks The OpenSSL project recently announced several security issues including OpenSSL Security Advisory CVE-2015-1794. The official advisory from the OpenSSL project can be found at http://openssl.org/news/secadv/20151203.txt but in brief: versions 1.0.2 through 1.0.2d have a vulnerability that potentially weakens encryption security in BIND. Version 1.0.2e is recommended as the secured version. 4
  • 5. © Men & Mice http://menandmice.com DNS server operations monitoring it is difficult to monitor the internal operation of a DNS server •classic monitoring has a huge performance impact (on busy DNS servers) • Example: BIND 9 query-logging via "rndc querylog" • up to 200% performance loss seen • speed of the disk storage is the limiting factor 5
  • 6. © Men & Mice http://menandmice.com Network packet capture an alternative solution is to look from the outside via a network traffic capture tool • no performance impact on the DNS server • can only observe from the outside (no internal DNS server events, like cache-events, seen) • difficult to work with UDP fragments and DNS data in TCP streams • Example: Men & Mice DNS Traffic Monitor • Example: DNS statistics collector (DSC) 
 https://www.caida.org/tools/utilities/dsc/ 6
  • 7. © Men & Mice http://menandmice.com dnstap dnstap is an open protocol to capture and store DNS server events • events are recorded inside the server • fast and lightweight protocol • non-blocking, designed to have minimal impact on the DNS servers performance 7
  • 8. © Men & Mice http://menandmice.com dnstap 8 DNS client DNS resolver DNS authoritative server
  • 9. © Men & Mice http://menandmice.com dnstap 9 DNS client DNS resolver DNS authoritative server DNS query DNSTAP Ring-Buffer
  • 10. © Men & Mice http://menandmice.com dnstap 10 DNS client DNS resolver DNS authoritative server DNS query DNSTAP Ring-Buffer event
  • 11. © Men & Mice http://menandmice.com dnstap 11 DNS client DNS resolver DNS authoritative server DNS query DNSTAP Ring-Buffer event IO Thread write to file
  • 12. © Men & Mice http://menandmice.com dnstap 12 DNS client DNS resolver DNS authoritative server DNS query DNSTAP Ring-Buffer IO Thread
  • 13. © Men & Mice http://menandmice.com dnstap 13 DNS client DNS resolver DNS authoritative server DNS query DNSTAP Ring-Buffer IO Thread event write to file
  • 14. © Men & Mice http://menandmice.com dnstap 14 DNS client DNS resolver DNS authoritative server DNS answer DNSTAP Ring-Buffer IO Thread DNS answer
  • 15. © Men & Mice http://menandmice.com dnstap 15 DNS client DNS resolver DNS authoritative server DNS answer DNSTAP Ring-Buffer IO Thread event write to file DNS answer
  • 16. © Men & Mice http://menandmice.com dnstap 16 DNS client DNS resolver DNS authoritative server DNSTAP Ring-Buffer IO Thread event(s) write to file DNS queries one event lost
  • 17. © Men & Mice http://menandmice.com dnstap implementations dnstap has been developed by Farsight Security 
 (Paul Vixie and Robert Edmonds) homepage is http://dnstap.info • Unbound • Knot 2.x • BIND 9.11 (upcoming) • NSD (planned) • PowerDNS (planned) 17
  • 18. © Men & Mice http://menandmice.com using dnstap in your DNS server dnstap is a compile-time option • usually not enabled in distribution package code • requires compilation from source • can me made available in the Men & Mice build packages for Unbound and BIND 9 (please let us know)
 http://packages.menandmice.com/unbound 18
  • 19. © Men & Mice http://menandmice.com dnstap dependencies fstrm (Frame Streams data transport protocol) lightweight protocol to transport frames of data,
 can be used with any data serialisation format that
 produces byte sequences https://github.com/farsightsec/fstrm 19
  • 20. © Men & Mice http://menandmice.com dnstap dependencies Google Protocol Buffers Protocol buffers are a language-neutral, platform- neutral extensible mechanism for serialising structured data. https://developers.google.com/protocol-buffers/ 20
  • 21. © Men & Mice http://menandmice.com dnstap tools tools to read DNSTAP data files •dnstap-golang
 https://github.com/dnstap/golang-dnstap •dnstap-ldns
 https://github.com/dnstap/dnstap-ldns •dnstap-read (part of BIND 9.11)
 http://source.isc.org •Wireshark with dnstap support
 https://github.com/dnstap/wireshark 21
  • 22. © Men & Mice http://menandmice.com Demo: dnstap with unbound simple Unbound configuration server:
 verbosity: 1
 chroot: ""
 username: ""
 logfile: "unbound.log"
 use-syslog: no
 
 remote-control:
 control-enable: yes dnstap:
 dnstap-enable: yes
 dnstap-socket-path: "/opt/dnstap.unbound"
 dnstap-send-identity: yes
 dnstap-send-version: yes
 dnstap-log-resolver-response-messages: yes
 dnstap-log-client-query-messages: yes 22
  • 23. © Men & Mice http://menandmice.com Demo: dnstap with unbound catching the DNSTAP stream from the socket and writing to a file # fstrm_capture -t protobuf:dnstap.Dnstap 
 -u /opt/dnstap.unbound 
 -w /opt/dnstap.out 
 -ddddd 23 Protobuf information Unix socket to read file to write heavy debug output
  • 24. © Men & Mice http://menandmice.com Demo: dnstap with unbound reading a DNSTAP data file (overview) # /usr/local/bin/dnstap-ldns -r /opt/dnstap.out 2015-12-15 17:04:48.672530 CQ ::1 UDP 43b "menandmice.com." IN A
 2015-12-15 17:04:52.704455 CQ ::1 UDP 43b "menandmice.com." IN A
 2015-12-15 17:05:25.255258 CQ ::1 UDP 41b "dnssec.works." IN A
 2015-12-15 17:05:34.783531 CQ ::1 UDP 41b "dnssec.works." IN A
 2015-12-15 17:05:58.998672 CQ ::1 UDP 48b "larger.dnssec.works." IN A
 2015-12-15 17:06:05.958735 CQ ::1 UDP 49b "largerr.dnssec.works." IN A
 2015-12-15 17:06:15.198618 CQ ::1 UDP 49b "largerr.dnssec.works." IN TXT
 2015-12-15 17:06:20.493485 CQ ::1 UDP 48b "larger.dnssec.works." IN TXT 24 file with binary DNSTAP data CQ = Client Query command to read DNSTAP file
  • 25. © Men & Mice http://menandmice.com Demo: dnstap with unbound reading a DNSTAP data file (with details) # /usr/local/bin/dnstap-ldns -y —r /opt/dnstap.out type: MESSAGE
 identity: "csmobile4.home.strotmann.de"
 version: "unbound 1.5.7"
 message:
 type: CLIENT_QUERY
 query_time: !!timestamp 2015-12-15 17:06:20.493485
 socket_family: INET6
 socket_protocol: UDP
 query_address: ::1
 query_port: 48107
 query_message: |
 ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 50271
 ;; flags: rd ad ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
 
 ;; QUESTION SECTION:
 ;larger.dnssec.works. IN TXT
 
 ;; ANSWER SECTION:
 
 ;; AUTHORITY SECTION:
 
 ;; ADDITIONAL SECTION:
 
 ;; EDNS: version 0; flags: do ; udp: 4096 25 file with binary DNSTAP data details output as YAML
  • 26. © Men & Mice http://menandmice.com simple Knot 2.x configuration server:
 listen: 0.0.0.0@53
 listen: ::@53 log:
 - target: syslog
 any: info mod-dnstap:
 - id: capture_all
 sink: /opt/dnstap.knot template:
 - id: default
 storage: "/opt/knot-dnstap/var/lib/knot"
 global-module: mod-dnstap/capture_all zone:
 - domain: example.com
 file: "/opt/knot-dnstap/etc/knot/example.com.zone" Demo: dnstap with knot-dns 26
  • 27. © Men & Mice http://menandmice.com simple BIND 9.11 resolver configuration options {
 directory "/opt/bind9-dnstap";
 dnstap { all; }; // client, auth, resolver, forwarder | query, response
 dnstap-output file "/opt/bind9.tap";
 dnstap-identity hostname;
 dnstap-version "9.11.devel"; dnssec-validation auto;
 }; Demo: dnstap with BIND 9.11(devel) 27
  • 28. © Men & Mice http://menandmice.com reading a DNSTAP file with dnstap-read # dnstap-read /opt/bind9.dtp 15-Dec-2015 18:53:35.467 RQ 2001:503:ba3e::2:30 UDP 40b ./IN/DNSKEY
 15-Dec-2015 18:53:35.503 RR 2001:503:ba3e::2:30 UDP 509b ./IN/NS
 15-Dec-2015 18:53:35.514 RQ 2001:500:2d::d TCP 40b ./IN/DNSKEY
 15-Dec-2015 18:53:35.550 RR 2001:503:ba3e::2:30 TCP 736b ./IN/DNSKEY
 15-Dec-2015 18:53:35.468 RQ 2001:503:ba3e::2:30 UDP 40b ./IN/NS
 15-Dec-2015 18:53:35.503 RR 2001:503:ba3e::2:30 UDP 28b ./IN/DNSKEY
 15-Dec-2015 18:53:35.514 RR 2001:500:2d::d UDP 28b ./IN/DNSKEY
 15-Dec-2015 18:53:35.503 RQ 2001:500:2d::d UDP 40b ./IN/DNSKEY
 15-Dec-2015 18:53:35.534 RR 2001:500:2d::d TCP 736b ./IN/DNSKEY
 15-Dec-2015 18:53:35.503 RQ 2001:503:ba3e::2:30 TCP 40b ./IN/DNSKEY Demo: dnstap with BIND 9.11(devel) 28 RQ: RESOLVER_QUERY RR: RESOLVER_RESPONSE CQ: CLIENT_QUERY CR: CLIENT_RESPONSE FQ: FORWARDER_QUERY FR: FORWARDER_RESPONSE […] date and time ip address of remote machine transport protcol (UDP or TCP) Size of (DNSTAP) data domain, class and record type
  • 29. © Men & Mice http://menandmice.com reading a DNSTAP file with dnstap-read including packet data # dnstap-read -p /opt/bind9.dtp 15-Dec-2015 18:53:52.725 RQ 2001:7fe::53 UDP 67b demand.gamma.aridns.net.au/IN/AAAA
 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23009
 ;; flags: cd; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
 ;; OPT PSEUDOSECTION:
 ; EDNS: version: 0, flags: do; udp: 512
 ; COOKIE: f7208c0ca722db34
 ;; QUESTION SECTION:
 ;demand.gamma.aridns.net.au. IN AAAA
 
 15-Dec-2015 18:53:52.758 RR 2001:7fe::53 UDP 510b demand.delta.aridns.net.au/IN/AAAA
 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37169
 ;; flags: qr cd; QUESTION: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 1
 ;; OPT PSEUDOSECTION:
 ; EDNS: version: 0, flags: do; udp: 4096
 ;; QUESTION SECTION:
 ;demand.delta.aridns.net.au. IN AAAA 
 ;; AUTHORITY SECTION:
 au. 172800 IN NS a.au.
 […]
 au. 172800 IN NS u.au.
 au. 86400 IN DS 37976 8 1 ACCF50B2687DB697C404163DC1B9A07EE022E794
 au. 86400 IN DS 37976 8 2 EA7CDFAB57E4D9CB5F09BE95EC5EBD4F4A113DFA3F120AC9D6065282 D910B8A5
 au. 86400 IN DS 41491 8 1 C104274A2F94B01DB84E76B298B69A53B3FB4919
 au. 86400 IN DS 41491 8 2 FCAABD135FFD9D1015438FC4AF8ACE4E9D2BEA04748C4DB3975CFD7C ABC30B88
 au. 86400 IN RRSIG DS 8 1 86400 20151225170000 20151215160000 62530 . ccUToKhPaKIGE2O1fJgW/HjPAg/ La2aQUNH1EVMgmTGyynx54IkS3NGY V1+xgqHRyYfp3Zr4lv2MLPC1w4ix+yMuAorPbdOxMDgxS3/D0PM8bTO4 Fs2CHSZ++NGML2WtUP2r8EGVYak+pysUgOBK8DvV8RQK+neXb7eoRwF0 Mag= Demo: dnstap with BIND 9.11(devel) 29
  • 30. © Men & Mice http://menandmice.com dnstap summary a new, open standard for DNS server operation monitoring • designed for large, busy DNS server • minimal performance loss • wide adoption among open source DNS server implementations 30
  • 31. © Men & Mice http://menandmice.com don't miss our next webinars •January 2016 – the DNS server in Windows 2016 Server – a big leap forward (views, response rate limiting, ACLs and more) •February 2016 - an Update on DNSSEC and DANE: new implementations, adoption in the market, new Internet Standards
 
 Signup @ 
 https://www.menandmice.com/resources/educational-resources/webinars/ 31
  • 32. © Men & Mice http://menandmice.com Q/A 32 ? 2016 Schedule, Slides, Links, Recording and errata will be published @
 https://www.menandmice.com/resources/educational-resources/webinars/