SlideShare a Scribd company logo
Namespaces for Local
Networks
Name Resolution Webinar Trilogy Part 1
A little change …
HSTS forced for all 

".dev" top level domains
… major problem (for some)
Current Chrome Browser Future Chrome Browser
What has happen?
• Google changed the code of
the next Chrome browser to
enforce proper TLS-
encryption on all ".dev"
domains
• The TLD ".dev" is owned by
Google
4https://www.iana.org/domains/root/db/dev.html
What is the problem?
5
HSTS?
• HSTS is short for "HTTP Strict Transport Security"
• RFC 6797 

https://tools.ietf.org/html/rfc6797
• HSTS declares that web-browser connections towards
this domain always needs to be secured by TLS (HTTPS)
6
HSTS?
• HSTS is usually set in the
website configuration and
send via a HTTP header to the
browser
• The browser caches the value
for "max-age" time
7
https://securityheaders.io/
HSTS Header
Google, Chrome and "dev"
• Google owns both the Chrome-Browser and the "dev" TLD
• For Google it makes sense to ship the Chrome-Browser
with preloaded HSTS for their own domains
• besides "dev", this includes today the "foo" and "google"
TLDs
8
"dev" TLD is not the only
problem
• Administrators and
Developers use domain
names in their local
networks that are not
owned by them:
• .corp
• .lan
• .company
• .media
• .webdev
• .server
• .infra
• .box
• …
• All this names risk name
collisions with new TLDs
9
Choices for a local only
namespace
• Using a seemingly unused DNS TLD in a internal network is a
bad idea
• The name can become in use later and create name
collisions
• Choices for a local only namespace:
• Subdomain of a delegated domain
• A reserved Top-Level-Domain/Second-Level-Domain
• Name-Resolution other than DNS (mDNS, LLMNR, PNRP …)
10
Option: 

Subdomain of a delegated
domain
Subdomain of a delegated
domain
• Using a sub-domain of a delegated (owned) domain in the
Internet is the most safe solution
• If it is delegated to you , you already own all subdomains
and sub-subdomains of that name
• The locally used name should not be reachable from the
public Internet
12
Subdomain of a delegated
domain
13
Internet
"."
".com"
"example.com"
DNS-Resolver
Delegation
Delegation
Query
Query
Query "lan.example.com"
Subdomain of a delegated
domain
14
Internet
"."
".com"
"example.com"
DNS-Resolver
Delegation
Delegation
NXDOMAIN
NXDOMAIN
Query "lan.example.com"
Subdomain of a delegated
domain
15
Internal Network
Internet
"."
".com"
"example.com"
"lan.example.com"
"hr.lan.example.com"
DNS-Resolver
hr.lan.example.com
Subdomain of a delegated
domain
16
Internal Network
Internet
"."
".com"
"example.com"
"lan.example.com"
"hr.lan.example.com"
DNS-Resolver
Query
Query
Option: 

domain reserved

for local use
Reserved Domain Names
• In 1999, the IETF reserved a number of top level domain to not be
used in the Internet
• RFC 2606 "Reserved Top Level DNS Names" 

https://tools.ietf.org/html/rfc2606
• Updated in RFC 6761 "Special-Use Domain Names"

https://tools.ietf.org/html/rfc6761
• ".test", ".invalid", ".example" and ".localhost"
• For an internal development system, ".test" would be a good
choice
18
Reserved Domain Names
19
Internal Network
Internet
"."
".com"
"example.com"
"webdev.test"
"beta.test"
DNS-Resolver
www1.webdev.test
Reserved Domain Names
20
Internal Network
Internet
"."
".com"
"example.com"
DNS-Resolver
Query
Query
"webdev.test"
"beta.test"
The "home.arpa." domain
• The Domain "home.arpa." is used in the new Homenet
Control Protocol (HNCP)
• HNCP is a new IETF protocol to automatically configure
home networks with multiple subnets (lan, wireless, guest-
networks etc)
• The domain "home.arpa." is only defined for local networks
and will never be used in the Internet
• Internet Draft "Special Use Domain 'home.arpa.'"

https://tools.ietf.org/html/draft-ietf-homenet-dot
21
Reserved Domain Names
22
Internal Network
Internet
"."
".com"
"example.com"
DNS-Resolver with 

"home.arpa" local zone
www-dev.home.arpa
Reserved Domain Names
23
Internal Network
Internet
"."
".com"
"example.com"
Query 

"www-dev.home.arpa."
DNS-Resolver with 

"home.arpa" local zone
Reserved Domain Names
24
Internal Network
Internet
"."
".com"
"example.com"
DNS-Resolver with 

"home.arpa" local zone
Answer 

"www-dev.home.arpa."
More options
• We will discuss solutions outside DNS in the upcoming two
webinars
• Link-Local-Multicast-Name-Resolution (LLMNR) for
Windows and Linux
• Peer-Name-Resolution-Protocol (PNRP) for Windows
• Multicast DNS (mDNS) for macOS, iOS, Windows and
Linux
25
Local Zone with
Unbound
Unbound with local zone
• Unbound is a fast and lean DNS resolver
• Available for Unix, Linux, macOS and Windows

Homepage: https://unbound.net
• Unbound main purpose is to resolve names in the Internet for
local clients
• Unbound has limited authoritative functions (it can serve zone
data)
• This setup is recommended for smaller networks (less than 100
DNS clients)
27
Unbound with local zone
• Benefits of using Unbound for local zones:
• Simple setup
• Only one type of software needed
• Fast response times
28
Unbound with local zone
• Downsides of using Unbound for local zones:
• No DNSSEC security for the local zones (but DNSSEC
validation for all DNSSEC secured Internet zones)
• No automatic provisioning of multiple DNS resolver via
zone-transfer
29
Unbound with local zone
30
Internal Network
Internet
"."
".com"
"example.com"DNS-Resolver with 

"home.arpa" local zone
www-dev.home.arpa
Unbound with local zone
31
Internal Network
Internet
"."
".com"
"example.com"DNS-Resolver with 

"home.arpa" local zone
Query 

"www-dev.home.arpa."
Unbound with local zone
32
Internal Network
Internet
"."
".com"
"example.com"DNS-Resolver with 

"home.arpa" local zone
Answer 

"www-dev.home.arpa."
Unbound with local zone
33
Internal Network
Internet
"."
".com"
"example.com"DNS-Resolver with 

"home.arpa" local zone
www.example.com
Unbound with local zone
34
Internal Network
Internet
"."
".com"
"example.com"DNS-Resolver with 

"home.arpa" local zone
Query 

"www.example.com."
Unbound with local zone
35
Internal Network
Internet
"."
".com"
"example.com"DNS-Resolver with 

"home.arpa" local zone
Query 

"www.example.com."
Query 

"www.example.com."
Query 

"www.example.com."
Unbound with local zone
36
Internal Network
Internet
"."
".com"
"example.com"DNS-Resolver with 

"home.arpa" local zone
Answer 

"www.example.com."
Answer 

"www.example.com."
Unbound local-zone example
37
# local-zone example for Unbound
# Installation in Unbound configuration directory
# for Debian e.g. into /etc/unbound/unbound.conf.d/
server:
unblock-lan-zones: yes
insecure-lan-zones: yes
local-zone: "mynet.home.arpa." static
# Zonen-Metadata
local-data: "mynet.home.arpa. 3600 IN SOA resolver01.mynet.home.arpa. hostmaster 1 2h 15m 500h 1h"
local-data: "mynet.home.arpa. 3600 IN NS resolver01.mynet.home.arpa."
# IPv6-Addresses
local-data: "resolver01.mynet.home.arpa. 3600 IN AAAA 2001:db8:10:dd::53"
local-data: "www.mynet.home.arpa. 3600 IN AAAA 2001:db8:10:ff::80"
local-data: "nas.mynet.home.arpa. 3600 IN AAAA 2001:db8:10:ff::222"
local-data: "raspi.mynet.home.arpa. 3600 IN AAAA 2001:db8:10:ff::123"
# IPv4-Addresses
local-data: "resolver01.mynet.home.arpa. 3600 IN A 192.168.1.53"
local-data: "www.mynet.home.arpa. 3600 IN A 192.168.1.80"
local-data: "nas.mynet.home.arpa. 3600 IN A 192.168.1.222"
local-data: "raspi.mynet.home.arpa. 3600 IN A 192.168.1.123"
Local Zone with 

BIND 9
Local zone setup with BIND 9
• For larger networks, we recommend to host the local
zones on authoritative DNS server separate from the
resolvers
• On the next slides we show an example design based on
BIND 9, but the same design can be implemented with
other DNS servers as well (Windows DNS, PowerDNS,
Knot, NSD+Unbound etc)
39
Local zone setup with BIND 9
• Benefits of a local authoritative DNS Server setup
• Higher resiliency
• Automatic load-balancing and failover between servers
• DNSSEC signing and validation possible for the local
zones
• Zones are kept in sync with regular zone transfer
• Better monitoring and logging possible
40
Local authoritative DNS
server
41
Internal Network
Internet
"."
".com"
"example.com"
DNS-Authoritative Server with 

"home.arpa" zone
Datacenter2
Datacenter1
Local authoritative DNS
server
42
Internal Network
Internet
"."
".com"
"example.com"
DNS-Resolver with 

"home.arpa" stub-zone
Datacenter2
Datacenter1
Local authoritative DNS
server
43
Internal Network
Internet
"."
".com"
"example.com"
Datacenter2
Datacenter1
www.example.com
Local authoritative DNS
server
44
Internal Network
Internet
"."
".com"
"example.com"
Datacenter2
Datacenter1
Query 

"www.example.com."
Local authoritative DNS
server
45
Internal Network
Internet
"."
".com"
"example.com"
Datacenter2
Datacenter1
Query 

"www.example.com."
Query 

"www.example.com."
Query 

"www.example.com."
Query 

"www.example.com."
Local authoritative DNS
server
46
Internal Network
Internet
"."
".com"
"example.com"
Datacenter2
Datacenter1
Answer 

"www.example.com."
Answer

"www.example.com"
Local authoritative DNS
server
47
Internal Network
Internet
"."
".com"
"example.com"
Datacenter2
Datacenter1
www-dev.home.arpa
Local authoritative DNS
server
48
Internal Network
Internet
"."
".com"
"example.com"
Datacenter2
Datacenter1
Query 

"www-dev.home.arpa."
Query 

"www-dev.home.arpa."
Local authoritative DNS
server
49
Internal Network
Internet
"."
".com"
"example.com"
Datacenter2
Datacenter1
Answer 

"www-dev.home.arpa."
Answer

"www-dev.home.arpa"
BIND 9 configuration on the
authoritative server
50
options {
recursion no;
directory "/var/named";
};
zone "home.arpa." {
type master;
file "home.arpa";
inline-signing yes;
auto-dnssec maintain;
};
BIND 9 master zone on the
authoritative server
51
$TTL 3600
; Zonen-Metadata
mynet.home.arpa. SOA resolver01.mynet.home.arpa. hostmaster 1 2h 15m 500h 1h
mynet.home.arpa. NS resolver01.mynet.home.arpa.
; IPv6-Addresses
resolver01.mynet.home.arpa. AAAA 2001:db8:10:dd::53
www.mynet.home.arpa. AAAA 2001:db8:10:ff::80
nas.mynet.home.arpa. AAAA 2001:db8:10:ff::222
raspi.mynet.home.arpa. AAAA 2001:db8:10:ff::123
; IPv4-Addresses
resolver01.mynet.home.arpa. A 192.168.1.53
www.mynet.home.arpa. A 192.168.1.80
nas.mynet.home.arpa. A 192.168.1.222
raspi.mynet.home.arpa. A 192.168.1.123
BIND 9 configuration on the
resolver server
52
options {
allow-recursion { clients; };
directory "/var/named";
};
managed-keys {

"home.arpa." initial-key 257 3 8 "AwEAAagA…";
};
zone "home.arpa." {
type stub;
file "home.arpa";
masters { 192.0.2.153; 192.0.2.253; };
};
Next
Men & Mice Training
• DNS & DANE Training, 3 days

19.03 - 21.03.18

Linuxhotel Essen, Germany
54
http://linuxhotel.de/
Next Webinar
• Name Resolution Webinar Trilogy Part 2 – Local Name Resolution in Windows
Networks
• Tuesday, 7th of November, 2017
• Microsoft operating systems have a long history of local name resolution
solutions, from NetBIOS over WINS to the LLMNR and PNRP protocols today.
• In this webinar, due to take place on 7th November, 2017, we will take a look at
PNRP and LLMNR in Windows 10 and Windows Server 2016 and how these
protocols can be used to have server-less name resolution without a
centralized DNS infrastructure. We also look deeper into the interoperability of
these new protocols with older Windows versions, such as Windows 7 or
Windows 8.
• Join us for a 45 minutes webinar with a Q&A session at the end, on Tuesday,
November 7th, 2017 at 4:00 PM CET/ 3:00 PM GMT/ 10:00 AM EDT / 7:00 AM PDT.
55
Next Webinar
• Name Resolution Webinar Trilogy Part 3 – Local Name Resolution in Linux, FreeBSD
and macOS/iOS
• Wednesday, 29th of November, 2017
• Multicast DNS (mDNS) was pioneered in Apple’s MacOS X system, and is now
available on all systems from Cupertino.
• The focus of this webinar will be to take a deeper look into this local name-
resolution system and the implementations for other Unix systems like Linux and
FreeBSD. Linux’s new über-Daemon “systemd” supports both mDNS and the
Windows LLMNR (Link-Local-Multicast-Name-Resolution). We will also show how
well a Systemd-Linux behaves in heterogenous networks running both Windows
and macOS.
• Join us for a 45 minutes webinar with a Q&A session at the end, on Wednesday,
November 29th, 2017 at 4:00 PM CET/ 3:00 PM GMT/ 10:00 AM EDT / 7:00 AM PDT.
56
Fini - Q & A

More Related Content

What's hot

What is new in BIND 9.11?
What is new in BIND 9.11?What is new in BIND 9.11?
What is new in BIND 9.11?
Men and Mice
 
DNSTap Webinar
DNSTap WebinarDNSTap Webinar
DNSTap Webinar
Men and Mice
 
Windows Server 2016 Webinar
Windows Server 2016 WebinarWindows Server 2016 Webinar
Windows Server 2016 Webinar
Men and Mice
 
How to send DNS over anything encrypted
How to send DNS over anything encryptedHow to send DNS over anything encrypted
How to send DNS over anything encrypted
Men and Mice
 
Encrypted DNS - DNS over TLS / DNS over HTTPS
Encrypted DNS - DNS over TLS / DNS over HTTPSEncrypted DNS - DNS over TLS / DNS over HTTPS
Encrypted DNS - DNS over TLS / DNS over HTTPS
Alex Mayrhofer
 
Kea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCKea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISC
Men and Mice
 
Keeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runitKeeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runit
Men and Mice
 
DoH, DoT and ESNI
DoH, DoT and ESNIDoH, DoT and ESNI
DoH, DoT and ESNI
Jisc
 
Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...
Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...
Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...
APNIC
 
RIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinarRIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinar
Men and Mice
 
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
APNIC
 
DNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAIL
DNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAILDNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAIL
DNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAIL
Utah Networxs Consultoria e Treinamento
 
Windows 2012 and DNSSEC
Windows 2012 and DNSSECWindows 2012 and DNSSEC
Windows 2012 and DNSSEC
Men and Mice
 
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
APNIC
 
SMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANESMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANE
Men and Mice
 
DNSSEC Tutorial; USENIX LISA 2013
DNSSEC Tutorial; USENIX LISA 2013DNSSEC Tutorial; USENIX LISA 2013
DNSSEC Tutorial; USENIX LISA 2013
Shumon Huque
 
DNS/DNSSEC by Nurul Islam
DNS/DNSSEC by Nurul IslamDNS/DNSSEC by Nurul Islam
DNS/DNSSEC by Nurul Islam
MyNOG
 
Get your instance by name integration of nova, neutron and designate
Get your instance by name  integration of nova, neutron and designateGet your instance by name  integration of nova, neutron and designate
Get your instance by name integration of nova, neutron and designate
Miguel Lavalle
 
Designate - Operators Deep Dive
Designate - Operators Deep DiveDesignate - Operators Deep Dive
Designate - Operators Deep Dive
Graham Hayes
 

What's hot (20)

What is new in BIND 9.11?
What is new in BIND 9.11?What is new in BIND 9.11?
What is new in BIND 9.11?
 
DNSTap Webinar
DNSTap WebinarDNSTap Webinar
DNSTap Webinar
 
Windows Server 2016 Webinar
Windows Server 2016 WebinarWindows Server 2016 Webinar
Windows Server 2016 Webinar
 
How to send DNS over anything encrypted
How to send DNS over anything encryptedHow to send DNS over anything encrypted
How to send DNS over anything encrypted
 
Encrypted DNS - DNS over TLS / DNS over HTTPS
Encrypted DNS - DNS over TLS / DNS over HTTPSEncrypted DNS - DNS over TLS / DNS over HTTPS
Encrypted DNS - DNS over TLS / DNS over HTTPS
 
Kea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCKea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISC
 
Keeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runitKeeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runit
 
DoH, DoT and ESNI
DoH, DoT and ESNIDoH, DoT and ESNI
DoH, DoT and ESNI
 
Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...
Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...
Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...
 
RIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinarRIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinar
 
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
 
DNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAIL
DNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAILDNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAIL
DNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAIL
 
Windows 2012 and DNSSEC
Windows 2012 and DNSSECWindows 2012 and DNSSEC
Windows 2012 and DNSSEC
 
Dnssec
DnssecDnssec
Dnssec
 
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
 
SMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANESMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANE
 
DNSSEC Tutorial; USENIX LISA 2013
DNSSEC Tutorial; USENIX LISA 2013DNSSEC Tutorial; USENIX LISA 2013
DNSSEC Tutorial; USENIX LISA 2013
 
DNS/DNSSEC by Nurul Islam
DNS/DNSSEC by Nurul IslamDNS/DNSSEC by Nurul Islam
DNS/DNSSEC by Nurul Islam
 
Get your instance by name integration of nova, neutron and designate
Get your instance by name  integration of nova, neutron and designateGet your instance by name  integration of nova, neutron and designate
Get your instance by name integration of nova, neutron and designate
 
Designate - Operators Deep Dive
Designate - Operators Deep DiveDesignate - Operators Deep Dive
Designate - Operators Deep Dive
 

Viewers also liked

Healthcare Analytics Careers: New Roles for the Brave, New World of Value-bas...
Healthcare Analytics Careers: New Roles for the Brave, New World of Value-bas...Healthcare Analytics Careers: New Roles for the Brave, New World of Value-bas...
Healthcare Analytics Careers: New Roles for the Brave, New World of Value-bas...
Health Catalyst
 
When Healthcare Data Analysts Fulfill the Data Detective Role
When Healthcare Data Analysts Fulfill the Data Detective RoleWhen Healthcare Data Analysts Fulfill the Data Detective Role
When Healthcare Data Analysts Fulfill the Data Detective Role
Health Catalyst
 
How to Tap the Power of Storytelling with Facebook Live
How to Tap the Power of Storytelling with Facebook LiveHow to Tap the Power of Storytelling with Facebook Live
How to Tap the Power of Storytelling with Facebook Live
BuzzSumo
 
Tcp udp
Tcp udpTcp udp
Tcp udp
Programmer
 
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...
Cisco Connect Toronto  2017 - Accelerating Incident Response in Organizations...Cisco Connect Toronto  2017 - Accelerating Incident Response in Organizations...
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...
Cisco Canada
 
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurity
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurityComodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurity
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurity
CheapSSLsecurity
 
Cyber crime & security
Cyber crime & securityCyber crime & security
Cyber crime & security
Avani Patel
 
Dns Hardening Linux Os
Dns Hardening   Linux OsDns Hardening   Linux Os
Dns Hardening Linux Os
ecarrow
 
(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...
(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...
(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...
ThreatReel Podcast
 
Role of DNS in Botnet Command and Control
Role of DNS in Botnet Command and ControlRole of DNS in Botnet Command and Control
Role of DNS in Botnet Command and Control
OpenDNS
 
Symantec (ISTR) Internet Security Threat Report Volume 22
Symantec (ISTR) Internet Security Threat Report Volume 22Symantec (ISTR) Internet Security Threat Report Volume 22
Symantec (ISTR) Internet Security Threat Report Volume 22
CheapSSLsecurity
 
Cyber Security # Lec 2
Cyber Security # Lec 2Cyber Security # Lec 2
Cyber Security # Lec 2
Kabul Education University
 
Cisco Connect Toronto 2017 - Anatomy-of-attack
Cisco Connect Toronto 2017 - Anatomy-of-attackCisco Connect Toronto 2017 - Anatomy-of-attack
Cisco Connect Toronto 2017 - Anatomy-of-attack
Cisco Canada
 
Microsoft Cyber Security IT-Camp
Microsoft Cyber Security IT-CampMicrosoft Cyber Security IT-Camp
Microsoft Cyber Security IT-Camp
Alexander Benoit
 
The Changing Role of Healthcare Data Analysts
The Changing Role of Healthcare Data AnalystsThe Changing Role of Healthcare Data Analysts
The Changing Role of Healthcare Data Analysts
Health Catalyst
 
DerbyCon 7.0 Legacy: Regular Expressions (Regex) Overview
DerbyCon 7.0 Legacy: Regular Expressions (Regex) OverviewDerbyCon 7.0 Legacy: Regular Expressions (Regex) Overview
DerbyCon 7.0 Legacy: Regular Expressions (Regex) Overview
ThreatReel Podcast
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You Safe
CheapSSLsecurity
 
OISF: Regular Expressions (Regex) Overview
OISF: Regular Expressions (Regex) OverviewOISF: Regular Expressions (Regex) Overview
OISF: Regular Expressions (Regex) Overview
ThreatReel Podcast
 
Scripting and automation with the Men & Mice Suite
Scripting and automation with the Men & Mice SuiteScripting and automation with the Men & Mice Suite
Scripting and automation with the Men & Mice Suite
Men and Mice
 
Umbrella Webcast: Redefining Security for the Nomadic Worker
Umbrella Webcast: Redefining Security for the Nomadic WorkerUmbrella Webcast: Redefining Security for the Nomadic Worker
Umbrella Webcast: Redefining Security for the Nomadic WorkerOpenDNS
 

Viewers also liked (20)

Healthcare Analytics Careers: New Roles for the Brave, New World of Value-bas...
Healthcare Analytics Careers: New Roles for the Brave, New World of Value-bas...Healthcare Analytics Careers: New Roles for the Brave, New World of Value-bas...
Healthcare Analytics Careers: New Roles for the Brave, New World of Value-bas...
 
When Healthcare Data Analysts Fulfill the Data Detective Role
When Healthcare Data Analysts Fulfill the Data Detective RoleWhen Healthcare Data Analysts Fulfill the Data Detective Role
When Healthcare Data Analysts Fulfill the Data Detective Role
 
How to Tap the Power of Storytelling with Facebook Live
How to Tap the Power of Storytelling with Facebook LiveHow to Tap the Power of Storytelling with Facebook Live
How to Tap the Power of Storytelling with Facebook Live
 
Tcp udp
Tcp udpTcp udp
Tcp udp
 
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...
Cisco Connect Toronto  2017 - Accelerating Incident Response in Organizations...Cisco Connect Toronto  2017 - Accelerating Incident Response in Organizations...
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...
 
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurity
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurityComodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurity
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurity
 
Cyber crime & security
Cyber crime & securityCyber crime & security
Cyber crime & security
 
Dns Hardening Linux Os
Dns Hardening   Linux OsDns Hardening   Linux Os
Dns Hardening Linux Os
 
(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...
(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...
(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...
 
Role of DNS in Botnet Command and Control
Role of DNS in Botnet Command and ControlRole of DNS in Botnet Command and Control
Role of DNS in Botnet Command and Control
 
Symantec (ISTR) Internet Security Threat Report Volume 22
Symantec (ISTR) Internet Security Threat Report Volume 22Symantec (ISTR) Internet Security Threat Report Volume 22
Symantec (ISTR) Internet Security Threat Report Volume 22
 
Cyber Security # Lec 2
Cyber Security # Lec 2Cyber Security # Lec 2
Cyber Security # Lec 2
 
Cisco Connect Toronto 2017 - Anatomy-of-attack
Cisco Connect Toronto 2017 - Anatomy-of-attackCisco Connect Toronto 2017 - Anatomy-of-attack
Cisco Connect Toronto 2017 - Anatomy-of-attack
 
Microsoft Cyber Security IT-Camp
Microsoft Cyber Security IT-CampMicrosoft Cyber Security IT-Camp
Microsoft Cyber Security IT-Camp
 
The Changing Role of Healthcare Data Analysts
The Changing Role of Healthcare Data AnalystsThe Changing Role of Healthcare Data Analysts
The Changing Role of Healthcare Data Analysts
 
DerbyCon 7.0 Legacy: Regular Expressions (Regex) Overview
DerbyCon 7.0 Legacy: Regular Expressions (Regex) OverviewDerbyCon 7.0 Legacy: Regular Expressions (Regex) Overview
DerbyCon 7.0 Legacy: Regular Expressions (Regex) Overview
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You Safe
 
OISF: Regular Expressions (Regex) Overview
OISF: Regular Expressions (Regex) OverviewOISF: Regular Expressions (Regex) Overview
OISF: Regular Expressions (Regex) Overview
 
Scripting and automation with the Men & Mice Suite
Scripting and automation with the Men & Mice SuiteScripting and automation with the Men & Mice Suite
Scripting and automation with the Men & Mice Suite
 
Umbrella Webcast: Redefining Security for the Nomadic Worker
Umbrella Webcast: Redefining Security for the Nomadic WorkerUmbrella Webcast: Redefining Security for the Nomadic Worker
Umbrella Webcast: Redefining Security for the Nomadic Worker
 

Similar to Namespaces for Local Networks

Hands-on DNSSEC Deployment
Hands-on DNSSEC DeploymentHands-on DNSSEC Deployment
Hands-on DNSSEC Deployment
Bangladesh Network Operators Group
 
AWS User Group - Perth - April 2021 - DNS
AWS User Group - Perth - April 2021 - DNSAWS User Group - Perth - April 2021 - DNS
AWS User Group - Perth - April 2021 - DNS
James Bromberger
 
Re-Engineering the DNS – One Resolver at a Time
Re-Engineering the DNS – One Resolver at a Time Re-Engineering the DNS – One Resolver at a Time
Re-Engineering the DNS – One Resolver at a Time
Bangladesh Network Operators Group
 
bdNOG 7 - Re-engineering the DNS - one resolver at a time
bdNOG 7 - Re-engineering the DNS - one resolver at a timebdNOG 7 - Re-engineering the DNS - one resolver at a time
bdNOG 7 - Re-engineering the DNS - one resolver at a time
APNIC
 
The latest news in the DNS resolution: DNSSEC
The latest news in the DNS resolution: DNSSECThe latest news in the DNS resolution: DNSSEC
The latest news in the DNS resolution: DNSSEC
Whalebone, s.r.o.
 
ION Islamabad - Deploying DNSSEC
ION Islamabad - Deploying DNSSECION Islamabad - Deploying DNSSEC
ION Islamabad - Deploying DNSSEC
Deploy360 Programme (Internet Society)
 
Whalebone-UKNOF44security992_new_impl.pptx
Whalebone-UKNOF44security992_new_impl.pptxWhalebone-UKNOF44security992_new_impl.pptx
Whalebone-UKNOF44security992_new_impl.pptx
Ans Sembiring
 
Quad9 and DNS Privacy
Quad9 and DNS PrivacyQuad9 and DNS Privacy
HKNOG 5.0 - NSEC caching
HKNOG 5.0 - NSEC cachingHKNOG 5.0 - NSEC caching
HKNOG 5.0 - NSEC caching
APNIC
 
Advanced DNS/DHCP for Novell eDirectory Environments
Advanced DNS/DHCP for Novell eDirectory EnvironmentsAdvanced DNS/DHCP for Novell eDirectory Environments
Advanced DNS/DHCP for Novell eDirectory Environments
Novell
 
Pmw2 k3ni 1-2b
Pmw2 k3ni 1-2bPmw2 k3ni 1-2b
Pmw2 k3ni 1-2bhariclant1
 
Azure DNS Privé
Azure DNS PrivéAzure DNS Privé
Azure DNS Privé
AZUG FR
 
Grey H@t - DNS Cache Poisoning
Grey H@t - DNS Cache PoisoningGrey H@t - DNS Cache Poisoning
Grey H@t - DNS Cache Poisoning
Christopher Grayson
 
Die ultimative Anleitung für HCL Nomad Web Administratoren
Die ultimative Anleitung für HCL Nomad Web AdministratorenDie ultimative Anleitung für HCL Nomad Web Administratoren
Die ultimative Anleitung für HCL Nomad Web Administratoren
panagenda
 
Running a Local Copy of the DNS Root Zone
Running a Local Copy of the DNS Root ZoneRunning a Local Copy of the DNS Root Zone
Running a Local Copy of the DNS Root Zone
APNIC
 
Running Neutron at Scale - Gal Sagie & Eran Gampel - OpenStack Day Israel 2016
Running Neutron at Scale - Gal Sagie & Eran Gampel - OpenStack Day Israel 2016Running Neutron at Scale - Gal Sagie & Eran Gampel - OpenStack Day Israel 2016
Running Neutron at Scale - Gal Sagie & Eran Gampel - OpenStack Day Israel 2016
Cloud Native Day Tel Aviv
 
8 technical-dns-workshop-day4
8 technical-dns-workshop-day48 technical-dns-workshop-day4
8 technical-dns-workshop-day4
DNS Entrepreneurship Center
 
Chapter 10 Domain Name Systems_MWSA.pptx
Chapter 10 Domain Name Systems_MWSA.pptxChapter 10 Domain Name Systems_MWSA.pptx
Chapter 10 Domain Name Systems_MWSA.pptx
manju772238
 
Question 1 Refer to the graphic above to answer the following .docx
Question 1 Refer to the graphic above to answer the following .docxQuestion 1 Refer to the graphic above to answer the following .docx
Question 1 Refer to the graphic above to answer the following .docx
IRESH3
 
Signing DNSSEC answers on the fly at the edge: challenges and solutions
Signing DNSSEC answers on the fly at the edge: challenges and solutionsSigning DNSSEC answers on the fly at the edge: challenges and solutions
Signing DNSSEC answers on the fly at the edge: challenges and solutions
APNIC
 

Similar to Namespaces for Local Networks (20)

Hands-on DNSSEC Deployment
Hands-on DNSSEC DeploymentHands-on DNSSEC Deployment
Hands-on DNSSEC Deployment
 
AWS User Group - Perth - April 2021 - DNS
AWS User Group - Perth - April 2021 - DNSAWS User Group - Perth - April 2021 - DNS
AWS User Group - Perth - April 2021 - DNS
 
Re-Engineering the DNS – One Resolver at a Time
Re-Engineering the DNS – One Resolver at a Time Re-Engineering the DNS – One Resolver at a Time
Re-Engineering the DNS – One Resolver at a Time
 
bdNOG 7 - Re-engineering the DNS - one resolver at a time
bdNOG 7 - Re-engineering the DNS - one resolver at a timebdNOG 7 - Re-engineering the DNS - one resolver at a time
bdNOG 7 - Re-engineering the DNS - one resolver at a time
 
The latest news in the DNS resolution: DNSSEC
The latest news in the DNS resolution: DNSSECThe latest news in the DNS resolution: DNSSEC
The latest news in the DNS resolution: DNSSEC
 
ION Islamabad - Deploying DNSSEC
ION Islamabad - Deploying DNSSECION Islamabad - Deploying DNSSEC
ION Islamabad - Deploying DNSSEC
 
Whalebone-UKNOF44security992_new_impl.pptx
Whalebone-UKNOF44security992_new_impl.pptxWhalebone-UKNOF44security992_new_impl.pptx
Whalebone-UKNOF44security992_new_impl.pptx
 
Quad9 and DNS Privacy
Quad9 and DNS PrivacyQuad9 and DNS Privacy
Quad9 and DNS Privacy
 
HKNOG 5.0 - NSEC caching
HKNOG 5.0 - NSEC cachingHKNOG 5.0 - NSEC caching
HKNOG 5.0 - NSEC caching
 
Advanced DNS/DHCP for Novell eDirectory Environments
Advanced DNS/DHCP for Novell eDirectory EnvironmentsAdvanced DNS/DHCP for Novell eDirectory Environments
Advanced DNS/DHCP for Novell eDirectory Environments
 
Pmw2 k3ni 1-2b
Pmw2 k3ni 1-2bPmw2 k3ni 1-2b
Pmw2 k3ni 1-2b
 
Azure DNS Privé
Azure DNS PrivéAzure DNS Privé
Azure DNS Privé
 
Grey H@t - DNS Cache Poisoning
Grey H@t - DNS Cache PoisoningGrey H@t - DNS Cache Poisoning
Grey H@t - DNS Cache Poisoning
 
Die ultimative Anleitung für HCL Nomad Web Administratoren
Die ultimative Anleitung für HCL Nomad Web AdministratorenDie ultimative Anleitung für HCL Nomad Web Administratoren
Die ultimative Anleitung für HCL Nomad Web Administratoren
 
Running a Local Copy of the DNS Root Zone
Running a Local Copy of the DNS Root ZoneRunning a Local Copy of the DNS Root Zone
Running a Local Copy of the DNS Root Zone
 
Running Neutron at Scale - Gal Sagie & Eran Gampel - OpenStack Day Israel 2016
Running Neutron at Scale - Gal Sagie & Eran Gampel - OpenStack Day Israel 2016Running Neutron at Scale - Gal Sagie & Eran Gampel - OpenStack Day Israel 2016
Running Neutron at Scale - Gal Sagie & Eran Gampel - OpenStack Day Israel 2016
 
8 technical-dns-workshop-day4
8 technical-dns-workshop-day48 technical-dns-workshop-day4
8 technical-dns-workshop-day4
 
Chapter 10 Domain Name Systems_MWSA.pptx
Chapter 10 Domain Name Systems_MWSA.pptxChapter 10 Domain Name Systems_MWSA.pptx
Chapter 10 Domain Name Systems_MWSA.pptx
 
Question 1 Refer to the graphic above to answer the following .docx
Question 1 Refer to the graphic above to answer the following .docxQuestion 1 Refer to the graphic above to answer the following .docx
Question 1 Refer to the graphic above to answer the following .docx
 
Signing DNSSEC answers on the fly at the edge: challenges and solutions
Signing DNSSEC answers on the fly at the edge: challenges and solutionsSigning DNSSEC answers on the fly at the edge: challenges and solutions
Signing DNSSEC answers on the fly at the edge: challenges and solutions
 

More from Men and Mice

Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network StrategiesCisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Men and Mice
 
Fighting Abuse with DNS
Fighting Abuse with DNSFighting Abuse with DNS
Fighting Abuse with DNS
Men and Mice
 
PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2
Men and Mice
 
PowerDNS Webinar
PowerDNS Webinar PowerDNS Webinar
PowerDNS Webinar
Men and Mice
 
IETF 93 Review Webinar
IETF 93 Review WebinarIETF 93 Review Webinar
IETF 93 Review Webinar
Men and Mice
 
RIPE 70 Report Webinar
RIPE 70 Report WebinarRIPE 70 Report Webinar
RIPE 70 Report Webinar
Men and Mice
 
DNSSEC best practices Webinar
DNSSEC best practices WebinarDNSSEC best practices Webinar
DNSSEC best practices Webinar
Men and Mice
 
IETF 92 Webinar
IETF 92 WebinarIETF 92 Webinar
IETF 92 Webinar
Men and Mice
 
The KNOT DNS Server
The KNOT DNS ServerThe KNOT DNS Server
The KNOT DNS Server
Men and Mice
 
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
Men and Mice
 
DNSSEC and DANE – E-Mail security reloaded
DNSSEC and DANE – E-Mail security reloadedDNSSEC and DANE – E-Mail security reloaded
DNSSEC and DANE – E-Mail security reloaded
Men and Mice
 
IETF 90 Report – DNS, DHCP, IPv6 and DANE
IETF 90 Report – DNS, DHCP, IPv6 and DANEIETF 90 Report – DNS, DHCP, IPv6 and DANE
IETF 90 Report – DNS, DHCP, IPv6 and DANE
Men and Mice
 
RIPE 68 Webinar
RIPE 68 WebinarRIPE 68 Webinar
RIPE 68 Webinar
Men and Mice
 

More from Men and Mice (13)

Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network StrategiesCisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
 
Fighting Abuse with DNS
Fighting Abuse with DNSFighting Abuse with DNS
Fighting Abuse with DNS
 
PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2
 
PowerDNS Webinar
PowerDNS Webinar PowerDNS Webinar
PowerDNS Webinar
 
IETF 93 Review Webinar
IETF 93 Review WebinarIETF 93 Review Webinar
IETF 93 Review Webinar
 
RIPE 70 Report Webinar
RIPE 70 Report WebinarRIPE 70 Report Webinar
RIPE 70 Report Webinar
 
DNSSEC best practices Webinar
DNSSEC best practices WebinarDNSSEC best practices Webinar
DNSSEC best practices Webinar
 
IETF 92 Webinar
IETF 92 WebinarIETF 92 Webinar
IETF 92 Webinar
 
The KNOT DNS Server
The KNOT DNS ServerThe KNOT DNS Server
The KNOT DNS Server
 
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
 
DNSSEC and DANE – E-Mail security reloaded
DNSSEC and DANE – E-Mail security reloadedDNSSEC and DANE – E-Mail security reloaded
DNSSEC and DANE – E-Mail security reloaded
 
IETF 90 Report – DNS, DHCP, IPv6 and DANE
IETF 90 Report – DNS, DHCP, IPv6 and DANEIETF 90 Report – DNS, DHCP, IPv6 and DANE
IETF 90 Report – DNS, DHCP, IPv6 and DANE
 
RIPE 68 Webinar
RIPE 68 WebinarRIPE 68 Webinar
RIPE 68 Webinar
 

Recently uploaded

Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 

Recently uploaded (20)

Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 

Namespaces for Local Networks

  • 1. Namespaces for Local Networks Name Resolution Webinar Trilogy Part 1
  • 2. A little change … HSTS forced for all 
 ".dev" top level domains
  • 3. … major problem (for some) Current Chrome Browser Future Chrome Browser
  • 4. What has happen? • Google changed the code of the next Chrome browser to enforce proper TLS- encryption on all ".dev" domains • The TLD ".dev" is owned by Google 4https://www.iana.org/domains/root/db/dev.html
  • 5. What is the problem? 5
  • 6. HSTS? • HSTS is short for "HTTP Strict Transport Security" • RFC 6797 
 https://tools.ietf.org/html/rfc6797 • HSTS declares that web-browser connections towards this domain always needs to be secured by TLS (HTTPS) 6
  • 7. HSTS? • HSTS is usually set in the website configuration and send via a HTTP header to the browser • The browser caches the value for "max-age" time 7 https://securityheaders.io/ HSTS Header
  • 8. Google, Chrome and "dev" • Google owns both the Chrome-Browser and the "dev" TLD • For Google it makes sense to ship the Chrome-Browser with preloaded HSTS for their own domains • besides "dev", this includes today the "foo" and "google" TLDs 8
  • 9. "dev" TLD is not the only problem • Administrators and Developers use domain names in their local networks that are not owned by them: • .corp • .lan • .company • .media • .webdev • .server • .infra • .box • … • All this names risk name collisions with new TLDs 9
  • 10. Choices for a local only namespace • Using a seemingly unused DNS TLD in a internal network is a bad idea • The name can become in use later and create name collisions • Choices for a local only namespace: • Subdomain of a delegated domain • A reserved Top-Level-Domain/Second-Level-Domain • Name-Resolution other than DNS (mDNS, LLMNR, PNRP …) 10
  • 11. Option: 
 Subdomain of a delegated domain
  • 12. Subdomain of a delegated domain • Using a sub-domain of a delegated (owned) domain in the Internet is the most safe solution • If it is delegated to you , you already own all subdomains and sub-subdomains of that name • The locally used name should not be reachable from the public Internet 12
  • 13. Subdomain of a delegated domain 13 Internet "." ".com" "example.com" DNS-Resolver Delegation Delegation Query Query Query "lan.example.com"
  • 14. Subdomain of a delegated domain 14 Internet "." ".com" "example.com" DNS-Resolver Delegation Delegation NXDOMAIN NXDOMAIN Query "lan.example.com"
  • 15. Subdomain of a delegated domain 15 Internal Network Internet "." ".com" "example.com" "lan.example.com" "hr.lan.example.com" DNS-Resolver hr.lan.example.com
  • 16. Subdomain of a delegated domain 16 Internal Network Internet "." ".com" "example.com" "lan.example.com" "hr.lan.example.com" DNS-Resolver Query Query
  • 18. Reserved Domain Names • In 1999, the IETF reserved a number of top level domain to not be used in the Internet • RFC 2606 "Reserved Top Level DNS Names" 
 https://tools.ietf.org/html/rfc2606 • Updated in RFC 6761 "Special-Use Domain Names"
 https://tools.ietf.org/html/rfc6761 • ".test", ".invalid", ".example" and ".localhost" • For an internal development system, ".test" would be a good choice 18
  • 19. Reserved Domain Names 19 Internal Network Internet "." ".com" "example.com" "webdev.test" "beta.test" DNS-Resolver www1.webdev.test
  • 20. Reserved Domain Names 20 Internal Network Internet "." ".com" "example.com" DNS-Resolver Query Query "webdev.test" "beta.test"
  • 21. The "home.arpa." domain • The Domain "home.arpa." is used in the new Homenet Control Protocol (HNCP) • HNCP is a new IETF protocol to automatically configure home networks with multiple subnets (lan, wireless, guest- networks etc) • The domain "home.arpa." is only defined for local networks and will never be used in the Internet • Internet Draft "Special Use Domain 'home.arpa.'"
 https://tools.ietf.org/html/draft-ietf-homenet-dot 21
  • 22. Reserved Domain Names 22 Internal Network Internet "." ".com" "example.com" DNS-Resolver with 
 "home.arpa" local zone www-dev.home.arpa
  • 23. Reserved Domain Names 23 Internal Network Internet "." ".com" "example.com" Query 
 "www-dev.home.arpa." DNS-Resolver with 
 "home.arpa" local zone
  • 24. Reserved Domain Names 24 Internal Network Internet "." ".com" "example.com" DNS-Resolver with 
 "home.arpa" local zone Answer 
 "www-dev.home.arpa."
  • 25. More options • We will discuss solutions outside DNS in the upcoming two webinars • Link-Local-Multicast-Name-Resolution (LLMNR) for Windows and Linux • Peer-Name-Resolution-Protocol (PNRP) for Windows • Multicast DNS (mDNS) for macOS, iOS, Windows and Linux 25
  • 27. Unbound with local zone • Unbound is a fast and lean DNS resolver • Available for Unix, Linux, macOS and Windows
 Homepage: https://unbound.net • Unbound main purpose is to resolve names in the Internet for local clients • Unbound has limited authoritative functions (it can serve zone data) • This setup is recommended for smaller networks (less than 100 DNS clients) 27
  • 28. Unbound with local zone • Benefits of using Unbound for local zones: • Simple setup • Only one type of software needed • Fast response times 28
  • 29. Unbound with local zone • Downsides of using Unbound for local zones: • No DNSSEC security for the local zones (but DNSSEC validation for all DNSSEC secured Internet zones) • No automatic provisioning of multiple DNS resolver via zone-transfer 29
  • 30. Unbound with local zone 30 Internal Network Internet "." ".com" "example.com"DNS-Resolver with 
 "home.arpa" local zone www-dev.home.arpa
  • 31. Unbound with local zone 31 Internal Network Internet "." ".com" "example.com"DNS-Resolver with 
 "home.arpa" local zone Query 
 "www-dev.home.arpa."
  • 32. Unbound with local zone 32 Internal Network Internet "." ".com" "example.com"DNS-Resolver with 
 "home.arpa" local zone Answer 
 "www-dev.home.arpa."
  • 33. Unbound with local zone 33 Internal Network Internet "." ".com" "example.com"DNS-Resolver with 
 "home.arpa" local zone www.example.com
  • 34. Unbound with local zone 34 Internal Network Internet "." ".com" "example.com"DNS-Resolver with 
 "home.arpa" local zone Query 
 "www.example.com."
  • 35. Unbound with local zone 35 Internal Network Internet "." ".com" "example.com"DNS-Resolver with 
 "home.arpa" local zone Query 
 "www.example.com." Query 
 "www.example.com." Query 
 "www.example.com."
  • 36. Unbound with local zone 36 Internal Network Internet "." ".com" "example.com"DNS-Resolver with 
 "home.arpa" local zone Answer 
 "www.example.com." Answer 
 "www.example.com."
  • 37. Unbound local-zone example 37 # local-zone example for Unbound # Installation in Unbound configuration directory # for Debian e.g. into /etc/unbound/unbound.conf.d/ server: unblock-lan-zones: yes insecure-lan-zones: yes local-zone: "mynet.home.arpa." static # Zonen-Metadata local-data: "mynet.home.arpa. 3600 IN SOA resolver01.mynet.home.arpa. hostmaster 1 2h 15m 500h 1h" local-data: "mynet.home.arpa. 3600 IN NS resolver01.mynet.home.arpa." # IPv6-Addresses local-data: "resolver01.mynet.home.arpa. 3600 IN AAAA 2001:db8:10:dd::53" local-data: "www.mynet.home.arpa. 3600 IN AAAA 2001:db8:10:ff::80" local-data: "nas.mynet.home.arpa. 3600 IN AAAA 2001:db8:10:ff::222" local-data: "raspi.mynet.home.arpa. 3600 IN AAAA 2001:db8:10:ff::123" # IPv4-Addresses local-data: "resolver01.mynet.home.arpa. 3600 IN A 192.168.1.53" local-data: "www.mynet.home.arpa. 3600 IN A 192.168.1.80" local-data: "nas.mynet.home.arpa. 3600 IN A 192.168.1.222" local-data: "raspi.mynet.home.arpa. 3600 IN A 192.168.1.123"
  • 38. Local Zone with 
 BIND 9
  • 39. Local zone setup with BIND 9 • For larger networks, we recommend to host the local zones on authoritative DNS server separate from the resolvers • On the next slides we show an example design based on BIND 9, but the same design can be implemented with other DNS servers as well (Windows DNS, PowerDNS, Knot, NSD+Unbound etc) 39
  • 40. Local zone setup with BIND 9 • Benefits of a local authoritative DNS Server setup • Higher resiliency • Automatic load-balancing and failover between servers • DNSSEC signing and validation possible for the local zones • Zones are kept in sync with regular zone transfer • Better monitoring and logging possible 40
  • 41. Local authoritative DNS server 41 Internal Network Internet "." ".com" "example.com" DNS-Authoritative Server with 
 "home.arpa" zone Datacenter2 Datacenter1
  • 42. Local authoritative DNS server 42 Internal Network Internet "." ".com" "example.com" DNS-Resolver with 
 "home.arpa" stub-zone Datacenter2 Datacenter1
  • 43. Local authoritative DNS server 43 Internal Network Internet "." ".com" "example.com" Datacenter2 Datacenter1 www.example.com
  • 44. Local authoritative DNS server 44 Internal Network Internet "." ".com" "example.com" Datacenter2 Datacenter1 Query 
 "www.example.com."
  • 45. Local authoritative DNS server 45 Internal Network Internet "." ".com" "example.com" Datacenter2 Datacenter1 Query 
 "www.example.com." Query 
 "www.example.com." Query 
 "www.example.com." Query 
 "www.example.com."
  • 46. Local authoritative DNS server 46 Internal Network Internet "." ".com" "example.com" Datacenter2 Datacenter1 Answer 
 "www.example.com." Answer
 "www.example.com"
  • 47. Local authoritative DNS server 47 Internal Network Internet "." ".com" "example.com" Datacenter2 Datacenter1 www-dev.home.arpa
  • 48. Local authoritative DNS server 48 Internal Network Internet "." ".com" "example.com" Datacenter2 Datacenter1 Query 
 "www-dev.home.arpa." Query 
 "www-dev.home.arpa."
  • 49. Local authoritative DNS server 49 Internal Network Internet "." ".com" "example.com" Datacenter2 Datacenter1 Answer 
 "www-dev.home.arpa." Answer
 "www-dev.home.arpa"
  • 50. BIND 9 configuration on the authoritative server 50 options { recursion no; directory "/var/named"; }; zone "home.arpa." { type master; file "home.arpa"; inline-signing yes; auto-dnssec maintain; };
  • 51. BIND 9 master zone on the authoritative server 51 $TTL 3600 ; Zonen-Metadata mynet.home.arpa. SOA resolver01.mynet.home.arpa. hostmaster 1 2h 15m 500h 1h mynet.home.arpa. NS resolver01.mynet.home.arpa. ; IPv6-Addresses resolver01.mynet.home.arpa. AAAA 2001:db8:10:dd::53 www.mynet.home.arpa. AAAA 2001:db8:10:ff::80 nas.mynet.home.arpa. AAAA 2001:db8:10:ff::222 raspi.mynet.home.arpa. AAAA 2001:db8:10:ff::123 ; IPv4-Addresses resolver01.mynet.home.arpa. A 192.168.1.53 www.mynet.home.arpa. A 192.168.1.80 nas.mynet.home.arpa. A 192.168.1.222 raspi.mynet.home.arpa. A 192.168.1.123
  • 52. BIND 9 configuration on the resolver server 52 options { allow-recursion { clients; }; directory "/var/named"; }; managed-keys {
 "home.arpa." initial-key 257 3 8 "AwEAAagA…"; }; zone "home.arpa." { type stub; file "home.arpa"; masters { 192.0.2.153; 192.0.2.253; }; };
  • 53. Next
  • 54. Men & Mice Training • DNS & DANE Training, 3 days
 19.03 - 21.03.18
 Linuxhotel Essen, Germany 54 http://linuxhotel.de/
  • 55. Next Webinar • Name Resolution Webinar Trilogy Part 2 – Local Name Resolution in Windows Networks • Tuesday, 7th of November, 2017 • Microsoft operating systems have a long history of local name resolution solutions, from NetBIOS over WINS to the LLMNR and PNRP protocols today. • In this webinar, due to take place on 7th November, 2017, we will take a look at PNRP and LLMNR in Windows 10 and Windows Server 2016 and how these protocols can be used to have server-less name resolution without a centralized DNS infrastructure. We also look deeper into the interoperability of these new protocols with older Windows versions, such as Windows 7 or Windows 8. • Join us for a 45 minutes webinar with a Q&A session at the end, on Tuesday, November 7th, 2017 at 4:00 PM CET/ 3:00 PM GMT/ 10:00 AM EDT / 7:00 AM PDT. 55
  • 56. Next Webinar • Name Resolution Webinar Trilogy Part 3 – Local Name Resolution in Linux, FreeBSD and macOS/iOS • Wednesday, 29th of November, 2017 • Multicast DNS (mDNS) was pioneered in Apple’s MacOS X system, and is now available on all systems from Cupertino. • The focus of this webinar will be to take a deeper look into this local name- resolution system and the implementations for other Unix systems like Linux and FreeBSD. Linux’s new über-Daemon “systemd” supports both mDNS and the Windows LLMNR (Link-Local-Multicast-Name-Resolution). We will also show how well a Systemd-Linux behaves in heterogenous networks running both Windows and macOS. • Join us for a 45 minutes webinar with a Q&A session at the end, on Wednesday, November 29th, 2017 at 4:00 PM CET/ 3:00 PM GMT/ 10:00 AM EDT / 7:00 AM PDT. 56
  • 57. Fini - Q & A