Google has changed Chrome's code to enforce HTTPS encryption on all ".dev" domains by default. This causes problems for developers who use ".dev" locally without HTTPS. Alternatives for local domain names include subdomains of owned domains, reserved domains like ".test", or protocols besides DNS like LLMNR and mDNS. Unbound and BIND can configure local zones to resolve names without internet access.
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOSMen and Mice
The focus of this webinar will be to take a deeper look into this local name-resolution system and the implementations for other Unix systems like Linux and FreeBSD. Linux’s new über-Daemon “systemd” supports both mDNS and the Windows LLMNR (Link-Local-Multicast-Name-Resolution). We will also show how well a Systemd-Linux behaves in heterogenous networks running both Windows and macOS.
This webinar is designed as an easy-to-follow tutorial on DNSSEC signing a zone for DNS admins. Our focus will be on DNSSEC zone signing automation with the Knot DNS Server and BIND 9.
Yeti-DNS is an international research project with the purpose of testing new technologies and procedures in running the Internet root zone. The project runs tests on DNSSEC key rollovers in the root, as well as experimenting with new ways to manage the DNSSEC keys (multiple zone signing keys).
An interview with Shane Kerr, a coordinator for the Yeti-DNS project, forms part of this webinar. The interview sheds light on the technical and political aspects of the project and introduces the latest results from experiments.
The webinar also includes a tutorial on how to use the Yeti-DNS root name servers to configure a BIND 9 DNS resolver in order to take part in the project.
DNS High-Availability Tools - Open-Source Load Balancing SolutionsMen and Mice
The DNS protocol has built-in high availability for authoritative DNS servers (this will be better explained in the webinar!), but client machines can see a degraded DNS service if a DNS resolver (caching DNS server) is failing.
In this webinar, we will look into how the DNS clients in popular operating systems (Windows, Linux, macOS/iOS) choose the DNS resolver among a list of available servers, and how a DNS resolver service can be made failure-tolerant with open-source solutions such as “dnsdist” from PowerDNS and “relayd” from OpenBSD.
The DNSSEC key signing key (or KSK) of the DNS root zone will be changed in the summer of 2017. During the time between July and October, all DNSSEC validating resolver need to get the new key material.
In this webinar we explain the KSK roll, how DNS resolver will load the new KSK with the RFC 5011 protocol and how a DNS administrator can verify that the new KSK is present in the resolvers configuration.
The CAA-Record for increased encryption securityMen and Mice
The CAA Record (Certification Authority Authorization) is used to signal which certification authority (CA) can issue an x509 certificate for a given domain. CAA creates a DNS mechanism that enables domain name owners to whitelist CAs that are allowed to issue certificates for their hostnames.
Starting from September 2017, certificate issuing CA must support the CAA record.
This explains the CAA record, how it works, how to enter CAA into a zone and how certification authorities are about to use the record.
Logging is important for troubleshooting a DNS service. Conveniently with BIND 9, almost all problems will show up somewhere in the log output, but only if the logging is enabled and configured correctly.
In this webinar, we’ll discuss the BIND 9 logging configuration and best practices in searching through large log-files to find the entries of interest. In addition, we’ll release log-management tools used by Men & Mice Services.
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOSMen and Mice
The focus of this webinar will be to take a deeper look into this local name-resolution system and the implementations for other Unix systems like Linux and FreeBSD. Linux’s new über-Daemon “systemd” supports both mDNS and the Windows LLMNR (Link-Local-Multicast-Name-Resolution). We will also show how well a Systemd-Linux behaves in heterogenous networks running both Windows and macOS.
This webinar is designed as an easy-to-follow tutorial on DNSSEC signing a zone for DNS admins. Our focus will be on DNSSEC zone signing automation with the Knot DNS Server and BIND 9.
Yeti-DNS is an international research project with the purpose of testing new technologies and procedures in running the Internet root zone. The project runs tests on DNSSEC key rollovers in the root, as well as experimenting with new ways to manage the DNSSEC keys (multiple zone signing keys).
An interview with Shane Kerr, a coordinator for the Yeti-DNS project, forms part of this webinar. The interview sheds light on the technical and political aspects of the project and introduces the latest results from experiments.
The webinar also includes a tutorial on how to use the Yeti-DNS root name servers to configure a BIND 9 DNS resolver in order to take part in the project.
DNS High-Availability Tools - Open-Source Load Balancing SolutionsMen and Mice
The DNS protocol has built-in high availability for authoritative DNS servers (this will be better explained in the webinar!), but client machines can see a degraded DNS service if a DNS resolver (caching DNS server) is failing.
In this webinar, we will look into how the DNS clients in popular operating systems (Windows, Linux, macOS/iOS) choose the DNS resolver among a list of available servers, and how a DNS resolver service can be made failure-tolerant with open-source solutions such as “dnsdist” from PowerDNS and “relayd” from OpenBSD.
The DNSSEC key signing key (or KSK) of the DNS root zone will be changed in the summer of 2017. During the time between July and October, all DNSSEC validating resolver need to get the new key material.
In this webinar we explain the KSK roll, how DNS resolver will load the new KSK with the RFC 5011 protocol and how a DNS administrator can verify that the new KSK is present in the resolvers configuration.
The CAA-Record for increased encryption securityMen and Mice
The CAA Record (Certification Authority Authorization) is used to signal which certification authority (CA) can issue an x509 certificate for a given domain. CAA creates a DNS mechanism that enables domain name owners to whitelist CAs that are allowed to issue certificates for their hostnames.
Starting from September 2017, certificate issuing CA must support the CAA record.
This explains the CAA record, how it works, how to enter CAA into a zone and how certification authorities are about to use the record.
Logging is important for troubleshooting a DNS service. Conveniently with BIND 9, almost all problems will show up somewhere in the log output, but only if the logging is enabled and configured correctly.
In this webinar, we’ll discuss the BIND 9 logging configuration and best practices in searching through large log-files to find the entries of interest. In addition, we’ll release log-management tools used by Men & Mice Services.
It goes without saying that DNS is only as secure as its servers. To ensure the successful and secure operation of a DNS server, secure configuration is paramount.
The new BIND 9 version 9.11 is a major version of the popular DNS server, released in August by ISC.
In this webinar Mr. Carsten Strotmann will demonstrate new features such as:
- Catalog Zones,
- dnssec-keymgr, new *rndc* functions
- CDS/CDNSKEY auto generation
- Negative Trust Anchor
- DNS cookies
-Refuse “any”
-and more.
A webinar that looks into the new features that the Windows Server 2016 will offer in the DNS, DHCP and IPv6 space.
Showcase of some of the new stuff using the latest tech preview and the aim is to give administrators a quick overview of the Windows Server 2016 and enough information to decide if early adoption is worthwhile.
How to send DNS over anything encryptedMen and Mice
Today, nearly all DNS queries are send unencrypted. This makes DNS vulnerable to eavesdropping by someone with access to the network. The DNS-Privacy group (DPRIVE) inside the Internet Engineering Task Force (IETF), as well as people outside the IETF, are working on new transport protocols to encrypt DNS traffic between DNS clients and resolver.
* DNS over TLS (RFC 7858)
* DNS over DTLS (RFC 8094)
* DNS over HTTP(S) (ID-draft)
* DNS over QUIC (ID-draft)
* DNS over DNSCrypt (outside IETF)
* DNS over TOR (outside IETF)
In this webinar, we will explain the protocols available or discussed inside and outside the IETF, and give some example configurations on how to use this new privacy protocols today.
Encrypted DNS - DNS over TLS / DNS over HTTPSAlex Mayrhofer
Encryption is coming to mainstream DNS. This briefing discusses the history, protocols and architecture of encrypted DNS, specifically DNS over TLS and DNS over HTTPS. It also describes the impact of DoT and DoH on various operational models.
This briefing was given during DNSheads Vienna #5 at the nic.at office in Vienna on Jan 30 2018.
Kea DHCP – the new open source DHCP server from ISCMen and Mice
This webinar will highlight the differences between the old ISC DHCP and new Kea DHCP (database support, dynamic reconfiguration, performance wins, scripting hooks) and will showcase the Men & Mice Suite as a graphical front-end to both ISC DHCP and Kea to ease the migration.
Keeping DNS server up-and-running with “runitMen and Mice
A traditional Unix/Linux init system like SystemV-Init or BSD rc does start a DNS server process on server boot, but it does not restart the service in case of an abnormal termination. Modern init replacements like systemd provide process supervision, but bring extra complexities and possible stability and security issues.
This webinar demonstrates an alternative, open source process supervision system called “runit”.
“runit” is lean and fast and sticks to the Unix tradition to do one thing, and do that right.
In this webinar you will learn how to manage DNS server processes such as BIND 9, Unbound and NSD from runit.
Install and Understand DNSSEC in Linux Server running BIND 9 with CHROOT JAIL system and Service.
By Utah Networxs
Follow - @fabioandpires
Follow - @utah_networxs
SMTP STS (Strict Transport Security) vs. SMTP with DANEMen and Mice
The Internet Public Key Infrastructure (PKIX) is broken, but several solutions exist to fix some of the issues around transport encryption with TLS and x509 certificates.
This webinar will take a deeper look at two solutions: RFC 7672 “SMTP with DANE” and draft-ietf-uta-mta-sts “SMTP MTA Strict Transport Security (MTA-STS)”. What problems are solved with these solutions? What is needed to implement MTA-STS and SMTP-DANE? Is one solution preferable over the other, or should you deploy both?
Healthcare Analytics Careers: New Roles for the Brave, New World of Value-bas...Health Catalyst
Job titles can be leading indicators of the direction an industry is moving and the same holds true for healthcare. The new healthcare economic model—from fee-for-service (FFS) to value-based—is driving a change in roles and responsibilities for professionals seeking healthcare analytics careers. Motivated by CMS and commercial payers, healthcare organizations are realizing the need to find and hire new types of healthcare professionals, a Chief Population Health Officer or Vice President of Clinical Informatics, who are focused on value. Senior leaders are seeking to build teams that have the ability to bring together analytics, best-practice clinical content, and process improvement to create long-term, sustainable change across their healthcare systems.
When Healthcare Data Analysts Fulfill the Data Detective RoleHealth Catalyst
There’s a new way to think about healthcare data analysts. Give them the responsibilities of a data detective. If ever there were a Sherlock Holmes of healthcare analytics, it’s the analyst who thinks like a detective. Part scientist, part bloodhound, part magician, the healthcare data detective thrives on discovery, extracting pearls of insight where others have previously returned emptyhanded. This valuable role comprises critical thinkers, story engineers, and sleuths who look at healthcare data in a different way. Three attributes define the data detective:
They are inquisitive and relentless with their questions.
They let the data inform.
They drive to the heart of what matters.
Innovative analytics leaders understand the importance of supporting the data analyst through the data detective career track, and the need to start developing this role right away in the pursuit of outcomes improvement in all healthcare domains.
It goes without saying that DNS is only as secure as its servers. To ensure the successful and secure operation of a DNS server, secure configuration is paramount.
The new BIND 9 version 9.11 is a major version of the popular DNS server, released in August by ISC.
In this webinar Mr. Carsten Strotmann will demonstrate new features such as:
- Catalog Zones,
- dnssec-keymgr, new *rndc* functions
- CDS/CDNSKEY auto generation
- Negative Trust Anchor
- DNS cookies
-Refuse “any”
-and more.
A webinar that looks into the new features that the Windows Server 2016 will offer in the DNS, DHCP and IPv6 space.
Showcase of some of the new stuff using the latest tech preview and the aim is to give administrators a quick overview of the Windows Server 2016 and enough information to decide if early adoption is worthwhile.
How to send DNS over anything encryptedMen and Mice
Today, nearly all DNS queries are send unencrypted. This makes DNS vulnerable to eavesdropping by someone with access to the network. The DNS-Privacy group (DPRIVE) inside the Internet Engineering Task Force (IETF), as well as people outside the IETF, are working on new transport protocols to encrypt DNS traffic between DNS clients and resolver.
* DNS over TLS (RFC 7858)
* DNS over DTLS (RFC 8094)
* DNS over HTTP(S) (ID-draft)
* DNS over QUIC (ID-draft)
* DNS over DNSCrypt (outside IETF)
* DNS over TOR (outside IETF)
In this webinar, we will explain the protocols available or discussed inside and outside the IETF, and give some example configurations on how to use this new privacy protocols today.
Encrypted DNS - DNS over TLS / DNS over HTTPSAlex Mayrhofer
Encryption is coming to mainstream DNS. This briefing discusses the history, protocols and architecture of encrypted DNS, specifically DNS over TLS and DNS over HTTPS. It also describes the impact of DoT and DoH on various operational models.
This briefing was given during DNSheads Vienna #5 at the nic.at office in Vienna on Jan 30 2018.
Kea DHCP – the new open source DHCP server from ISCMen and Mice
This webinar will highlight the differences between the old ISC DHCP and new Kea DHCP (database support, dynamic reconfiguration, performance wins, scripting hooks) and will showcase the Men & Mice Suite as a graphical front-end to both ISC DHCP and Kea to ease the migration.
Keeping DNS server up-and-running with “runitMen and Mice
A traditional Unix/Linux init system like SystemV-Init or BSD rc does start a DNS server process on server boot, but it does not restart the service in case of an abnormal termination. Modern init replacements like systemd provide process supervision, but bring extra complexities and possible stability and security issues.
This webinar demonstrates an alternative, open source process supervision system called “runit”.
“runit” is lean and fast and sticks to the Unix tradition to do one thing, and do that right.
In this webinar you will learn how to manage DNS server processes such as BIND 9, Unbound and NSD from runit.
Install and Understand DNSSEC in Linux Server running BIND 9 with CHROOT JAIL system and Service.
By Utah Networxs
Follow - @fabioandpires
Follow - @utah_networxs
SMTP STS (Strict Transport Security) vs. SMTP with DANEMen and Mice
The Internet Public Key Infrastructure (PKIX) is broken, but several solutions exist to fix some of the issues around transport encryption with TLS and x509 certificates.
This webinar will take a deeper look at two solutions: RFC 7672 “SMTP with DANE” and draft-ietf-uta-mta-sts “SMTP MTA Strict Transport Security (MTA-STS)”. What problems are solved with these solutions? What is needed to implement MTA-STS and SMTP-DANE? Is one solution preferable over the other, or should you deploy both?
Healthcare Analytics Careers: New Roles for the Brave, New World of Value-bas...Health Catalyst
Job titles can be leading indicators of the direction an industry is moving and the same holds true for healthcare. The new healthcare economic model—from fee-for-service (FFS) to value-based—is driving a change in roles and responsibilities for professionals seeking healthcare analytics careers. Motivated by CMS and commercial payers, healthcare organizations are realizing the need to find and hire new types of healthcare professionals, a Chief Population Health Officer or Vice President of Clinical Informatics, who are focused on value. Senior leaders are seeking to build teams that have the ability to bring together analytics, best-practice clinical content, and process improvement to create long-term, sustainable change across their healthcare systems.
When Healthcare Data Analysts Fulfill the Data Detective RoleHealth Catalyst
There’s a new way to think about healthcare data analysts. Give them the responsibilities of a data detective. If ever there were a Sherlock Holmes of healthcare analytics, it’s the analyst who thinks like a detective. Part scientist, part bloodhound, part magician, the healthcare data detective thrives on discovery, extracting pearls of insight where others have previously returned emptyhanded. This valuable role comprises critical thinkers, story engineers, and sleuths who look at healthcare data in a different way. Three attributes define the data detective:
They are inquisitive and relentless with their questions.
They let the data inform.
They drive to the heart of what matters.
Innovative analytics leaders understand the importance of supporting the data analyst through the data detective career track, and the need to start developing this role right away in the pursuit of outcomes improvement in all healthcare domains.
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurityCheapSSLsecurity
Learn what is Comodo Multi Domain SSL certificate, how it works, understand its key features along with the encryption process of protecting multiple domains under a single certificate.
(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...ThreatReel Podcast
Abstract:
What thoughts currently make tech defenders uneasy as they go to bed at night? Despite implementing and properly configuring the latest technological controls and security solutions into our environments, end users typically remain the most vulnerable point of entry into nearly any network. Unfortunately, only one misstep by a single user provides attackers with the foothold they need to begin compromising an entire enterprise network environment. The safety of our inboxes is a key initiative on the battlefront of protecting staff from the scourge of phishing and spear phishing attacks. We will perform a deep-dive look at the latest techniques used by criminals to bypass security products and traditional defense-in-depth strategies. We then focus heavily on conducting a digital forensic investigation on a sample phishing email message. Topics covered include technical analysis of message headers, message source code, message attachments, and malicious landing web pages even when a dedicated sandbox environment is unavailable.
Bio:
Matt Scheurer is a Systems Security Engineer working in the Financial Services industry. Matt holds a CompTIA Security+ Certification and possesses a number of Microsoft Certifications including: MCP, MCPS, MCTS, MCSA, and MCITP. Matt has presented on numerous Information Security topics as a featured speaker at a number of area Information Security meetup groups. Matt also had notable speaking engagements as a presenter at DerbyCon 5.0, DerbyCon 7.0, and the 10th Annual Northern Kentucky University Cyber Security Symposium. Matt maintains active memberships in a number of professional organizations including the Association for Computing Machinery (ACM), Cincinnati Networking Professionals Association (CiNPA), and Information Systems Security Association (ISSA). Matt is a regular attendee at monthly Information Security meetings for 2600, the CiNPA affiliated Security Special Interest Group (CiNPA Security SIG), Ohio Information Security Forum (OISF), and Cincinnati Security MBA (SMBA).
Symantec (ISTR) Internet Security Threat Report Volume 22CheapSSLsecurity
Symantec’s Internet Security Threat Report (ISTR) demonstrates how simple tactics and innovative cyber criminals led to unprecedented outcomes in global threat activity.
Das SlideDeck des Microsoft Cyber Security IT-Camps 2017/2018
Im Slidedeck werden Produkte wie Windows Defender AV, ATP und ApplicationGuard und ExploitGuard behandelt.
The Changing Role of Healthcare Data AnalystsHealth Catalyst
The healthcare industry is undergoing a sea change, and healthcare data analysts will play a central role in this transformation. This report explores how the evolution to value-based care is changing the role of healthcare data analysts, how data analysts’ skills can best be applied to achieve value-based objectives and, finally, how Health Catalyst’s most successful health system clients are making this cultural transformation happen in the real world.
Abstract:
Writing Regular Expressions (Regex) is a versatile skill set to have across the IT landscape. Regex has a number of information security related uses and applications. We are going to provide an overview and show examples of writing Regex for pattern matching and file content analysis using sample threat feed data in this presentation. Along with a healthy dose of motherly advice, we cover Regex syntax, character classes, capture groups, and sub-capture groups. Whether Regex is something completely new or worth brushing up on, this talk is geared toward you.
Bio:
Matt Scheurer is a Systems Security Engineer working in the Financial Services industry. Matt holds CompTIA Security+, MCP, MCPS, MCTS, MCSA, and MCITP certifications. He maintains active memberships in a number of professional organizations including the Association for Computing Machinery (ACM), Cincinnati Networking Professionals Association (CiNPA), and Information Systems Security Association (ISSA). Matt is a regular attendee at monthly Information Security meetings for 2600, the CiNPA affiliated Security Special Interest Group (CiNPA Security SIG), Ohio Information Security Forum (OISF), and Cincinnati SMBA.
Abstract:
Writing Regular Expressions (Regex) is a versatile skill set to have across the IT landscape. Regex has a number of information security related uses and applications. We are going to provide an overview and work through examples of writing Regex as a group for pattern matching and file content analysis using sample threat feed data in this presentation. Along with a healthy dose of motherly advice, we cover Regex syntax, character classes, capture groups, sub-capture groups, and quantifiers. Whether Regex is something completely new or worth brushing up on, this talk is geared toward you.
Bio:
Matt Scheurer is a Systems Security Engineer working in the Financial Services industry. Matt holds a CompTIA Security+ Certification and possesses a number of Microsoft Certifications including: MCP, MCPS, MCTS, MCSA, and MCITP. Matt has presented on numerous Information Security topics as a featured speaker at a number of area Information Security meetup groups. Matt also had notable speaking engagements as a presenter at DerbyCon 5.0, DerbyCon 7.0, and the 10th Annual Northern Kentucky University Cyber Security Symposium. Matt maintains active memberships in a number of professional organizations including the Association for Computing Machinery (ACM), Cincinnati Networking Professionals Association (CiNPA), and Information Systems Security Association (ISSA). Matt is a regular attendee at monthly Information Security meetings for 2600, the CiNPA affiliated Security Special Interest Group (CiNPA Security SIG), Ohio Information Security Forum (OISF), and Cincinnati Security MBA (SMBA).
Scripting and automation with the Men & Mice SuiteMen and Mice
The powerful SOAP interface & how and where scripts can be integrated
Beside the Men & Mice Management Console, the Web Interface and the command line interface (CLI) there are other ways to access the Men & Mice Suite.
bdNOG 7 - Re-engineering the DNS - one resolver at a timeAPNIC
APNIC Director General, Paul Wilson, talks about APNIC's support of updates to BIND to implement caching of NSEC responses to reduce root server query load.
DNS resolution is far from being resolved. The latest developments in standards bring not only significant security improvements but also additional configuration and management requirements.
This presentation is summing up the latest related challenges and introduce benefits that all network operators can get out of it with the focus on the DNSSEC challenges and benefits:
- Examples of incidents during DNSSEC introduction and the case study of country-wide DNSSEC introduction from .sk TLD.
- DNSSEC as a benefit for the network-manager - DNSSEC can be beneficial not only for the user. It can be a great benefit for the internet provider or network-manager due to the NSEC3 negative caching.
ION Islamabad, 25 January 2017
By Champika Wijayatunga, ICANN
DNSSEC helps prevent attackers from subverting and modifying DNS messages and sending users to wrong (and potentially malicious) sites. So what needs to be done for DNSSEC to be deployed on a large scale? We’ll discuss the business reasons for, and financial implications of, deploying DNSSEC, from staying ahead of the technological curve, to staying ahead of your competition, to keeping your customers satisfied and secure on the Internet. We’ll also examine some of the challenges operators have faced and the opportunities to address those challenges and move deployment forward.
Presentació a càrrec de de Gaël Hernández, gerent sènior de Packet Clearing House (PCH), duta a terme al CSUC prèviament a la celebració de reunió de la Comissió Tècnica del CATNIX el 23 de novembre de 2018.
APNIC Director General Paul Wilson discusses APNIC’s support of updates to BIND to implement caching of NSEC responses, to reduce root server query loads.
Advanced DNS/DHCP for Novell eDirectory EnvironmentsNovell
Don't be intimidated by DNS/DHCP. When properly implemented, these powerful tools can enhance your network's performance and stability. Attend this popular session where we'll demystify DNS/DHCP and share best practices for running eDirectory-enabled DNS in Novell Open Enterprise Server 2. You'll also learn how to how to register your own domain name without using an ISP, how to "ransom back" a domain name from a Web hosting provider and much more.
This is a presentation about DNS Cache Poisoning which was presented to the Grey H@t club at Georgia Tech. It covers the basics of DNS, how DNS is vulnerable, the effect of exploiting DNS, and the Kaminsky attack.
Die ultimative Anleitung für HCL Nomad Web Administratorenpanagenda
Webinar Recording: https://www.panagenda.com/webinars/die-ultimative-anleitung-fur-hcl-nomad-web-administratoren/
HCL Nomad Web ist DAS heiße Thema in der Notes-Welt. Immer mehr Unternehmen erwägen, ihre HCL Notes-Landschaft mit Nomad Web zu ergänzen oder sogar komplett zu ersetzen. Es ist verständlich, dass die Veränderungen und neuen Technologien überwältigend wirken können. Um dem entgegenzuwirken, erfahren Sie in diesem Webinar alles, was Sie über Nomad wissen müssen – angefangen von den ersten Schritten bis hin zum endgültigen Rollout bei den Anwendern. Alles praxisnah und leicht verständlich erklärt.
Verpassen Sie auf keinen Fall dieses aufschlussreiche Webinar mit dem renommierten HCL Ambassador Marc Thomas. Gewinnen Sie wertvolle Erkenntnisse, die Sie sofort in die Tat umsetzen können, denn alles, was Sie brauchen, ist in Ihrer HCL CCB-Lizenz bereits enthalten oder kostenlos erhältlich. Egal, ob Sie bereits in die Welt von HCL Nomad Web eingetaucht sind, den Einstieg planen oder einfach nur neugierig sind, ob die Lösung auch für Sie geeignet ist – wenn Sie nicht in der Vergangenheit stecken bleiben wollen, sollten Sie dieses Webinar nicht verpassen!
Was Sie lernen werden
- Anforderungen, Vorteile, und Beschränkungen von HCL Nomad Web
- Installation auf dem Server (mit und ohne HCL SafeLinx)
- Initiales Setup für Endbenutzer inkl. Übernahme des bestehenden Notes Client Arbeitsbereiches
- Umgang mit virtuellen Infrastrukturen wie Citrix, VMWare, TS und VDI
- Betrieb, Optimierung und Fehlerbehebung auf Server und Client
Running Neutron at Scale - Gal Sagie & Eran Gampel - OpenStack Day Israel 2016Cloud Native Day Tel Aviv
For the past 2 years we’ve been working on running OpenStack in ever growing scales. In Juno we started Dragonflow, a Neutron integrated distributed SDN project with an ambitious goal – scaling to 10,000 physical servers in a single zone. Although we’re not there yet, we’re definitely on the right track.
Dragonflow employs the following principles
• Pluggable NoSQL DB – to adapt for different size deployments and SLAs
• Distribution of Policies rather than flows – moving the “brain” to the edges
• Distributed architecture – enforcing network policies in the compute nodes
• Hybrid flow pipeline – Utilizing both proactive and reactive flows to easily allow built-in distributed smart apps (e.g. distributed DHCP)
The Domain Name System (DNS) is a critical part of Internet infrastructure and the largest distributed Internet directory service. DNS translates names to IP addresses, a required process for web navigation, email delivery, and other Internet functions. However, the DNS infrastructure is not secure enough unless the security mechanisms such as Transaction Signatures (TSIG) and DNS Security Extensions (DNSSEC) are implemented. To guarantee the availability and the secure Internet services, it is important for networking professionals to understand DNS concepts, DNS Security, configurations, and operations.
This course will discuss the concept of DNS Operations in detail, mechanisms to authenticate the communication between DNS Servers, mechanisms to establish authenticity, and integrity of DNS data and mechanisms to delegate trust to public keys of third parties. Participant will be involved in Lab exercises and do configurations based on number of scenarios.
Question 1 Refer to the graphic above to answer the following .docxIRESH3
Question 1
Refer to the graphic above to answer the following question.
You are the administrator of the westsim.private domain. The data for the westsim.private zone is stored in Active Directory. You have just opened a branch office in Phoenix. The branch office is connected to the main offices with a slow WAN link. The WAN link is unreliable and is sometimes down for 3 days at a time. You plan on replacing the connection in the future, but for now the link will have to be used.
You configure a secondary zone for westsim.private at the Phoenix location accepting the default configuration. The SOA record for the zone is shown in the graphic above. What change should you make to prevent name resolution problems at the Phoenix location?
Answer
Increase the Refresh interval to 3 days.
Decrease the Refresh interval value to 10 minutes.
Increase the Expires after value to 4 days.
Increase the Retry interval to 1 day.
1 points
Question 2
You are the network manager for the westsim.private domain. You are in the process of transitioning from IPv4 to IPv6 on your internal network.
You want to configure DNS to provide hostname-to-IPv6 address and IPv6 address-to-hostname resolution for a specific IPv6-only host. Which record types would you create? (Select two.)
Answer
SRV
AAAA
A
CNAME
NS
PTR
1 points
Question 3
You are the network administrator for your company's network. Your network consists of 8 Windows 2008 Server computers, 500 Windows XP Professional computers, and 5 UNIX servers. One of your Windows 2008 Server computers is your DNS server. The DNS zone is configured as an Active Directory-integrated zone. The DNS zone is also configured to allow dynamic updates. Users report that although they can access the Windows XP computers by host name, but they cannot access the UNIX servers by host name. What should you do?
Answer
Manually enter A (host) records for the UNIX servers in the zone database.
On the DNS server, manually create a HOSTS file that contains the records for the UNIX servers.
Configure a UNIX computer to be a DNS server in a secondary zone.
Manually add the UNIX servers to the Windows domain.
1 points
Question 4
You are configuring the network for a new company with two sites: the main office is in Denver, and a branch office is in Phoenix. The sites are connected by a WAN link. All servers, including domain controllers, will run Windows Server 2008. All servers will be members of an Active Directory domain. The main office uses the domain of corp.westsim.com. All domain members are currently located only in the Denver location. The branch office uses the domain of research.corp.westsim.com. All domain members are located only in the Phoenix location. The following servers are in each location (Location, Server, Role):
Denver, srv1.corp.westsim.com, Domain controller DNS server
Denver, srv2.corp.westsim.com, Domain controller DNS server
Denver, srv3.corp.westsim.com, Domain controller ...
Signing DNSSEC answers on the fly at the edge: challenges and solutionsAPNIC
Signing DNSSEC answers on the fly at the edge: challenges and solutions, by Jono Bergquist.
A presentation given at the APNIC 40 APOPS 2 session on Tue, 8 Sep 2015.
Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network StrategiesMen and Mice
Want to know what's bogging down your Hybrid and Multicloud strategies? Here we discuss some typical hurdles, shift in decision-making between DevOps and Network Managers and the importance of utilizing the service-native features available within the solutions that comprise your network, whether on-premise or cloud.
In this installment of the Men & Mice webinar series, Mr. Carsten Strotmann will talk about the role that DNS plays in fighting malware and spam.
The discussion will dig into DNS blacklists, domain reputation, Response Policy Zones and how the new TLDs have changed the game.
During the webinar, Mr. Carsten Strotmann from the Men & Mice Professional Services team will give an overview of the PowerDNS open source DNS server.
He will also give DNS operators information on how to:
- manage a DNS zone via SQL backend
- manage a DNS zone via BIND backend
- remote zone Backend
- DNSSEC signing with PowerDNS
- use the Men & Mice Suite controller for PowerDNS
Carsten Strotmann reports here on the new RFC standards published since the last IETF in March and about the ongoing discussions on new protocol developments in the areas of DNS, DNSSEC, DANE, DHCP and IPv6.
Topics covered in the webinar:
- IPv6 segment routing
- synchronizing DNS parent and child zones using the DNS protocol
- Status update on Knot-DNS 2.0 DNS Server and the Knot-DNS resolver
- DNSSEC look-aside validation (DLV) sunset
- network tuning for DNS zone transfers
- Use cases for IPv6 extension headers
- Zonemaster DNS and DNSSEC testing tool
- DNS based DDoS attacks
How to become DNSSEC-ure
DNSSEC (short for DNS Security Extensions) adds security to the Domain Name System.
The original design of the Domain Name System (DNS) did not include security; instead it was designed to be a scalable distributed system. The Domain Name System Security Extensions (DNSSEC) attempts to add security, while maintaining backwards compatibility.
IETF 90 Report – DNS, DHCP, IPv6 and DANEMen and Mice
At this webinar, Mr. Carsten Strotmann from the Men & Mice Services team gives an overview of interesting developments from the working groups inside the IETF, after attending online at the IETF 90 in Toronto.
Hear more on:
- DNS
- DNS-Privacy
- IPv6
- DANE
- DHCP(v6)
- and new RFCs that have been published since the last IETF in March 2014
In the webinar hear what was new on:
- Amplification DDoS Attacks – Defenses for Vulnerable Protocols
- news from DNS-OARC meeting (DNS measurements, open resolver stats)
-Strengthening the Internet Against Pervasive Monitoring
-What Went Wrong With IPv6?
-RIPE IPv6 Analyser
-IPv6 troubleshooting procedures for helpdesks
-Using DDoS to Trace the Source of a DDoS Attack
-Measuring DNSSEC from the End User Perspective
-Google DNS Hijacking in Turkey
-The Rise and Fall of BIND 10
-Knot DNS Update – DNSSEC and beyond
-Bundy-DNS – the new life of BIND 10
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
2. A little change …
HSTS forced for all
".dev" top level domains
3. … major problem (for some)
Current Chrome Browser Future Chrome Browser
4. What has happen?
• Google changed the code of
the next Chrome browser to
enforce proper TLS-
encryption on all ".dev"
domains
• The TLD ".dev" is owned by
Google
4https://www.iana.org/domains/root/db/dev.html
6. HSTS?
• HSTS is short for "HTTP Strict Transport Security"
• RFC 6797
https://tools.ietf.org/html/rfc6797
• HSTS declares that web-browser connections towards
this domain always needs to be secured by TLS (HTTPS)
6
7. HSTS?
• HSTS is usually set in the
website configuration and
send via a HTTP header to the
browser
• The browser caches the value
for "max-age" time
7
https://securityheaders.io/
HSTS Header
8. Google, Chrome and "dev"
• Google owns both the Chrome-Browser and the "dev" TLD
• For Google it makes sense to ship the Chrome-Browser
with preloaded HSTS for their own domains
• besides "dev", this includes today the "foo" and "google"
TLDs
8
9. "dev" TLD is not the only
problem
• Administrators and
Developers use domain
names in their local
networks that are not
owned by them:
• .corp
• .lan
• .company
• .media
• .webdev
• .server
• .infra
• .box
• …
• All this names risk name
collisions with new TLDs
9
10. Choices for a local only
namespace
• Using a seemingly unused DNS TLD in a internal network is a
bad idea
• The name can become in use later and create name
collisions
• Choices for a local only namespace:
• Subdomain of a delegated domain
• A reserved Top-Level-Domain/Second-Level-Domain
• Name-Resolution other than DNS (mDNS, LLMNR, PNRP …)
10
12. Subdomain of a delegated
domain
• Using a sub-domain of a delegated (owned) domain in the
Internet is the most safe solution
• If it is delegated to you , you already own all subdomains
and sub-subdomains of that name
• The locally used name should not be reachable from the
public Internet
12
13. Subdomain of a delegated
domain
13
Internet
"."
".com"
"example.com"
DNS-Resolver
Delegation
Delegation
Query
Query
Query "lan.example.com"
14. Subdomain of a delegated
domain
14
Internet
"."
".com"
"example.com"
DNS-Resolver
Delegation
Delegation
NXDOMAIN
NXDOMAIN
Query "lan.example.com"
15. Subdomain of a delegated
domain
15
Internal Network
Internet
"."
".com"
"example.com"
"lan.example.com"
"hr.lan.example.com"
DNS-Resolver
hr.lan.example.com
16. Subdomain of a delegated
domain
16
Internal Network
Internet
"."
".com"
"example.com"
"lan.example.com"
"hr.lan.example.com"
DNS-Resolver
Query
Query
18. Reserved Domain Names
• In 1999, the IETF reserved a number of top level domain to not be
used in the Internet
• RFC 2606 "Reserved Top Level DNS Names"
https://tools.ietf.org/html/rfc2606
• Updated in RFC 6761 "Special-Use Domain Names"
https://tools.ietf.org/html/rfc6761
• ".test", ".invalid", ".example" and ".localhost"
• For an internal development system, ".test" would be a good
choice
18
21. The "home.arpa." domain
• The Domain "home.arpa." is used in the new Homenet
Control Protocol (HNCP)
• HNCP is a new IETF protocol to automatically configure
home networks with multiple subnets (lan, wireless, guest-
networks etc)
• The domain "home.arpa." is only defined for local networks
and will never be used in the Internet
• Internet Draft "Special Use Domain 'home.arpa.'"
https://tools.ietf.org/html/draft-ietf-homenet-dot
21
22. Reserved Domain Names
22
Internal Network
Internet
"."
".com"
"example.com"
DNS-Resolver with
"home.arpa" local zone
www-dev.home.arpa
23. Reserved Domain Names
23
Internal Network
Internet
"."
".com"
"example.com"
Query
"www-dev.home.arpa."
DNS-Resolver with
"home.arpa" local zone
24. Reserved Domain Names
24
Internal Network
Internet
"."
".com"
"example.com"
DNS-Resolver with
"home.arpa" local zone
Answer
"www-dev.home.arpa."
25. More options
• We will discuss solutions outside DNS in the upcoming two
webinars
• Link-Local-Multicast-Name-Resolution (LLMNR) for
Windows and Linux
• Peer-Name-Resolution-Protocol (PNRP) for Windows
• Multicast DNS (mDNS) for macOS, iOS, Windows and
Linux
25
27. Unbound with local zone
• Unbound is a fast and lean DNS resolver
• Available for Unix, Linux, macOS and Windows
Homepage: https://unbound.net
• Unbound main purpose is to resolve names in the Internet for
local clients
• Unbound has limited authoritative functions (it can serve zone
data)
• This setup is recommended for smaller networks (less than 100
DNS clients)
27
28. Unbound with local zone
• Benefits of using Unbound for local zones:
• Simple setup
• Only one type of software needed
• Fast response times
28
29. Unbound with local zone
• Downsides of using Unbound for local zones:
• No DNSSEC security for the local zones (but DNSSEC
validation for all DNSSEC secured Internet zones)
• No automatic provisioning of multiple DNS resolver via
zone-transfer
29
30. Unbound with local zone
30
Internal Network
Internet
"."
".com"
"example.com"DNS-Resolver with
"home.arpa" local zone
www-dev.home.arpa
31. Unbound with local zone
31
Internal Network
Internet
"."
".com"
"example.com"DNS-Resolver with
"home.arpa" local zone
Query
"www-dev.home.arpa."
32. Unbound with local zone
32
Internal Network
Internet
"."
".com"
"example.com"DNS-Resolver with
"home.arpa" local zone
Answer
"www-dev.home.arpa."
33. Unbound with local zone
33
Internal Network
Internet
"."
".com"
"example.com"DNS-Resolver with
"home.arpa" local zone
www.example.com
34. Unbound with local zone
34
Internal Network
Internet
"."
".com"
"example.com"DNS-Resolver with
"home.arpa" local zone
Query
"www.example.com."
35. Unbound with local zone
35
Internal Network
Internet
"."
".com"
"example.com"DNS-Resolver with
"home.arpa" local zone
Query
"www.example.com."
Query
"www.example.com."
Query
"www.example.com."
36. Unbound with local zone
36
Internal Network
Internet
"."
".com"
"example.com"DNS-Resolver with
"home.arpa" local zone
Answer
"www.example.com."
Answer
"www.example.com."
37. Unbound local-zone example
37
# local-zone example for Unbound
# Installation in Unbound configuration directory
# for Debian e.g. into /etc/unbound/unbound.conf.d/
server:
unblock-lan-zones: yes
insecure-lan-zones: yes
local-zone: "mynet.home.arpa." static
# Zonen-Metadata
local-data: "mynet.home.arpa. 3600 IN SOA resolver01.mynet.home.arpa. hostmaster 1 2h 15m 500h 1h"
local-data: "mynet.home.arpa. 3600 IN NS resolver01.mynet.home.arpa."
# IPv6-Addresses
local-data: "resolver01.mynet.home.arpa. 3600 IN AAAA 2001:db8:10:dd::53"
local-data: "www.mynet.home.arpa. 3600 IN AAAA 2001:db8:10:ff::80"
local-data: "nas.mynet.home.arpa. 3600 IN AAAA 2001:db8:10:ff::222"
local-data: "raspi.mynet.home.arpa. 3600 IN AAAA 2001:db8:10:ff::123"
# IPv4-Addresses
local-data: "resolver01.mynet.home.arpa. 3600 IN A 192.168.1.53"
local-data: "www.mynet.home.arpa. 3600 IN A 192.168.1.80"
local-data: "nas.mynet.home.arpa. 3600 IN A 192.168.1.222"
local-data: "raspi.mynet.home.arpa. 3600 IN A 192.168.1.123"
39. Local zone setup with BIND 9
• For larger networks, we recommend to host the local
zones on authoritative DNS server separate from the
resolvers
• On the next slides we show an example design based on
BIND 9, but the same design can be implemented with
other DNS servers as well (Windows DNS, PowerDNS,
Knot, NSD+Unbound etc)
39
40. Local zone setup with BIND 9
• Benefits of a local authoritative DNS Server setup
• Higher resiliency
• Automatic load-balancing and failover between servers
• DNSSEC signing and validation possible for the local
zones
• Zones are kept in sync with regular zone transfer
• Better monitoring and logging possible
40
54. Men & Mice Training
• DNS & DANE Training, 3 days
19.03 - 21.03.18
Linuxhotel Essen, Germany
54
http://linuxhotel.de/
55. Next Webinar
• Name Resolution Webinar Trilogy Part 2 – Local Name Resolution in Windows
Networks
• Tuesday, 7th of November, 2017
• Microsoft operating systems have a long history of local name resolution
solutions, from NetBIOS over WINS to the LLMNR and PNRP protocols today.
• In this webinar, due to take place on 7th November, 2017, we will take a look at
PNRP and LLMNR in Windows 10 and Windows Server 2016 and how these
protocols can be used to have server-less name resolution without a
centralized DNS infrastructure. We also look deeper into the interoperability of
these new protocols with older Windows versions, such as Windows 7 or
Windows 8.
• Join us for a 45 minutes webinar with a Q&A session at the end, on Tuesday,
November 7th, 2017 at 4:00 PM CET/ 3:00 PM GMT/ 10:00 AM EDT / 7:00 AM PDT.
55
56. Next Webinar
• Name Resolution Webinar Trilogy Part 3 – Local Name Resolution in Linux, FreeBSD
and macOS/iOS
• Wednesday, 29th of November, 2017
• Multicast DNS (mDNS) was pioneered in Apple’s MacOS X system, and is now
available on all systems from Cupertino.
• The focus of this webinar will be to take a deeper look into this local name-
resolution system and the implementations for other Unix systems like Linux and
FreeBSD. Linux’s new über-Daemon “systemd” supports both mDNS and the
Windows LLMNR (Link-Local-Multicast-Name-Resolution). We will also show how
well a Systemd-Linux behaves in heterogenous networks running both Windows
and macOS.
• Join us for a 45 minutes webinar with a Q&A session at the end, on Wednesday,
November 29th, 2017 at 4:00 PM CET/ 3:00 PM GMT/ 10:00 AM EDT / 7:00 AM PDT.
56