Upload File

ion mumbai - jitender kumar: dnssec

9
Jitender Kumar [email protected] DNSSEC ION Conference, Mumbai, October 2012

Upload: deploy360-programme-internet-society

Post on 15-May-2015

164 views

Category:

Documents


0 download

Report

Tags:

DESCRIPTION

Jitender Kumar's presentation from ION Mumbai on 11 October 2012

TRANSCRIPT

Page 1: ION Mumbai - Jitender Kumar: DNSSEC

Jitender Kumar [email protected]

DNSSEC

ION Conference, Mumbai, October 2012

Page 2: ION Mumbai - Jitender Kumar: DNSSEC

© Afilias Limited

•  About Afilias

•  DNSSEC

•  DNSSEC Signing

•  DNSSEC Validation

•  Afilias’s Role in DNSSEC Deployment

Agenda

ION Conference, Mumbai, October 2012

Page 3: ION Mumbai - Jitender Kumar: DNSSEC

© Afilias Limited

About Afilias

ICANN contracted gTLDs

Country Code TLDs

• Best known for domain name registry services

• Supporting 21M names across 16 TLDs

ION Conference, Mumbai, October 2012

Page 4: ION Mumbai - Jitender Kumar: DNSSEC

© Afilias Limited

•  A set of security extensions to the existing DNS protocol added by the Internet Engineering Task Force (IETF).

•  DNSSEC provides : –  Authentication of the source of the information in a DNS

response –  Integrity of the information in a DNS response –  Authenticated denial of existence

•  DNSSEC doesn’t provide : –  Confidentiality, access control lists, or other means of

differentiating between inquirers. –  Protection against Denial of Service (DoS) attacks

•  Two principle deployment dimensions for us to consider –  Signing; and –  Validating

What is DNSSEC ?

ION Conference, Mumbai, October 2012

Page 5: ION Mumbai - Jitender Kumar: DNSSEC

© Afilias Limited

•  Afilias has been signing TLDs since before the root zone was signed

•  We are responsible for the key material used for the signing process, including publication

•  .IN Registry has been one of the early adopter of DNSSEC, facilitated by Afilias as we are the registry services provider

•  NamesBeyond and Net4India, registrars who have deployed DNSSEC services

Signing

ION Conference, Mumbai, October 2012

Page 6: ION Mumbai - Jitender Kumar: DNSSEC

© Afilias Limited

•  Our DNS provides authoritative responses

when queried about a zone that we manage

•  Afilias provides the DS record that enables

validation of signed domains in TLDs we host

•  Registrars are responsible for ensuring the

registry has the public key information it

needs for the DS record

Validating

ION Conference, Mumbai, October 2012

Page 7: ION Mumbai - Jitender Kumar: DNSSEC

© Afilias Limited

•  The public key information needed for the DS record is managed by the DNS hosting provider

•  Everything works great as long as the registrar is the DNS hosting provider

•  When a third party DNS hosting provider is used there needs to be an interaction between the registrar and that provider

•  This is currently a manual copy-and-paste

Gap In The System

ION Conference, Mumbai, October 2012

Page 8: ION Mumbai - Jitender Kumar: DNSSEC

© Afilias Limited

•  http://www.internetsociety.org/what-we-do/technology-matters/dnssec

Reference

ION Conference, Mumbai, October 2012

Page 9: ION Mumbai - Jitender Kumar: DNSSEC

© Afilias Limited

THANK YOU

ION Conference, Mumbai, October 2012


DNSSEC Industry Survey Results - PCN, Inc.23.235.200.57/~pcninc5/wp-content/.../DNSSEC-Industry-Survey-Resu… · DNSSEC. DNS administrators can provide secure responses to DNSSEC-validating

DNSSEC Workshop - ICANN GNSO...4. DNSSEC Lessons Learned: Roland van Rijswijk, SURFnet 5. DNSSEC Tool Development: • Open Source Tools, Russ Mundy, Co‐Chair, DNSSEC Deployment

Introduction DNSSec

DNSSEC Deployment Guide - 123seminarsonly.com...For an overview of DNSSEC, see Introduction to DNSSEC. For a description of how DNSSEC works in Windows Server® 2008 R2 and Windows®

Dominic Stahl Infoblox DNSSEC Solution - DENIC eG: Wir ... · Infoblox DNSSEC Solution simple, secure and reliable Infoblox DNSSEC Solution ... Infoblox DNSSEC Offering:

OPPORTUNISTIC IPSEC USING DNSSEC - schd.wsschd.ws/hosted_files/icann58copenhagen2017/1c/Paul Wouters... · 5 Opportunistic IPsec using DNSSEC OPPORTUNISTIC IPSEC USING DNSSEC •

DNSSEC - uniba.sknew.dcs.fmph.uniba.sk/files/biti/l03-dnssec-2016.pdf · I DNSSEC Root Zone High Level Technical Architecture (Dra˝) I DNSSEC Practice Statement for the Root Zone

Measuring DNSSEC

Threats to DNS DNSSEC overview/history DNSSEC in … · Threats to DNS DNSSEC overview/history DNSSEC today ... signed.infoblox.com. 3600 IN RRSIG NS 5 3 3600 20080410205926 20080311205926

Deploying DNSSEC

Enterpreneurship & Small Business Management...Jitender

Sessão de Divulgação de DNSSEC - …...Portuguesa para a adopção de DNSSEC Objectivos •Promover a implementação de DNSSEC •Facilitar a adopção de DNSSEC •Fornecer documentação

DNSSEC in Practice: Using DNSSEC- Tools to Deploy DNSSEC · DNSSEC in Practice: Using DNSSEC-Tools to Deploy DNSSEC Wes Hardaker. Russ Mundy. Suresh Krishnaswamy {hardaker,mundy,suresh}@sparta.com

Pr. by jitender big flix

DNSSEC 101

Dnssec Tutorial

The Business Case for DNSSEC InterOp/ION Mumbai 2012 11 October 2012 [email protected]

Lamb dnssec

ION Mumbai - Richard Lamb: Why DNSSEC?

DNSSEC policy

DNS Security Extensions (DNSSEC) Ryan Dearing. Topics History What is DNS? DNS Stats Security DNSSEC DNSSEC Validation Deployment

DNSSEC:’’Where’We’Are’(and’how’ …...Resolver’only’caches’validated’records’ =? DNS Resolver with DNSSEC = 1.2.3.4 DNS Server with DNSSEC 1.2.3.4 Get page

DNSSEC FIRST

DNSSEC - Red Hat · DNSSEC . Topics DNSSEC theory in 7 screen shots DNSSEC software: validating, signing Converting applications to use DNSSEC Using DNSSEC for non-DNS purposes TLSA,

DNSSEC MANAGEMENT - efficientip.com · DNSSEC Principles An important point to underline is that DNSSEC (DNS Security Extensions) does not modify DNS protocol. DNSSEC is an extension

DNSSEC 101

DNSSEC Exposed - Deploying DNSSEC in Real Life Presentation

DNSSEC Deployment - Internet Society · DNSSEC evangelist of the day ¥NLnet Labs ÐNot for profit Open Source Software lab ¥Developed NSD ÐDNS and DNSSEC research ... DNSSEC deployment

Jitender Singh Assistant Director - · PDF fileJitender Singh Assistant Director Research ... Delhi Mumbai industrial corridor ... shortcoming in areas like infrastructure,

Tutorial Dnssec

DNSSEC MANAGEMENT - efficientip.com€¦ · DNSSEC Principles An important point to underline is that DNSSEC (DNS Security Extensions) does not modify DNS protocol. DNSSEC is an extension

ION Mumbai - Shailesh Gupta: Business Case for IPv6 and DNSSEC

DNSSEC - inst.eecs.berkeley.eduinst.eecs.berkeley.edu/~cs161/sp16/slides/4.11.DNSSEC.pdf · DNSSEC • Last lecture, you invented DNSSEC. Well, the basic ideas, anyway: – Sign all

DNSSEC Implementation Considerations and Risk Analysisdnssec-deployment.icann.org/training/AMM/amm-dnssec-design.pdf · DNSSEC Implementation Considerations and Risk Analysis TAGI

Deploying DNSSEC: From Content to End-customer InterOp Mumbai 2012 11 October 2012 [email protected]