DNS, DNSSEC, DANE, DPRIVE IETF 94 Hackathon Results! DNS Team - - PowerPoint PPT Presentation

dns dnssec dane dprive
SMART_READER_LITE
LIVE PREVIEW

DNS, DNSSEC, DANE, DPRIVE IETF 94 Hackathon Results! DNS Team - - PowerPoint PPT Presentation

Dec 06, 2023 524 likes •756 views

DNS, DNSSEC, DANE, DPRIVE IETF 94 Hackathon Results! DNS Team Hackathon Projects DNS Privacy topics getdnsapi extension (call debugging) implemented with changes so user learns transport/privacy results edns0-client-subnet privacy

slide-1
SLIDE 1

DNS, DNSSEC, DANE, DPRIVE

IETF 94 Hackathon Results!

slide-2
SLIDE 2

DNS Team Hackathon Projects

  • DNS Privacy topics

– getdnsapi extension (call debugging) implemented with changes so user learns transport/privacy results – edns0-client-subnet privacy electjon – edns0-padding optjon (implementatjon under way) – Check TLS at Recursive - node.js applicatjon

  • DNSSEC topics

– DNSSEC roadblock avoidance – proposed new extension for getdnsapi – CDS/CDNSKEY - …

slide-3
SLIDE 3

DNS Team Hackathon Projects

  • DANE-related

– Sketch for OPENPGPKEY RRs in an ietg.org zone for IETF’s role-based email addresses – Allison Mankin and Tomofumi Okubo

  • Other

– getdns built for OpenBSD – Melinda Shore – getdns brew formula updated – Matu Miller – getdns PHP bindings updated to new release features – Scotu Hollenbeck – Miscellaneous engagements with other tables

slide-4
SLIDE 4

DNS Privacy

  • Every Internet fmow begins with queries to DNS
  • DNS queries are meta-data
  • Example of user exposing possible travel planning
  • Someone monitoring

A? AAAA? hotel.example.berlin A? AAAA? buytix.example.de

slide-5
SLIDE 5

DNS Privacy

DNS queries are meta-data

A? AAAA? hotel.example.berlin A? AAAA? buytix.example.de

slide-6
SLIDE 6

Client Privacy from drafu-ietg-dnsop-client- subnet-04 - Daniel Kahn Gillmor (DKG)

slide-7
SLIDE 7

Client sends value of 0 to opt out

slide-8
SLIDE 8

John/Sara Dickinson - Transport and Privacy Results from getdns

slide-9
SLIDE 9

Gowri Visweswaran/Sara Dickinson – getdns node.js Tool to Check TLS at Recursive

slide-10
SLIDE 10

(drafu-ietg-dprive-dns-over-tls)

slide-11
SLIDE 11
slide-12
SLIDE 12
slide-13
SLIDE 13

Extra Motjvatjon for DNSSEC as well as DNS Privacy Work

slide-14
SLIDE 14

Willem Toorop/Benno Overeinder - DNSSEC Roadblock Avoidance

The recursive resolver needs to be DNSSEC-Aware There are many middle boxes and others that are not. drafu-ietg-dnsop-dnssec-roadblock-avoidance The recursive resolver needs to be DNSSEC-Aware There are many middle boxes and others that are not. drafu-ietg-dnsop-dnssec-roadblock-avoidance

slide-15
SLIDE 15
slide-16
SLIDE 16

Roadblock

slide-17
SLIDE 17

Roadblock Avoidance

Getdns release candidate containing this later this week!

slide-18
SLIDE 18

Shumon Huque and Jan Včelák - CDS Monitor

slide-19
SLIDE 19
slide-20
SLIDE 20
slide-21
SLIDE 21

Champions and More Champions

  • Dickinson, Sara
  • Kahn Gillmor, Daniel
  • Mankin, Allison
  • Shore, Melinda
  • Toorop, Willem
  • Wicinski, Tim
  • Včelák, Jan
  • Cathrow, Andy
  • Dickinson, John
  • Huque, Shumon
  • Miller, Matu
  • Tomofumi Okubo
  • Overeinder, Benno
  • Seltzer, Wendy
  • Visweswaran, Gowri