dns related activities during ietf79
play

DNS Related Activities During IETF79 Johan Ihrn Autonomica - PowerPoint PPT Presentation

Nov 26, 2023 •389 likes •659 views

November 12, 2010 DNS Related Activities During IETF79 Johan Ihrn Autonomica November 12, 2010 DNS Activities During IETF79, Beijing johani@autonomica.se 1 / 22 November 12, 2010 DNS Related Activities During IETF79 DNSEXT The

  1. November 12, 2010 DNS Related Activities During IETF79 Johan Ihrén Autonomica November 12, 2010 DNS Activities During IETF79, Beijing johani@autonomica.se 1 / 22

  2. November 12, 2010 DNS Related Activities During IETF79 ◮ DNSEXT ◮ The usual mix of Hard Problems(tm) and Bad Ideas(tm) ;-) ◮ KIDNS: Cryptographic Keys In DNS ◮ We’ve talked about this for years, but now it is finally beginning to happen ◮ DNSOP ◮ Main issues were DNSSEC Key Timing, NSCP (i.e. nameserver control protocols) DNS Activities During IETF79, Beijing johani@autonomica.se 2 / 22

  3. November 12, 2010 DNSEXT DNS Activities During IETF79, Beijing johani@autonomica.se 3 / 22

  4. November 12, 2010 DNSEXT: draft-faltstrom-uri-06 ◮ URIs are a layer of indirection between domain names and point of service $ORIGIN example.com. _http._web IN URI 10 1 "http://www.example.com/" $ORIGIN example.net. _http._web IN URI 10 1 "http://www.example.com/" ◮ This proposal may be regarded as a superset of the functionality provided by SRV while “enhancing” the functionality of NAPTR (by allowing specification of what NAPTR records are of interest). ◮ A core issue is what to aim for with this proposal. For widest possible applicability it is needed to somehow support “unregistered services”. On the other hand, for tightest possible binding something stronger than the “_” convention may be needed. Is the aim for something that plays well with other proposals? DNS Activities During IETF79, Beijing johani@autonomica.se 4 / 22

  5. November 12, 2010 DNSEXT: draft-yao-dnsext-identical-resolution-02 ◮ Intended as “the problem statement” for the generic discussion of aliases and “variants” in DNS that has been going on for more than a year ◮ The real question with this draft is whether it is sufficiently close to “done” to actually close the “problem statement” phase. If not, this issue will be thrown over the wall with the hope that the IRTF picks it up ◮ Target for new revision in 4 weeks (early December). Hard Push for WG review of that version and WGLC in mid-January DNS Activities During IETF79, Beijing johani@autonomica.se 5 / 22

  6. November 12, 2010 DNSEXT: draft-kitamura-ipv6-simple-dns-query-00 ◮ Deals with the alternatives for issuing queries for A and AAAA respectively: in serial or in parallel. ◮ Percieved problems with issueing two queries: higher latency and twice the traffic. It may also cause difficult problems for “less clueful” end users ◮ The intent is to simplify this by sending just one query. Several alternatives are possible: A send both A and AAAA query in same packet B new combined type A+AAAA (a meta type) C query for AAAA, return IPv4 mapped address in the v4 case ◮ Problem statement seems to be unclear. Strong message about the need to start with identifying a problem and clarifying the need to solve it. DNS Activities During IETF79, Beijing johani@autonomica.se 6 / 22

  7. November 12, 2010 DNSEXT: draft-vixie-dnsext-resimprove-00 ◮ Main topics are ◮ Delegation Revalidation Upon NS RRSet Expiry ◮ Stopping Downward Cache Search on NXDOMAIN ◮ “if there is an NXDOMAIN cached for foo.bar.example. then don’t issue a query for baz.foo.bar.example. but instead just return the NXDOMAIN ” ◮ Upgrading NS RRset Credibility Upon Delegaton Events ◮ new semantics for issuing extra “validation” queries to the child nameservers when detecting a zone cut ◮ In general, “optimizations” like these are hardly justified just because “it seemed like a good idea at the time” ◮ No clear enthusiasm in WG DNS Activities During IETF79, Beijing johani@autonomica.se 7 / 22

  8. November 12, 2010 KIDNS DNS Activities During IETF79, Beijing johani@autonomica.se 8 / 22

  9. November 12, 2010 KIDNS BOF: Crypto Keys In DNS ◮ Put a key or a certificate into DNS ◮ Sign the zone, including the new data ◮ Applications will trust the data based on being able to validate the DNSSEC signatures ◮ Very similar to SSH+ SSHFP DNS Activities During IETF79, Beijing johani@autonomica.se 9 / 22

  10. November 12, 2010 KIDNS BOF: Crypto Keys In DNS ◮ Put a key or a certificate into DNS ◮ Sign the zone, including the new data ◮ Applications will trust the data based on being able to validate the DNSSEC signatures ◮ Very similar to SSH+ SSHFP ◮ This is an old idea that has been talked about for years ◮ RFC 4398 (CERT RR) ◮ draft-schlyter-pkix-dns (very old and expired, was “too early”) ◮ BOFs during IETF78 and IETF79, will become a WG before IETF80 next spring DNS Activities During IETF79, Beijing johani@autonomica.se 9 / 22

  11. November 12, 2010 KIDNS, cont’d ◮ DNSSEC is obviously needed for this to work out, however DNSSEC by itself is not really enough ◮ For this to be viable there’s a clear need for the client to know whether the answer was secured or not ◮ . . . as well as the need for a trusted channel to the trusted resolver ◮ Both of these are a bit problematic today DNS Activities During IETF79, Beijing johani@autonomica.se 10 / 22

  12. November 12, 2010 KIDNS, cont’d The primary issue with KIDNS is: ◮ There is a major difference between using DNS as transport for keys and certificates that are otherwise secured and authenicated (i.e. a la the CERT record) and using DNS/DNSSEC as the trust path for the keys and certificates. ◮ In the latter case documented process for verification of identity, etc, that a Certificate Authority does is replaced by processes managed by the chain of DNS/DNSSEC operators between the cert and the trust anchor that the validator chooses to use DNS Activities During IETF79, Beijing johani@autonomica.se 11 / 22

  13. November 12, 2010 KIDNS, cont’d ◮ But in spite of open issues with KIDNS it is clear that there is a lot of enthusiasm for the general concept and it seems likely that interesting things will happen in this area ◮ Mailing list: keyassure@ietf.org ◮ Proposed charter: http://trac.tools.ietf.org/area/sec/trac/wiki/Keyassure DNS Activities During IETF79, Beijing johani@autonomica.se 12 / 22

  14. November 12, 2010 DNSOP DNS Activities During IETF79, Beijing johani@autonomica.se 13 / 22

  15. November 12, 2010 DNSOP: draft-ietf-dnsop-dnssec-key-timing-02 ◮ This draft has been kicking around for more than two years, mainly due to the evolving nature of the subject matter ◮ The question was asked whether it would be best to publish now (with some known omissions) ◮ in the spirit of “timeliness” or to continue work ◮ in the spirit of “perfection” ◮ Consensus was for publication of current document with suitable caveats about open issues and also to initiate work on a -bis document to close the open issues ◮ The document is heading for Informational DNS Activities During IETF79, Beijing johani@autonomica.se 14 / 22

  16. November 12, 2010 DNSOP: draft-livingood-dns-whitelisting-implications ◮ The underlying idea with this proposal is that there is a certain fraction (larger than zero) of “customers” that will get in trouble if they receive a response to a AAAA query ◮ Perhaps they don’t have working v6 transport, but don’t know that, etc. See Lorenzo’s presentation earlier today ◮ . . . and if the customer is known, then it would be possible to define a policy of not giving out the AAAA response for customers that would be hurt by it ◮ There are issues with this. One is that this implies lying, potentially in an authoritative server (as opposed to the already widespread lying in recursive servers that exists). Another is that the lying will make it difficult to get this to work with DNSSEC DNS Activities During IETF79, Beijing johani@autonomica.se 15 / 22

  17. November 12, 2010 DNSOP: Nameserver Control Protocols ◮ This is a topic that has been kicked around for a number of years and to some the problem statement is “obvious” ◮ Read: anycast operators and other large-scale DNS operators ◮ But to others it is not at all “clear”. For example, there are suggestions that one intended use is to control the “zone statement” for “my zone” in the slave server under someone elses control DNS Activities During IETF79, Beijing johani@autonomica.se 16 / 22

  18. November 12, 2010 DNSOP: Nameserver Control Protocols #1: draft-kong-dns-conf-auto-sync-01.txt ◮ This proposal is based on the idea that nameserver configuration “stuff” can be encoded in DNS zone data and transferred to a remote nameserver via standard DNS protocol ◮ The DNS message format for “configuration zones” is interpreted in completely new ways. There is also a need in here for a new DNS opcode (similar to NOTIFY ) ◮ There are several examples of prior art to this, all, umm, kludges, as would be expected from this type of mix between “ control plane ” and “ data plane ” ◮ Question: doesn’t the needed violence suggest that this is not the solution that would emerge from a design from scratch? DNS Activities During IETF79, Beijing johani@autonomica.se 17 / 22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CAB INTERNATIONAL CAB INTERNATIONAL: Its Activities Related to Its Activities Related to

CAB INTERNATIONAL CAB INTERNATIONAL: Its Activities Related to Its Activities Related to

CAB INTERNATIONAL CAB INTERNATIONAL: Its Activities Related to Its Activities Related to Biodiversity and a Concept y p Proposal on Agrobiodiversity S. S. Sastroutomo, E.J. Asteraki and W.H. Loke CAB International , SE Asia Regional Centre

799 views • 31 slides
Content Overview of activities Activities related to SNEIPL Activities related to

Content Overview of activities Activities related to SNEIPL Activities related to

Advanced topics in SE in Novi Sad PhD students report Milo Savi Department of Mathematics and Informatics Faculty of Sciences University of Novi Sad Serbia Content Overview of activities Activities related to SNEIPL

386 views • 12 slides
ITU Mandate and Activities ITU Mandate and Activities Related to Cybersecurity Cybersecurity

ITU Mandate and Activities ITU Mandate and Activities Related to Cybersecurity Cybersecurity

ITU Mandate and Activities ITU Mandate and Activities Related to Cybersecurity Cybersecurity Related to Subregional Seminar on Cybersecurity for Information and Communication Networks 21 June 2005 Lima, Peru Christine Sund Christine Sund

921 views • 48 slides
Activities related to monolithic and vertically Activities related to monolithic and vertically

Activities related to monolithic and vertically Activities related to monolithic and vertically

Activities related to monolithic and vertically Activities related to monolithic and vertically integrated pixel detector at CERN Michael Campbell Michael Campbell PH-ESE CERN Outline Outline Low cost bump bonding CERN MPW service

349 views • 24 slides
Satellite Validation and Related Activities at the Satellite Validation and Related Activities at

Satellite Validation and Related Activities at the Satellite Validation and Related Activities at

Satellite Validation and Related Activities at the Satellite Validation and Related Activities at the Howard University Beltsville Campus Howard University Beltsville Campus D. N. Whiteman , M. Adam 2 , C. Barnet 13 , R. Delgado 3 , B. Demoz 1 ,

437 views • 18 slides
Special Reports conducts activities that are not "related activities" under reg.

Special Reports conducts activities that are not "related activities" under reg.

Special Reports conducts activities that are not "related activities" under reg. section 1.482-8(a)(3)(ii)(B) -e.g., back office activities -does not appear to alter its status as a participant.) A is a participant because it is a

445 views • 5 slides
to Greenhouse Gas Emissions (FNN) Main activities of FNN are related to: Procuring

to Greenhouse Gas Emissions (FNN) Main activities of FNN are related to: Procuring

Activities of The Network on Feed and Nutrition in Relation to Greenhouse Gas Emissions (FNN) Main activities of FNN are related to: Procuring funding: International projects: GN & CEDERS, Enteric Flagship & SEA FEED/METHANE

367 views • 9 slides
Through the Workers Eyes Developing Learning Activities with Work-Related Documents Workshop

Through the Workers Eyes Developing Learning Activities with Work-Related Documents Workshop

Through the Workers Eyes Developing Learning Activities with Work-Related Documents Workshop framework Whats the point? Review of Essential Skills Collecting work-related documents Developing worker-focused learning activities

889 views • 87 slides
SOI and Related Activities in AGH-UST and IFJ PAN (1) Sebastian Gb , M.I. Ahmed, Mateusz

SOI and Related Activities in AGH-UST and IFJ PAN (1) Sebastian Gb , M.I. Ahmed, Mateusz

SOI and Related Activities in AGH-UST and IFJ PAN (1) Sebastian Gb , M.I. Ahmed, Mateusz Baszczyk, Szymon Bugiel, Piotr Dorosz, Roma Dasgupta, Marek Idzik, Wojciech Kucewicz, Jakub Moro, Maria Sapor (2) Piotr Kapusta, Micha Turaa (1) AGH

852 views • 49 slides
Overview of -ray related activities Recent highlights and a glimpse into the future

Overview of -ray related activities Recent highlights and a glimpse into the future

Overview of -ray related activities Recent highlights and a glimpse into the future NASA/JPL-Caltech/ESA/CXC/STScI Stefan Ohm (DESY, Zeuthen) HAP workshop, Erlangen, 21/09/2016 Major instruments for the detection of rays (2011) Fermi

820 views • 19 slides
MORE TITLE TEXT . Pregnancy-Related Depression: Health Department Activities Pregnancy-Related

MORE TITLE TEXT . Pregnancy-Related Depression: Health Department Activities Pregnancy-Related

Title Text MORE TITLE TEXT . Pregnancy-Related Depression: Health Department Activities Pregnancy-Related Depression as a Priority Area Title Text MORE TITLE TEXT . 2016-2020 Statewide MCH Needs Assessment 2011-2015 Develop

318 views • 31 slides
ITB and its Activities in GPS, INSAR and Satellite Altimetry Related Researches SEAMERGES Kick

ITB and its Activities in GPS, INSAR and Satellite Altimetry Related Researches SEAMERGES Kick

ITB and its Activities in GPS, INSAR and Satellite Altimetry Related Researches SEAMERGES Kick Off Meeting, Bangkok, 3-5 March 2004 ITB (Institute of Technology Bandung) 1920 : TH Bandoeng 1950 : ITB Present : ITB BHMN Dept. of 1.

490 views • 26 slides
1 Noise related activities of State Health Office (LGA) Noise related activities of State Health

1 Noise related activities of State Health Office (LGA) Noise related activities of State Health

WG 42: NOISE Noise typology Environmental noise Environment and Health road, rail and air traffic industries, constriction and public work Aspects of Noise neighborhood ventilation systems, office machines, home appliances Leisure

568 views • 3 slides
Update on Perchlorate Related Activities Board of Directors Outline 1.

Update on Perchlorate Related Activities Board of Directors Outline 1.

March 5, 2019 Update on Perchlorate Related Activities Board of Directors Outline 1. Introduction/History/Background 2. SPTF 3. V-201 4. V-205 5. VOCs 6. Replacement Wells status Wells with Perchlorate Detected RVWTP Santa Clara River VWC Q2

735 views • 16 slides
Emission-related Activities at PITZ Proposals for the DFG-Networking "Hi 2 PE" Ye

Emission-related Activities at PITZ Proposals for the DFG-Networking "Hi 2 PE" Ye

Emission-related Activities at PITZ Proposals for the DFG-Networking "Hi 2 PE" Ye Chen for the PITZ team 22.09.2017, Helmholtz-Zentrum Berlin, Germany Contents Literature Photoemission (PE) [1] S. Schreiber, S. Lederer, FEL

505 views • 5 slides
Country and Regional Reports on GEOSS-related Activities Ms. Taniya Koswatta Coordinator, APN

Country and Regional Reports on GEOSS-related Activities Ms. Taniya Koswatta Coordinator, APN

Country and Regional Reports on GEOSS-related Activities Ms. Taniya Koswatta Coordinator, APN Secretariat What is APN An inter-governmental network of 22 countries in the Asia- Pacific to foster global change research in the region

229 views • 18 slides
Wireless Sensor Networks and Observation satellites . Raveneau 1 E. Chaput 1 R. Dhaou 1 A-L.

Wireless Sensor Networks and Observation satellites . Raveneau 1 E. Chaput 1 R. Dhaou 1 A-L.

Context Satellite Study WSN Study Conclusion Wireless Sensor Networks and Observation satellites . Raveneau 1 E. Chaput 1 R. Dhaou 1 A-L. Beylot 1 P 1 IRIT Universit de Toulouse Rescom 13 Mai 2014 Raveneau, Chaput, Dhaou, Beylot WSN and

144 views • 12 slides
IGRINS Spectral Library Korean IGRINS Legacy Project Sunkyung Park 1 , Jeong-Eun Lee 1

IGRINS Spectral Library Korean IGRINS Legacy Project Sunkyung Park 1 , Jeong-Eun Lee 1

IGRINS Spectral Library Korean IGRINS Legacy Project Sunkyung Park 1 , Jeong-Eun Lee 1 (PI),Wonseok Kang 2 , Sang- Gak Lee 2 , Moo-Young Chun 3 , Kang-Min Kim 3 , In-Soo Yuk 3 , Jae- Joon Lee 3 , Greg N. Mace 4 , Hwihyun Kim 3,4,5 , Kyle

226 views • 21 slides
Ionized Gas in the Inner 2 pc of the Milky Way Wesley Irons University of Texas Senior Advisor:

Ionized Gas in the Inner 2 pc of the Milky Way Wesley Irons University of Texas Senior Advisor:

Ionized Gas in the Inner 2 pc of the Milky Way Wesley Irons University of Texas Senior Advisor: John Lacy The Galactic Center Sgr A* (x) Circumnuclear Disk Mini-spiral Northern Arm (--) Western Arc (--) Eastern

530 views • 12 slides
Me Measu sured Approa oaches s to IP IPv6 Ad Addres ess An Anonym ymiz izatio ion an

Me Measu sured Approa oaches s to IP IPv6 Ad Addres ess An Anonym ymiz izatio ion an

Me Measu sured Approa oaches s to IP IPv6 Ad Addres ess An Anonym ymiz izatio ion an and Id Iden entit ity As y Associa ciatio ion CARIS2 Workshop Cambridge, MA, 1 Mar 2019 David Plonka

1.01k views • 60 slides
H Mcast: A High-Throughput Middleware for a Universal Future Internet Multicast Service

H Mcast: A High-Throughput Middleware for a Universal Future Internet Multicast Service

H Mcast: A High-Throughput Middleware for a Universal Future Internet Multicast Service Sebastian Meiling Dominik Charousset, Thomas C. Schmidt, Matthias Whlisch iNET RG, Department of Computer Science Hamburg University of Applied

358 views • 18 slides
EPL606 Topic 1 Introduction Part B - Design Considerations The majority of the slides in this

EPL606 Topic 1 Introduction Part B - Design Considerations The majority of the slides in this

EPL606 Topic 1 Introduction Part B - Design Considerations The majority of the slides in this course are adapted from the accompanying slides to the books by Larry 1 Peterson and Bruce Davie and by Jim Kurose and Keith Ross. Additional slides

274 views • 25 slides
GN3 view on multi-d domain services and its implications on NOC implications on NOC Cs Cs Ann

GN3 view on multi-d domain services and its implications on NOC implications on NOC Cs Cs Ann

GN3 view on multi-d domain services and its implications on NOC implications on NOC Cs Cs Ann Harding (SWITCH) TF-NOC preparation me eeting Copenhagen, Denmark, 3.5.2010 connect communicate collaborate Agenda Starting point for

355 views • 16 slides
WELCOME TO THE SPRING 2012 MAX ALL HANDS MEETING Mid-Atlantic Crossroads May 22 th , 2012

WELCOME TO THE SPRING 2012 MAX ALL HANDS MEETING Mid-Atlantic Crossroads May 22 th , 2012

WELCOME TO THE SPRING 2012 MAX ALL HANDS MEETING Mid-Atlantic Crossroads May 22 th , 2012 Agenda 8:15am 9:00am Breakfast 9:00am 9:15am Welcome 9:15am 10:00am MAX Updates (Administrative, Production, and Research)

702 views • 56 slides

More recommend