dnssec in windows
play

DNSSEC in Windows DNS Server Kumar Ashutosh, Microsoft Windows DNS - PowerPoint PPT Presentation

Aug 13, 2022 •116 likes •266 views

DNSSEC in Windows DNS Server Kumar Ashutosh, Microsoft Windows DNS Server Widely deployed in enterprises Fair presence in the DNS resolver space Standards compliant and interoperable Secure and scalable DNSSEC in Windows DNS

  1. DNSSEC in Windows DNS Server Kumar Ashutosh, Microsoft

  2. Windows DNS Server ▪ Widely deployed in enterprises ▪ Fair presence in the DNS resolver space ▪ Standards compliant and interoperable ▪ Secure and scalable

  3. DNSSEC in Windows DNS Server ▪ Microsoft introduced support for DNSSEC in Windows 2008 R2… ▪ Ability to sign zones offline and host signed zones ▪ Validation of signed responses ▪ Support for NSEC

  4. DNSSEC in Windows DNS Server ENABLING ENTERPRISE DNSSEC ROLLOUT  Latest RFCs  NSEC3 Support  RSA/SHA-2, ECDSA Signing  Automated Trust Anchor rollover  Support for 3 rd Party Key Management

  5. DNSSEC in Windows DNS Server ENABLING ENTERPRISE DNSSEC ROLLOUT  Support for Online Zone Signing.  Sign/unsign/change DNSSEC settings on a live zone  Add/remove records dynamically on a signed zone  Improved DNS/DNSSEC server performance  Trust Anchor Management  Root Trust Anchor Management  Managing Zone specific Trust Anchors  Signed Delegations  RFC 5011 for Automated, authenticated and authorized update of Trust Anchors

  6. DNSSEC in Windows DNS Server ENABLING ENTERPRISE DNSSEC ROLLOUT

  7. DNSSEC in Windows Server ENABLING ENTERPRISE DNSSEC ROLLOUT  Automated re-signing on static and dynamic updates  Automated key rollovers  Automated signature refresh  Automated updating of secure delegations  Automated distribution and updating of Trust Anchors - RFC 5011

  8. Signing a zone Overview DNSSEC More… Performance ▪ DNS Manager wizard walks admin through signing process ▪ Generates Keys for signing zone on the first Server. ▪ Support for CNG compliant third party KSPs ▪ Signs it’s own copy of the zone

  9. Key Master Role Overview DNSSEC More… Performance ▪ Single location for all key generation and management ▪ Responsible for automated key rollover ▪ Administrator designates one server to be the key master ▪ First DNSSEC server becomes KM

  10. Signing entire zone Overview Deployment Operations New in DNS ▪ Private zone signing keys replicate automatically to all DCs hosting the zone through AD replication ▪ Each zone owner signs its own copy of the zone when it receives the key ▪ Only Server 2012+ DCs will sign their copy of the zone

  11. Updating zone data Overview DNSSEC More… Performance 1. Client sends dynamic update to any authoritative DNS server 2. That DNS server updates its own copy of the zone and generates signatures 3. The unsigned update is replicated to all other authoritative servers 4. Each DNS server adds the update to its copy of the zone and generates signatures 5. The DNSSEC settings of zone can also be updated

  12. Key Rollover Process Overview DNSSEC More… Performance Zone Signing Key Rollover: Uses Pre-Publish Mechanism Key Singing key Rollover : Uses Double Signature Mechanism Trust Anchor Management: RFC 5011 and Hold Down Time Key Retirals

  13. Key Management has low TCO Overview DNSSEC More… Performance ▪ Automated key rollovers ▪ Signatures stay up-to-date ▪ Key rollover frequency is configured per ▪ New records are signed zone automatically when zone data ▪ Key master automatically generates new changes keys ▪ Static and dynamic updates ▪ Secure delegations from the parent are also ▪ NSEC records are kept up to date automatically updated ▪ Manual Rollovers are also available

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

.SE-DNSSEC Commercial launch of .SE-DNSSEC Feb 16, 2007 Signing Soft launch of service the

.SE-DNSSEC Commercial launch of .SE-DNSSEC Feb 16, 2007 Signing Soft launch of service the

. SE-DNSSEC . SEs DNSSEC service Staffan.Hagnell@iis.se .SE-DNSSEC Commercial launch of .SE-DNSSEC Feb 16, 2007 Signing Soft launch of service the .SE zone Sep 2005 2006 Start of project 2001 .SEs challenge To make DNSSEC

584 views • 24 slides
DNSSEC in .at (and beyond) Panel discussion DNSSEC activities in Europe DNSSEC workshop

DNSSEC in .at (and beyond) Panel discussion DNSSEC activities in Europe DNSSEC workshop

ICANN 50 DNSSEC in .at (and beyond) Panel discussion DNSSEC activities in Europe DNSSEC workshop Jun 25 2014 Alexander Mayrhofer London, UK alexander.mayrhofer@nic.at ICANN 50 DNSSEC Services n ccTLD: .at l DNSSEC in production

109 views • 10 slides
DNSSEC activities @ nic.at Panel discussion DNSSEC activities in Europe DNSSEC workshop

DNSSEC activities @ nic.at Panel discussion DNSSEC activities in Europe DNSSEC workshop

ICANN44 DNSSEC activities @ nic.at Panel discussion DNSSEC activities in Europe DNSSEC workshop Jun 27 2012 Alexander Mayrhofer Prague, CZ alexander.mayrhofer@nic.at ICANN44 .at DNSSEC Timeline Testbed DS in root Feb 2011 Feb 09

404 views • 8 slides
Windows Not just for houses Windows 1-10 Windows Server Essentially a jacked up windows 8 box

Windows Not just for houses Windows 1-10 Windows Server Essentially a jacked up windows 8 box

Windows Not just for houses Windows 1-10 Windows Server Essentially a jacked up windows 8 box - Still GUI based - Still makes no sense - No start menu :( - (Install classic shell)... trust me... Windows Server What can it do? - Email

1.06k views • 37 slides
Deploying New DNSSEC Algorithms ICANN 53 DNSSEC Workshop June 24, 2015 Buenos Aires, Argentina

Deploying New DNSSEC Algorithms ICANN 53 DNSSEC Workshop June 24, 2015 Buenos Aires, Argentina

Deploying New DNSSEC Algorithms ICANN 53 DNSSEC Workshop June 24, 2015 Buenos Aires, Argentina Dan York, Internet Society www.internetsociety.org/deploy360 DNSSEC Algorithms Used to generate keys for signing DNSKEY Used in DNSSEC

490 views • 18 slides
DNSSEC CS 161: Computer Security Prof. David Wagner April 11, 2016 DNSSEC Last lecture, you

DNSSEC CS 161: Computer Security Prof. David Wagner April 11, 2016 DNSSEC Last lecture, you

DNSSEC CS 161: Computer Security Prof. David Wagner April 11, 2016 DNSSEC Last lecture, you invented DNSSEC. Well, the basic ideas, anyway: Sign all DNS records. Signatures let you verify answer to DNS query, without having to trust the

835 views • 49 slides
DNSSEC Trust Anchor Repositories (TAR) Update Russ Mundy Co-Chair DNSSEC Deployment Initiative

DNSSEC Trust Anchor Repositories (TAR) Update Russ Mundy Co-Chair DNSSEC Deployment Initiative

DNSSEC Trust Anchor Repositories (TAR) Update Russ Mundy Co-Chair DNSSEC Deployment Initiative Russ.Mundy@cobham.com / mundy@sparta.com www.dnssec-deployment.org DNSSEC Trust Anchors Starting point for DNSSEC validation Choice of

375 views • 16 slides
Challenges To Deploying New DNSSEC Algorithms ICANN 55 DNSSEC Workshop March 8, 2016 Marrakech,

Challenges To Deploying New DNSSEC Algorithms ICANN 55 DNSSEC Workshop March 8, 2016 Marrakech,

Challenges To Deploying New DNSSEC Algorithms ICANN 55 DNSSEC Workshop March 8, 2016 Marrakech, Morocco Dan York, Internet Society www.internetsociety.org/deploy360 DNSSEC Algorithms Used to generate keys for signing DNSKEY Used

417 views • 15 slides
An Overview of DNSSEC Cesar Diaz cesar@ lacnic.net 1 DNSSEC??? The DNS Security

An Overview of DNSSEC Cesar Diaz cesar@ lacnic.net 1 DNSSEC??? The DNS Security

An Overview of DNSSEC Cesar Diaz cesar@ lacnic.net 1 DNSSEC??? The DNS Security Extension (DNS SEC) attach special kind of information called criptographic signatures to the queries and response that let your computer false

609 views • 34 slides
Deployment of DNSSEC at .ee ICANN 49: DNSSEC Workshop Timo Vhmar | 26.03.2014 | Introduction

Deployment of DNSSEC at .ee ICANN 49: DNSSEC Workshop Timo Vhmar | 26.03.2014 | Introduction

Deployment of DNSSEC at .ee ICANN 49: DNSSEC Workshop Timo Vhmar | 26.03.2014 | Introduction About Estonian Internet Foundation DNSSEC what, why, when Techie stuff Actual work Current situation | 26.03.2014 | Estonian

240 views • 9 slides
.ke DNSSec Update Toilem Poriot Godwin .ke DNSsec update Update on what .ke registry

.ke DNSSec Update Toilem Poriot Godwin .ke DNSsec update Update on what .ke registry

.ke DNSSec Update Toilem Poriot Godwin .ke DNSsec update Update on what .ke registry experienced 30th April 2015-- Longest mornings I have ever had. Day started as usual but takes a turn at 9:30am Great day turns to a

449 views • 11 slides
Windows Not Just For Houses Everyone Uses Windows! Versions of Windows 10 There are multiple

Windows Not Just For Houses Everyone Uses Windows! Versions of Windows 10 There are multiple

Windows Not Just For Houses Everyone Uses Windows! Versions of Windows 10 There are multiple different versions of Windows 10 that support different features The version of Windows that we will be using is Enterprise edition This

973 views • 53 slides
DNSSEC Workshop @ ICANN Activities from the Region: - DNSSEC deployment in .pt 23 June 2010

DNSSEC Workshop @ ICANN Activities from the Region: - DNSSEC deployment in .pt 23 June 2010

DNSSEC Workshop @ ICANN Activities from the Region: - DNSSEC deployment in .pt 23 June 2010 Sara Monteiro Technical Infrastructure Service of DNS.PT Agenda ! About us ! Scope ! Goals ! Initiatives and Support ! Developments on .pt ! Next Steps

468 views • 11 slides
13 Things to Consider Before DNSSEC John Kristoff jtk@cymru.com FIRST 2010 John Kristoff

13 Things to Consider Before DNSSEC John Kristoff jtk@cymru.com FIRST 2010 John Kristoff

13 Things to Consider Before DNSSEC John Kristoff jtk@cymru.com FIRST 2010 John Kristoff Team Cymru 1 Where is the DNSSEC? We make no endorsement of DNSSEC here We offer no repudiation of DNSSEC here The considerations herein

543 views • 31 slides
DNS and DNSSEC Management and Monitoring Changes Required During A Transition To DNSSEC Wes

DNS and DNSSEC Management and Monitoring Changes Required During A Transition To DNSSEC Wes

DNS and DNSSEC Management and Monitoring Changes Required During A Transition To DNSSEC Wes Hardaker <wes.hardaker@parsons.com> Overview Business Model Changes Relationship Requirements Relationship with your DNS parent

407 views • 25 slides
DNSSEC security without maintenance ... with the right software and registry Petr paek

DNSSEC security without maintenance ... with the right software and registry Petr paek

DNSSEC security without maintenance ... with the right software and registry Petr paek petr.spacek@nic.cz 2019-02-03 1w Redraw max 1y 6m 3m 1m 5d 1h 1d 30 ~ 19 % DNSSEC? Who cares? DNSSEC Validation Capability Metrics

433 views • 25 slides
Windows Server 2003 Windows Server 2008 Windows Server 2012 Hardwar are Innovat ation ion

Windows Server 2003 Windows Server 2008 Windows Server 2012 Hardwar are Innovat ation ion

Windows Server 2003 Windows Server 2008 Windows Server 2012 Hardwar are Innovat ation ion Hardwar are Innovat ation ion X86 Symmetric X64 Servers Multi-Processor Multi-Core Servers (2- (SMP) Servers 4 cores per socket)

504 views • 34 slides
Tracing Cross Border Web Tracking Costas Iordanou Georgios Smaragdakis Ingmar Poese

Tracing Cross Border Web Tracking Costas Iordanou Georgios Smaragdakis Ingmar Poese

Tracing Cross Border Web Tracking Costas Iordanou Georgios Smaragdakis Ingmar Poese Nikolaos Laoutaris We Web adver)sing fuels the w fuels the web eb 1 The r Th e rise of e of t targeted ed a ads Why Targeted ads? How it

584 views • 42 slides
Effective Automated Windows Lab Deployment Fons Mijnen Vincent van Dongen February 6, 2017 Fons

Effective Automated Windows Lab Deployment Fons Mijnen Vincent van Dongen February 6, 2017 Fons

Effective Automated Windows Lab Deployment Fons Mijnen Vincent van Dongen February 6, 2017 Fons Mijnen, Vincent van Dongen Effective Automated Windows Lab Deployment February 6, 2017 1 / 33 Problem part 1 IT professionals, students, and

351 views • 34 slides
1 Agenda 1 2 3 4 2016 Half-year Group Business Outlook 2016 2016 highlights financials

1 Agenda 1 2 3 4 2016 Half-year Group Business Outlook 2016 2016 highlights financials

1 Agenda 1 2 3 4 2016 Half-year Group Business Outlook 2016 2016 highlights financials update 2 Highlights Record interim operating results +3.2 % 2,878 million 1.00 87 % Revenue Cash conversion rate Interim dividend 20.2

827 views • 24 slides
all at once with Azure Active Directory Etan Basseri Senior Program Manager Identity Engineering

all at once with Azure Active Directory Etan Basseri Senior Program Manager Identity Engineering

Identity, Security and Collaboration, all at once with Azure Active Directory Etan Basseri Senior Program Manager Identity Engineering Microsoft 365 Enterprise Office 365 Windows 10 Enterprise Mobility Enterprise Enterprise + Security

503 views • 7 slides
Ybrant Digital Limited Marketing Digital Media Worldwide About us 24 local offices 50

Ybrant Digital Limited Marketing Digital Media Worldwide About us 24 local offices 50

Ybrant Digital Limited Marketing Digital Media Worldwide About us 24 local offices 50 national markets GLOBAL 500+ agencies and brands Proprietary tools TECHNOLOGY Auto Optimization API and data integration Display

554 views • 19 slides
Evolving Ecosystems Moti Yung, Google Talk Agenda Part I: Crypto as part of general

Evolving Ecosystems Moti Yung, Google Talk Agenda Part I: Crypto as part of general

Actual Cryptography at the Age of Evolving Ecosystems Moti Yung, Google Talk Agenda Part I: Crypto as part of general engineering projects Part II: Adx Review Part III: Adx Crypto solutions Part IV: Conclusions From

861 views • 43 slides
All Media ADS About All Media ADS All Media ADS offers Internet advertising that provides

All Media ADS About All Media ADS All Media ADS offers Internet advertising that provides

All Media ADS About All Media ADS All Media ADS offers Internet advertising that provides innovative advertising and publishing solutions that speak directly to your customers. At All Media ADS , our team is committed to the progress of our

161 views • 13 slides

More recommend