real time updates to signed zones using dynamic update
play

Real-time updates to signed zones using dynamic update, OpenDNSSEC - PowerPoint PPT Presentation

Aug 18, 2023 •307 likes •505 views

Real-time updates to signed zones using dynamic update, OpenDNSSEC and BIND views Gavin Brown <gavin.brown@centralnic.com> ICANN 50 London PRIVATE & CONFIDENTIAL A Brief History of CentralNics DNS System 1994: Altos Series 1000

  1. Real-time updates to signed zones using 
 dynamic update, OpenDNSSEC and 
 BIND views Gavin Brown <gavin.brown@centralnic.com> ICANN 50 London PRIVATE & CONFIDENTIAL

  2. A Brief History of CentralNic’s DNS System 1994: Altos Series 1000 + Informix => UUCP => SunOS Kickin’ it old school! PRIVATE & CONFIDENTIAL 2

  3. A Brief History of CentralNic’s DNS System 2000: Slackware + BIND8 Praise “Bob” Later: BIND9, migration to CentOS, addition of NSD, Anycast PRIVATE & CONFIDENTIAL 3

  4. A Brief History of CentralNic’s DNS System 2007: Initial DNSSEC Deployment PRIVATE & CONFIDENTIAL 4

  5. A Brief History of CentralNic’s DNS System 2012: new deployment to support new gTLDs PRIVATE & CONFIDENTIAL 5

  6. Signer Configuration • Genzone writes zone files to disk • Tells ODS to sign • ODS tells BIND to reload • BIND sends NOTIFY to slave(s) PRIVATE & CONFIDENTIAL 6

  7. 2013: dynamic DNS update • Real-time update of zone data • Application code assembles update packet (RFC 2136) and sends to master server for unsigned zone • Updated zone data is then signed and distributed • Problem: unsigned zone data must now be exposed over port 53 so dynamic updates can be accepted PRIVATE & CONFIDENTIAL 7

  8. Dynamic Update: Requirements • No new infrastructure (physical or virtual) • Both unsigned and signed zones served over port 53 from the same system • Solution: BIND views PRIVATE & CONFIDENTIAL 8

  9. BIND Views • Essentially virtual DNS servers inside the same BIND process • Similar to HTTP virtual hosts • Routing determined by source or destination address of query packet • Views can contain the same zones but use di ff erent zone files PRIVATE & CONFIDENTIAL 9

  10. Implementation • Add additional IP addresses as alias on server’s network adapter • one extra for BIND • one for OpenDNSSEC • Configure ODS to listen on IP and accept NOTIFY packets/do XFRs • Configure BIND with two views based on destination address: • “unsigned”: • uses zone files produced by genzone • accepts dynamic updates from SRS • sends NOTIFY packets to ODS • “signed” • uses zone files produced by ODS • sends NOTIFY packets to slave(s) PRIVATE & CONFIDENTIAL 10

  11. Implementation PRIVATE & CONFIDENTIAL 11

  12. Configuration - BIND options { listen-on { 192.168.1.199; 192.168.1.219; }; notify explicit; # more goes here }; view "unsigned" { match-destinations { 192.168.1.199; }; notify-source 192.168.1.199; also-notify { 192.168.1.198; }; allow-update { key ”srs-update-key.tsig"; }; include “gtlds-unsigned.conf"; }; view "signed" { match-destinations { 192.168.1.219; }; notify-source 192.168.1.219; also-notify { 192.168.1.150; }; allow-update { none; }; include “gtlds-signed.conf"; }; PRIVATE & CONFIDENTIAL 12

  13. Configuration - OpenDNSSEC conf.xml: � <Configuration> <!-- more goes here --> <Signer> <Listener> <Interface> <Address>192.168.1.198</Address> <Port>53</Port> </Interface> </Listener> <NotifyCommand>/usr/sbin/rndc reload %zone in signed</NotifyCommand> </Signer> </Configuration> PRIVATE & CONFIDENTIAL 13

  14. Configuration - OpenDNSSEC addns.xml: � <?xml version="1.0" encoding="utf-8"?> <Adapter> <DNS> <Inbound> <RequestTransfer> <Remote> <Address>192.168.1.199</Address> </Remote> </RequestTransfer> <AllowNotify> <Peer> <Prefix>192.168.1.199</Prefix> </Peer> </AllowNotify> </Inbound> </DNS> </Adapter> PRIVATE & CONFIDENTIAL 14

  15. Configuration - OpenDNSSEC zonelist.xml: � <Zone name=”tld"> <Policy>default</Policy> <SignerConfiguration>/var/opendnssec/signconf/tld.xml</SignerConfiguration> <Adapters> <Input> <Adapter type="DNS">/etc/opendnssec/addns.xml</Adapter> </Input> <Output> <Adapter type="File">/var/opendnssec/signed/tld</Adapter> </Output> </Adapters> </Zone> PRIVATE & CONFIDENTIAL 15

  16. Comments • Use externally visible IPs to allow for debugging + monitoring � • Genzone still used to process updates for batch processes � • Genzone has to “freeze” and “thaw” the zone in the unsigned view before generating a new file � • i.e. rndc [free|thaw] $zone in unsigned � • OpenDNSSEC DNS adapter has some issues � • Getting great support from Sara and Matthijs! PRIVATE & CONFIDENTIAL 16

  17. Questions PRIVATE & CONFIDENTIAL 17

  18. 
 Contact Details: CentralNic Global Headquarters CentralNic Ltd. 35-39 Moorgate, London, EC2R 6AR, UK Tel: +44 (0)20 33 88 0600 Fax: +44 (0)20 33 88 0601 PRIVATE & CONFIDENTIAL PRIVATE & CONFIDENTIAL

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Aval. Starting Zones Real-Time / Bad Weather

Aval. Starting Zones Real-Time / Bad Weather

NIVEXC TM AN ELECTRONIC SNOW-POLE FOR REAL-TIME MONITORING AN ELECTRONIC SNOW-POLE FOR REAL-TIME MONITORING OF AVALANCHE STARTING ZONES Massimiliano Barbolini Flow-Ing s.r.l. - Italy NIVEXC TM IS DESIGNED, PATENTED AND MANUFACTURED BY: NIVEXC

514 views • 18 slides
Real- -Time Systems Time Systems Real Specification Dynamic scheduling Implementation --

Real- -Time Systems Time Systems Real Specification Dynamic scheduling Implementation --

EDA222/DIT160 Real-Time Systems, Chalmers/GU, 2008/2009 Lecture #14 Updated 2009-03-01 Real- -Time Systems Time Systems Real Specification Dynamic scheduling Implementation -- Earliest-deadline-first scheduling

427 views • 10 slides
Work Zone C Constr tructi tion &amp; &amp; M Maintenance N Needs Smart Work Zones

Work Zone C Constr tructi tion &amp; &amp; M Maintenance N Needs Smart Work Zones

Work Zone C Constr tructi tion &amp; &amp; M Maintenance N Needs Smart Work Zones Real-Time Traveler Information Queue Warning Dynamic Lane Merge Incident Management Variable Speed Limits Automated Enforcement

446 views • 8 slides
Work Zone C Constr tructi tion &amp; &amp; M Maintenance N Needs Smart Work Zones

Work Zone C Constr tructi tion &amp; &amp; M Maintenance N Needs Smart Work Zones

Work Zone C Constr tructi tion &amp; &amp; M Maintenance N Needs Smart Work Zones Real-Time Traveler Information Queue Warning Dynamic Lane Merge Incident Management Variable Speed Limits Automated Enforcement

828 views • 69 slides
Opportunity Zones Updates Unlocking Opportunity Zones for Equitable Outcomes Stephanie Gidigbi |

Opportunity Zones Updates Unlocking Opportunity Zones for Equitable Outcomes Stephanie Gidigbi |

Opportunity Zones Updates Unlocking Opportunity Zones for Equitable Outcomes Stephanie Gidigbi | Director of Policy &amp; Partnerships Healthy People Thriving Communities | NRDC June 4, 2019 SPARCC Investment without Displacement

564 views • 18 slides
TLSF: a New Dynamic Memory Allocator for Real-Time Systems M. Masmano, I. Ripoll, A. Crespo, and

TLSF: a New Dynamic Memory Allocator for Real-Time Systems M. Masmano, I. Ripoll, A. Crespo, and

Dynamic Storage Allocation TLSF Remarks / Open Questions TLSF: a New Dynamic Memory Allocator for Real-Time Systems M. Masmano, I. Ripoll, A. Crespo, and J. Real Universidad Politcnica de Valencia, Spain 2004 Dynamic Storage Allocation

862 views • 23 slides
Real DP Time - Really? Dan Endersby All Offshore Real DP Time Really? Daniel Endersby

Real DP Time - Really? Dan Endersby All Offshore Real DP Time Really? Daniel Endersby

DYNAMIC POSITIONING CONFERENCE OCTOBER 911, 2017 TRAINING/COMPETENCY Real DP Time - Really? Dan Endersby All Offshore Real DP Time Really? Daniel Endersby Marine Technology Society Conference 2017 About us Founded in 2014,

603 views • 24 slides
Dynamic Memory Management for Real-Time Multiprocessor System-on-a-Chip Mohamed A. Shalan

Dynamic Memory Management for Real-Time Multiprocessor System-on-a-Chip Mohamed A. Shalan

Dynamic Memory Management for Real-Time Multiprocessor System-on-a-Chip Mohamed A. Shalan Dissertation Advisor Vincent J. Mooney III School of Electrical and Computer Engineering Agenda Introduction &amp; Motivation Dynamic Memory

1.06k views • 71 slides
Immigration Update Gregory A. Wald Topics Updates and procedural changes California

Immigration Update Gregory A. Wald Topics Updates and procedural changes California

Immigration Update Gregory A. Wald Topics Updates and procedural changes California developments Compliance and enforcement updates E-Verify: Is it time? Updates and Review Chile added to VWP Israel E-2 Investor Visa

622 views • 30 slides
Immigration Update Brian E. Schield Topics Updates and procedural changes California

Immigration Update Brian E. Schield Topics Updates and procedural changes California

Immigration Update Brian E. Schield Topics Updates and procedural changes California developments Compliance and enforcement updates E-Verify: Is it time? Updates and Review Chile added to VWP Israel E-2 Investor Visa

714 views • 20 slides
Real- Real -Time Systems Time Systems Real- -Time Systems Time Systems Real

Real- Real -Time Systems Time Systems Real- -Time Systems Time Systems Real

EDA222/DIT160 Real-Time Systems, Chalmers/GU, 2008/2009 Lecture #15 Updated 2009-03-03 Dependable Distributed Dependable Distributed Real- Real -Time Systems Time Systems Real- -Time Systems Time Systems Real Aircraft/automotive

501 views • 9 slides
Telecommuting 11 5 time zones Telecommuting 11.5 time zones Tilottama Ghosh and Kimberly Baugh

Telecommuting 11 5 time zones Telecommuting 11.5 time zones Tilottama Ghosh and Kimberly Baugh

Telecommuting 11 5 time zones Telecommuting 11.5 time zones Tilottama Ghosh and Kimberly Baugh (CIRES, University of Colorado, Boulder, USA) ( , y , , ) Asia Pacific Advanced Network 32 nd Meeting 32 nd Meeting Asia Pacific Advanced

427 views • 29 slides
MCTS for MDPs 3/7/18 Real-Time Dynamic Programming Repeat while theres time remaining:

MCTS for MDPs 3/7/18 Real-Time Dynamic Programming Repeat while theres time remaining:

MCTS for MDPs 3/7/18 Real-Time Dynamic Programming Repeat while theres time remaining: state start state repeat until terminal (or depth bound): action optimal action in current state V(state) R(state) + discount *

458 views • 12 slides
CSE 573 Markov Decision Processes: Heuristic Search &amp; Real-Time Dynamic Programming Slides

CSE 573 Markov Decision Processes: Heuristic Search &amp; Real-Time Dynamic Programming Slides

CSE 573 Markov Decision Processes: Heuristic Search &amp; Real-Time Dynamic Programming Slides adapted from Andrey Kolobov and Mausam 1 Stochastic Shortest-Path MDPs: Motivation Assume the agent pays cost to achieve a goal Example

946 views • 66 slides
FRED: A Framework for Supporting Real-Time Applications on Dynamic Reconfigurable FPGAs Marco

FRED: A Framework for Supporting Real-Time Applications on Dynamic Reconfigurable FPGAs Marco

FRED: A Framework for Supporting Real-Time Applications on Dynamic Reconfigurable FPGAs Marco Pagani, Alessandro Biondi, Mauro Marinoni, and Giorgio Buttazzo ReTiS Lab, TeCIP Institute Scuola superiore SantAnna - Pisa Italian Workshop on

865 views • 34 slides
Dynamic Software Updates for C Applications Sebastian Hahn Friday 27 th June, 2014 Software

Dynamic Software Updates for C Applications Sebastian Hahn Friday 27 th June, 2014 Software

Dynamic Software Updates for C Applications Sebastian Hahn Friday 27 th June, 2014 Software Update There are two ways to write error-free programs; only the third one works. Alan Perlis sh DSU for C (AKSS SS 2014) Dynamic

507 views • 31 slides
Feasibility Study Results September 2019 Rachel Maxwell Stewardship Consultant Unitarian

Feasibility Study Results September 2019 Rachel Maxwell Stewardship Consultant Unitarian

Financial Feasibility Study Results September 2019 Rachel Maxwell Stewardship Consultant Unitarian Universalist for 25 years My Background Member of Edmonds UU Congregation in WA MBA, founder of community funding platform

364 views • 20 slides
ACEC DALLAS CHAPTER MEETING Mo Bur, P.E., District Engineer TxDOT Dallas District January 28,

ACEC DALLAS CHAPTER MEETING Mo Bur, P.E., District Engineer TxDOT Dallas District January 28,

ACEC DALLAS CHAPTER MEETING Mo Bur, P.E., District Engineer TxDOT Dallas District January 28, 2019 North Dallas Chamber January 28, 2019 Table of contents 1 Dallas District Overview 3-4 2 Organizational Structure + Changes 4-7 3 Major

403 views • 27 slides
Background Prices deregulated in south east Queensland from 1 July 2015 2015-16 notified

Background Prices deregulated in south east Queensland from 1 July 2015 2015-16 notified

Background Prices deregulated in south east Queensland from 1 July 2015 2015-16 notified prices only apply in regional Queensland Uniform tariff policy remains in place UTP subsidy in 2014 15 = $655 million 2 Issues

486 views • 12 slides
Ma March ch 16 16, 2015 2015 BOCES 2015-16 Proposed Code 2013-14 Actual 2014-15 Budget

Ma March ch 16 16, 2015 2015 BOCES 2015-16 Proposed Code 2013-14 Actual 2014-15 Budget

BOCES Districtwide Undistributed/Benefits/Debt Service Revenue/Tax Levy/Reserves Ma March ch 16 16, 2015 2015 BOCES 2015-16 Proposed Code 2013-14 Actual 2014-15 Budget Details Budget BOCES Cooperative Bidding Services, GASB 45, &amp;

402 views • 7 slides
Smart Vehicle in a Smart World: The Role of 5G V2X Jovan Zagajac, Connected Vehicle Technology

Smart Vehicle in a Smart World: The Role of 5G V2X Jovan Zagajac, Connected Vehicle Technology

Smart Vehicle in a Smart World: The Role of 5G V2X Jovan Zagajac, Connected Vehicle Technology General Manager, Ford Motor Company June 12, 2019 1 On Jan. 24, 1925, Henry Ford's original vision of providing affordable transportation to

1k views • 18 slides
Offloading Floating Car Data through V2V Communications Razvan Stanica (INSA Lyon), Marco Fiore

Offloading Floating Car Data through V2V Communications Razvan Stanica (INSA Lyon), Marco Fiore

Offloading Floating Car Data through V2V Communications Razvan Stanica (INSA Lyon), Marco Fiore (IEIIT - CNR), Francesco Malandrino (Politecnico di Torino) 3mes Journes Nationales des Communications dans les Transports (JNCT) Nevers - 30 May

848 views • 25 slides
Moving Together Towards a Mass DSRC Deployment Hongsheng Lu Toyota InfoTechnology Center, USA

Moving Together Towards a Mass DSRC Deployment Hongsheng Lu Toyota InfoTechnology Center, USA

Moving Together Towards a Mass DSRC Deployment Hongsheng Lu Toyota InfoTechnology Center, USA Mountain View, CA June 13, 2018 NACV 2018 Outline What is DSRC? What can it do? Deployment Status Challenges &amp; Opportunities

652 views • 21 slides
Experimenting with Flexible D2D Communications in Current and Future LTE networks: A D2D Radio

Experimenting with Flexible D2D Communications in Current and Future LTE networks: A D2D Radio

Experimenting with Flexible D2D Communications in Current and Future LTE networks: A D2D Radio Technology Primer &amp; Software Modem Implementation May, 18 th , 2017, Oulu-Finland Presented by: Dr. Antonis Gotsis, Feron Technologies P.C.

1.15k views • 25 slides

More recommend