the de dnssec testbed
play

The .de DNSSEC testbed - halftime, no break - Peter Koch - PowerPoint PPT Presentation

Jul 16, 2023 •22 likes •132 views

The .de DNSSEC testbed - halftime, no break - Peter Koch <koch@denic.de> Bruxelles, 23 Juin 2010 / Brussel, 23 Juni 2010 .de DNSSEC testbed: roadmap Stage 0 -- DNS 2009-12-01 Unsigned DE zone published on dedicated infrastructure

  1. The .de DNSSEC testbed - halftime, no break - Peter Koch <koch@denic.de> Bruxelles, 23 Juin 2010 / Brussel, 23 Juni 2010

  2. .de DNSSEC testbed: roadmap � Stage 0 -- DNS 2009-12-01 � Unsigned DE zone published on dedicated infrastructure � Stage 1 -- DNSSEC 2010-01-05 � Signed DE zone published on dedicated infrastructure � Stage 2 -- DNSSEC + DS / DNSKEY 2010-03-02 � Signed DE zone contains DS -RRs � DNSKEY is subject of registration � Testbed scheduled to last until 2010-12-31 2

  3. .de DNSSEC testbed: data points � Dedicated authoritative server clusters: AMS, FRA � Signed version of a live DE zone � NSEC3 + OptOut, RSA/SHA256 � Zone data changes (a.k.a. „updates“): twice per day 3

  4. Counting NSEC3/RRSIG RRs 4

  5. Getting DNSSEC key material into the testbed � … via registrars (as usual) � without further sign-up � Subject to some technical / protocol checks � Submission of DNSKEY -RRs into production registry database � RRI/MRIv2 (DENIC‘s flavour of a realtime provisioning protocol) � RRI web interface � Immediately visible through … � … the registry interfaces � where it may well be ignored � … information services ( whois , web whois) � … (not) the DNS: DS -RRs will only appear in the testbed! 5

  6. Prerequisites for DNSKEY registration � SEP recommended, not required � REVOKE -Bit must not be set � DNSKEY algorithms with IANA assigned code points (non-private) � Currently RSA, DSA; GOST may follow next � Other key parameters MUST obey specification � E.g., RSA modulus 512 - 4096 bit � DNSKEY RRSet validates against at least one submitted Trust Anchor � Purpose: proof of possession � SOA -RR validates against at least one submitted Trust Anchor � Purpose of „at least“: pre-registration of not-yet-visible TAs 6

  7. .de DNSSEC testbed observations: headlines More than 250,000 domains secured by DNSSEC! 7

  8. .de DNSSEC testbed observations: fineprint � approx. 300 zones signed and participating � approx. 100 queriers/day � some very active � 1st resolver/2nd resolver setups � avg 150 q/s � minor SW bugs/config issues in validators found � all reported back and solved 8

  9. DE-Zones with apex DNSKEY 9

  10. .de DNSSEC testbed: next steps � Increase change distribution frequency � Continuous signing in DB � More, but smaller increments � Publish test program � NSEC3 rollover � Operator change under DNSSEC � … � 4th public DNSSEC testbed meeting 2010-11-24 10

  11. ? Please participate! <http://www.denic.de/dnssec> 11

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

DNSSEC activities @ nic.at Panel discussion DNSSEC activities in Europe DNSSEC workshop

DNSSEC activities @ nic.at Panel discussion DNSSEC activities in Europe DNSSEC workshop

ICANN44 DNSSEC activities @ nic.at Panel discussion DNSSEC activities in Europe DNSSEC workshop Jun 27 2012 Alexander Mayrhofer Prague, CZ alexander.mayrhofer@nic.at ICANN44 .at DNSSEC Timeline Testbed DS in root Feb 2011 Feb 09

404 views • 8 slides
.SE-DNSSEC Commercial launch of .SE-DNSSEC Feb 16, 2007 Signing Soft launch of service the

.SE-DNSSEC Commercial launch of .SE-DNSSEC Feb 16, 2007 Signing Soft launch of service the

. SE-DNSSEC . SEs DNSSEC service Staffan.Hagnell@iis.se .SE-DNSSEC Commercial launch of .SE-DNSSEC Feb 16, 2007 Signing Soft launch of service the .SE zone Sep 2005 2006 Start of project 2001 .SEs challenge To make DNSSEC

584 views • 24 slides
DNSSEC in .at (and beyond) Panel discussion DNSSEC activities in Europe DNSSEC workshop

DNSSEC in .at (and beyond) Panel discussion DNSSEC activities in Europe DNSSEC workshop

ICANN 50 DNSSEC in .at (and beyond) Panel discussion DNSSEC activities in Europe DNSSEC workshop Jun 25 2014 Alexander Mayrhofer London, UK alexander.mayrhofer@nic.at ICANN 50 DNSSEC Services n ccTLD: .at l DNSSEC in production

109 views • 10 slides
TCIPG Testbed Overview David M. Nicol and Tim Yardley | 1 Testbed Overview Testbed equipment

TCIPG Testbed Overview David M. Nicol and Tim Yardley | 1 Testbed Overview Testbed equipment

TCIPG Testbed Overview David M. Nicol and Tim Yardley | 1 Testbed Overview Testbed equipment and simulators span the grid system Generation Power system modeling, RTDS Transmission &amp; Distribution Relays, Substation

309 views • 13 slides
Deploying New DNSSEC Algorithms ICANN 53 DNSSEC Workshop June 24, 2015 Buenos Aires, Argentina

Deploying New DNSSEC Algorithms ICANN 53 DNSSEC Workshop June 24, 2015 Buenos Aires, Argentina

Deploying New DNSSEC Algorithms ICANN 53 DNSSEC Workshop June 24, 2015 Buenos Aires, Argentina Dan York, Internet Society www.internetsociety.org/deploy360 DNSSEC Algorithms Used to generate keys for signing DNSKEY Used in DNSSEC

490 views • 18 slides
DNSSEC CS 161: Computer Security Prof. David Wagner April 11, 2016 DNSSEC Last lecture, you

DNSSEC CS 161: Computer Security Prof. David Wagner April 11, 2016 DNSSEC Last lecture, you

DNSSEC CS 161: Computer Security Prof. David Wagner April 11, 2016 DNSSEC Last lecture, you invented DNSSEC. Well, the basic ideas, anyway: Sign all DNS records. Signatures let you verify answer to DNS query, without having to trust the

835 views • 49 slides
DNSSEC Trust Anchor Repositories (TAR) Update Russ Mundy Co-Chair DNSSEC Deployment Initiative

DNSSEC Trust Anchor Repositories (TAR) Update Russ Mundy Co-Chair DNSSEC Deployment Initiative

DNSSEC Trust Anchor Repositories (TAR) Update Russ Mundy Co-Chair DNSSEC Deployment Initiative Russ.Mundy@cobham.com / mundy@sparta.com www.dnssec-deployment.org DNSSEC Trust Anchors Starting point for DNSSEC validation Choice of

375 views • 16 slides
Challenges To Deploying New DNSSEC Algorithms ICANN 55 DNSSEC Workshop March 8, 2016 Marrakech,

Challenges To Deploying New DNSSEC Algorithms ICANN 55 DNSSEC Workshop March 8, 2016 Marrakech,

Challenges To Deploying New DNSSEC Algorithms ICANN 55 DNSSEC Workshop March 8, 2016 Marrakech, Morocco Dan York, Internet Society www.internetsociety.org/deploy360 DNSSEC Algorithms Used to generate keys for signing DNSKEY Used

417 views • 15 slides
An Overview of DNSSEC Cesar Diaz cesar@ lacnic.net 1 DNSSEC??? The DNS Security

An Overview of DNSSEC Cesar Diaz cesar@ lacnic.net 1 DNSSEC??? The DNS Security

An Overview of DNSSEC Cesar Diaz cesar@ lacnic.net 1 DNSSEC??? The DNS Security Extension (DNS SEC) attach special kind of information called criptographic signatures to the queries and response that let your computer false

609 views • 34 slides
Deployment of DNSSEC at .ee ICANN 49: DNSSEC Workshop Timo Vhmar | 26.03.2014 | Introduction

Deployment of DNSSEC at .ee ICANN 49: DNSSEC Workshop Timo Vhmar | 26.03.2014 | Introduction

Deployment of DNSSEC at .ee ICANN 49: DNSSEC Workshop Timo Vhmar | 26.03.2014 | Introduction About Estonian Internet Foundation DNSSEC what, why, when Techie stuff Actual work Current situation | 26.03.2014 | Estonian

240 views • 9 slides
SPICE Testbed A DTN Testbed for Satellite and Space Communications Motivation A prototype

SPICE Testbed A DTN Testbed for Satellite and Space Communications Motivation A prototype

Ioannis Komnios, Ioannis Alexiadis, Nikolaos Bezirgiannidis, Sotiris Diamantopoulos, Sotirios-Angelos Lenas, Giorgos Papastergiou and Vassilis Tsaoussidis SPICE Testbed A DTN Testbed for Satellite and Space Communications Motivation A

339 views • 16 slides
.ke DNSSec Update Toilem Poriot Godwin .ke DNSsec update Update on what .ke registry

.ke DNSSec Update Toilem Poriot Godwin .ke DNSsec update Update on what .ke registry

.ke DNSSec Update Toilem Poriot Godwin .ke DNSsec update Update on what .ke registry experienced 30th April 2015-- Longest mornings I have ever had. Day started as usual but takes a turn at 9:30am Great day turns to a

449 views • 11 slides
DNSSEC Workshop @ ICANN Activities from the Region: - DNSSEC deployment in .pt 23 June 2010

DNSSEC Workshop @ ICANN Activities from the Region: - DNSSEC deployment in .pt 23 June 2010

DNSSEC Workshop @ ICANN Activities from the Region: - DNSSEC deployment in .pt 23 June 2010 Sara Monteiro Technical Infrastructure Service of DNS.PT Agenda ! About us ! Scope ! Goals ! Initiatives and Support ! Developments on .pt ! Next Steps

468 views • 11 slides
KTH LIVE-IN LAB Testbed for Sustainable Housing David Bohn Stoltz, davidhs@kth.se A Testbed for

KTH LIVE-IN LAB Testbed for Sustainable Housing David Bohn Stoltz, davidhs@kth.se A Testbed for

KTH LIVE-IN LAB Testbed for Sustainable Housing David Bohn Stoltz, davidhs@kth.se A Testbed for Sustainable Housing A testbed (also &quot;test bed&quot;) is a platform for conducting rigorous, transparent, and replicable testing of scientific

547 views • 28 slides
13 Things to Consider Before DNSSEC John Kristoff jtk@cymru.com FIRST 2010 John Kristoff

13 Things to Consider Before DNSSEC John Kristoff jtk@cymru.com FIRST 2010 John Kristoff

13 Things to Consider Before DNSSEC John Kristoff jtk@cymru.com FIRST 2010 John Kristoff Team Cymru 1 Where is the DNSSEC? We make no endorsement of DNSSEC here We offer no repudiation of DNSSEC here The considerations herein

543 views • 31 slides
DNS and DNSSEC Management and Monitoring Changes Required During A Transition To DNSSEC Wes

DNS and DNSSEC Management and Monitoring Changes Required During A Transition To DNSSEC Wes

DNS and DNSSEC Management and Monitoring Changes Required During A Transition To DNSSEC Wes Hardaker &lt;wes.hardaker@parsons.com&gt; Overview Business Model Changes Relationship Requirements Relationship with your DNS parent

407 views • 25 slides
Analysis &amp; Visualization of Frequency in Power Systems Jessica Wert Advisor: Dr. Hctor

Analysis &amp; Visualization of Frequency in Power Systems Jessica Wert Advisor: Dr. Hctor

Analysis &amp; Visualization of Frequency in Power Systems Jessica Wert Advisor: Dr. Hctor Pulgar-Painemal Mentor: Jonathan Devadason Final Presentation July 14, 2016 Knoxville, Tennessee Application Frequency stability Frequency

333 views • 14 slides
AEMT Scottish Meeting May 16 th 2018 Ross Barraclough; Regional Director (North) AEMT Scottish

AEMT Scottish Meeting May 16 th 2018 Ross Barraclough; Regional Director (North) AEMT Scottish

HV Test Bed Installation AEMT Scottish Meeting May 16 th 2018 Ross Barraclough; Regional Director (North) AEMT Scottish Meeting May 2018 Overview 40 Years Ago Pre-investment Setup Previous Layout Proposed Layout

372 views • 13 slides
The First Responder Test-Bed The First Responder Test-Bed Vision to Reality Presentation to ITS

The First Responder Test-Bed The First Responder Test-Bed Vision to Reality Presentation to ITS

The First Responder Test-Bed The First Responder Test-Bed Vision to Reality Presentation to ITS May 28, 2013 Barry Gander, Chair, NVA EVP, CATA 613-340-0701 bgander@cata.ca Networked Not Connected Surround the car occupant

397 views • 16 slides
Installation Coffee break NorduGrid Tutorial, LCSC 2002 1 what do you need? a Testbed (not easy

Installation Coffee break NorduGrid Tutorial, LCSC 2002 1 what do you need? a Testbed (not easy

NorduGrid Tutorial Installation Coffee break NorduGrid Tutorial, LCSC 2002 1 what do you need? a Testbed (not easy to find one, or get access to it:) Functional Testbeds are rare, they are usually under development or happen to be down

67 views • 4 slides
MOCAP Uros Zizek Measuring performance of cloud-based CEO at CASTOOLA platform for interactive

MOCAP Uros Zizek Measuring performance of cloud-based CEO at CASTOOLA platform for interactive

MOCAP Uros Zizek Measuring performance of cloud-based CEO at CASTOOLA platform for interactive TV services delivery FEC3 Paris, March 14-16, 2018 WWW.FED4FIRE.EU Castoola Platform is cloud-based platform for serving of interactive TV

1.03k views • 17 slides
Using Design Thinking to Create Better Test Cases Presented

Using Design Thinking to Create Better Test Cases Presented

W5 Test Techniques Wednesday, October 2nd, 2019 11:30 AM Using Design Thinking to Create Better Test Cases Presented by:

598 views • 22 slides
Safety Critical Flight Software Code Coverage Utilization Nate Uitenbroek Outline Background

Safety Critical Flight Software Code Coverage Utilization Nate Uitenbroek Outline Background

Safety Critical Flight Software Code Coverage Utilization Nate Uitenbroek Outline Background Safety Critical Software Classifying Standards Contrast Commercial Aviation and Space Flight Observations Orion Specific

435 views • 41 slides
Overview of CMS National Coverage Decision Katherine Szarama Centers for Medicare &amp;

Overview of CMS National Coverage Decision Katherine Szarama Centers for Medicare &amp;

Overview of CMS National Coverage Decision Katherine Szarama Centers for Medicare &amp; Medicaid Services Wifi Code: FCR18 September 13, 2018 #ProgressForPatients Coverage and Analysis Group, CCSQ National Coverage Analysis and Medicare

302 views • 12 slides

More recommend