update on the dlv shutdown vicky risk isc org
play

Update on the DLV Shutdown Vicky Risk ISC.org source: flickr, lic - PowerPoint PPT Presentation

Sep 11, 2022 •251 likes •445 views

Update on the DLV Shutdown Vicky Risk ISC.org source: flickr, lic cc 2.0 Marrakech Market by Jacky Jourdren DLV, the DNS Lookaside Validator Created in 2006 To allow use of DNSSEC before root and TLDs were signed Root and 70+% of TLDs

  1. Update on the DLV Shutdown Vicky Risk ISC.org source: flickr, lic cc 2.0 Marrakech Market by Jacky Jourdren

  2. DLV, the DNS Lookaside Validator § Created in 2006 § To allow use of DNSSEC before root and TLDs were signed § Root and 70+% of TLDs are now signed § DLV has accomplished what it can to assist with early adoption

  3. Shutdown Process Initiated Announce shutdown plan Discourage resolver queries Feb 2015 – June 2015 Remove zones ICANN Singapore May 2015 – present dlv.isc.org Update default configurations to www.isc.org remove DLV (BIND and BIND July 2015 – June 2017 Internet mailing lists packages, and Unbound) June 2015 request to remove BIND OS packagers broken or unnecessary NANOG 64 San Francisco delegations What else can we do here? Direct email to every user July 2015 removed broken zones March 2016 limit new zones July 2016 No new zones July 2016 Purge zones that can otherwise validate June 2017 Purge all zones Continue answering queries indefinitely

  4. Emailed Users June 2015 <excerpt of actual message> Broken Zones ------------------ Currently the following zones are configured in the ISC DLV registry, but are non-functional in some way. This could be due to an incomplete delegation, broken or missing keys, or some other failure. Since these are not currently serving any useful purpose, they will be removed at the end of July 2015. example.com (Key Missing) Can Validate ----------------- We've walked the following zones and found that they properly DNSSEC validate full from the global DNS Root. Hence, they no longer need DLV. Please remove these zones from the ISC DLV Registry at http://dlv.isc.org at your earliest convenience. Any zones that can fully validate to the Root that remain will be automatically removed at the end of 2015. example.com

  5. Example User Reaction ... DLV is the only way for most holders of static IP addresses to sign their reverse (in- addr.arpa/ip6.arpa) address zones. And that until that's fixed, DLV needs to remain. This problem can not be solved by contacting any registrar/registry. It's an ISP issue, and customers have no leverage.

  6. Example User Reaction unfortunately, although my top-level domains (elided) are DNSSEC signed, and my domain also is, the registry (elided) claims not to be able to sign second levels. Neither are they able to configure their glue appropriately. Unfortunately, even changing providers won't help, since (elided) is the TLD registry. And if they do not support DS, nobody will L .... unfortunately I have no chance, but to rely on the DLV service. I am well aware, that this is conceptually a bad kludge and completely undermines the idea of how DNSSEC delegates trust.

  7. Status of Zone Reduction § 2867 working zones a year ago § 2080 working zones remain today – ~800 working zones removed by the owner – many more non-working zones purged by ISC § remaining zones may have no other secure option

  8. Timeline § Feb 2015 Announced sunset plan @ ICANN § June 2015 Notice to DLV users. Requested removal of broken zones & those using DLV needlessly. § August 2015 Removed broken zones/users § Jan 2016 Purge zones that could otherwise validate (20% of total) § March 2016 No registration of new zones that could validate without DLV § July 2016 No registration of new zones/users § July 2016 Purge all zones that could validate without DLV (extended by 6 months) § July 2017 Remove remaining DLV records (2 yr notice)

  9. Queries to DLV § Querying the DLV puts extra burden on validating resolvers, particularly with so few actual zones in the DLV. Desirable to minimize these queries going forward. § More than 8k qps to the DLV in 2014 § Less than 4K qps to the DLV today – Currently, ISC sees < 2K qps – A ffi lias sees ~2K qps average, spikes of 3K

  10. Serving dlv.isc.org § Our staged shutdown process will leave DLV empty by August 2017 § There will be queries made to the DLV for some time § It is best for them to return a quick “no” than to time out § So we will leave DNS service running on dlv.isc.org until it is no longer in use

  11. Summary § ISC created DLV to encourage more use of DNSSEC § DLV has assisted those early adopters § DLV is not a solution for the systemic problem of non-support by the whole DNS chain

  12. Thank you for years of providing secondary name service for dlv.isc.org

  13. mailto: dlv@isc.org

  15. Example: Needs DLV

  16. ~6K queries to DLV in 2014

  17. Reduced to <2K qps today ~800 qps at our Amsterdam node

  18. Afilias sees about 2K qps

  19. Waning interest in DLV Google analytics measurement of people visiting DLV portal

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Integrated Assurance Risk Governance Beyond Boundaries Vicky Kubitscheck 30 th

Integrated Assurance Risk Governance Beyond Boundaries Vicky Kubitscheck 30 th

Integrated Assurance Risk Governance Beyond Boundaries Vicky Kubitscheck 30 th January 2014 Police Mutual - who we are 1866 n UKs largest affinity friendly

515 views • 18 slides
Hot Topic Update: H t T i U d t Accommodation in the Workplace Lynn H. Harnden Vicky Satta

Hot Topic Update: H t T i U d t Accommodation in the Workplace Lynn H. Harnden Vicky Satta

Hot Topic Update: H t T i U d t Accommodation in the Workplace Lynn H. Harnden Vicky Satta Vi k S tt April 10, 2013 www.ehlaw.ca 1 Session Overview Family status where are we now? Accommodating religious observances

181 views • 15 slides
How does risk minimisation work? Risk Reaching the Ultimate Goal Clinical minimisation target

How does risk minimisation work? Risk Reaching the Ultimate Goal Clinical minimisation target

Risk minimisation Selecting, implementing, and evaluating activities Vicky Dong Risk Management Plan Evaluation Section, Pharmacovigilance &amp; Special Access Branch Medicines Regulation Division, TGA Australian Pharmacovigilance regulatory

418 views • 13 slides
Shutdown Update George Ginther University of Rochester for the D Collaboration 18 May 2006

Shutdown Update George Ginther University of Rochester for the D Collaboration 18 May 2006

Shutdown Update George Ginther University of Rochester for the D Collaboration 18 May 2006 Week 9 Layer 0 Complete evaluation of Layer 0 readout performance All SVX4 chips have been successfully readout with the sensors biased

779 views • 23 slides
Post-market RMP/ASA updates Vicky Dong RMP Evaluation Section Post-market Surveillance Branch

Post-market RMP/ASA updates Vicky Dong RMP Evaluation Section Post-market Surveillance Branch

Post-market RMP/ASA updates Vicky Dong RMP Evaluation Section Post-market Surveillance Branch March 2015 Guidelines EU Guideline on good pharmacovigilance practices Module V Risk management systems (Rev 1) (15 April 2014) Risk

316 views • 13 slides
NIH Update CFSAC June 29-30, 2017 Vicky Whittemore, Ph.D. Program Director, National Institute

NIH Update CFSAC June 29-30, 2017 Vicky Whittemore, Ph.D. Program Director, National Institute

NIH Update CFSAC June 29-30, 2017 Vicky Whittemore, Ph.D. Program Director, National Institute of Neurological Disorders and Stroke, NIH On behalf of the Trans-NIH ME/CFS Working Group 1 NIH Funding for ME/CFS Research FY11 FY12 FY13

474 views • 21 slides
Muon g-2 Update David Flay, Operations Manager Proton PMG 3 October 2019 Shutdown Highlights

Muon g-2 Update David Flay, Operations Manager Proton PMG 3 October 2019 Shutdown Highlights

Muon g-2 Update David Flay, Operations Manager Proton PMG 3 October 2019 Shutdown Highlights Hall - Completed installation of hall cooling system - Stabilize magnet temperature =&gt; suppress diurnal field variations Cryo - 40-K and 80-K

272 views • 4 slides
(PCNs) Vicky Womack, Leeds GP Confederation vicky.womack@nhs.net NEW GP Contract NHS Long

(PCNs) Vicky Womack, Leeds GP Confederation vicky.womack@nhs.net NEW GP Contract NHS Long

Primary Care Networks (PCNs) Vicky Womack, Leeds GP Confederation vicky.womack@nhs.net NEW GP Contract NHS Long Term Plan published January 2019 New 5 year GP contract announced to outline how changes to general practice will

556 views • 10 slides
Hawkes Bay Tourism Industry Update July 6, 2016 The Team Vicky Roebuck Communications

Hawkes Bay Tourism Industry Update July 6, 2016 The Team Vicky Roebuck Communications

Hawkes Bay Tourism Industry Update July 6, 2016 The Team Vicky Roebuck Communications &amp; Marketing Manager Hamish Evans Trade Marketing Manager Megan Best Consumer Marketing Jenna Mabey - Marketing and Events

1.05k views • 39 slides
National Institutes of Health Update Vicky Whittemore, PhD NINDS/NIH Chronic Fatigue Syndrome

National Institutes of Health Update Vicky Whittemore, PhD NINDS/NIH Chronic Fatigue Syndrome

U.S. DEPARTMENT OF HEALTH AND HUMAN SERVICES National Institutes of Health National Institute of Neurological Disorders and Stroke National Institutes of Health Update Vicky Whittemore, PhD NINDS/NIH Chronic Fatigue Syndrome Advisory

161 views • 15 slides
Chapter 7 Cancellation and Shutdown Alfred Theorin, Ph.D. student Department of Automatic

Chapter 7 Cancellation and Shutdown Alfred Theorin, Ph.D. student Department of Automatic

Chapter 7 Cancellation and Shutdown Alfred Theorin, Ph.D. student Department of Automatic Control Lund University Outline Cancellation Why and when it is needed How it is accomplished Abnormal thread termination JVM shutdown

289 views • 18 slides
SUGGESTED : STANDARD FOR THE COMPILATION OF THE SHUTDOWN PRESENTATION Introduction The

SUGGESTED : STANDARD FOR THE COMPILATION OF THE SHUTDOWN PRESENTATION Introduction The

SUGGESTED : STANDARD FOR THE COMPILATION OF THE SHUTDOWN PRESENTATION Introduction The presentation must briefly address the planned Period of the shutdown and a brief Planning process embark on. *Note: Brief on the Planning Process to

403 views • 3 slides
RISK MANAGEMENT COMMITTEE UPDATE P RE SE NTED BY: Cory Kuchinsky Interim VP, Strategic Pricing

RISK MANAGEMENT COMMITTEE UPDATE P RE SE NTED BY: Cory Kuchinsky Interim VP, Strategic Pricing

RISK MANAGEMENT COMMITTEE UPDATE P RE SE NTED BY: Cory Kuchinsky Interim VP, Strategic Pricing &amp; Enterprise Risk Management September 12, 2019 Inform ational Update OBJECTIVES &amp; TAKEAWAYS PROVIDE RISK PROGRAM UPDATE REVIEW

316 views • 30 slides
Local quality control of LHC electrical interconnections during the 2012 shutdown 1 LHC Splice

Local quality control of LHC electrical interconnections during the 2012 shutdown 1 LHC Splice

Local quality control of LHC electrical interconnections during the 2012 shutdown 1 LHC Splice Review, C. Scheuerlein, 18.10.2010 Outline LHC splice quality control (QC) sequence during 2012 o shutdown QC of existing main interconnection

423 views • 29 slides
Government Shutdown: Lessons Learned BOAC Meeting June 2019 Discussant Pamela A. Webb

Government Shutdown: Lessons Learned BOAC Meeting June 2019 Discussant Pamela A. Webb

Government Shutdown: Lessons Learned BOAC Meeting June 2019 Discussant Pamela A. Webb Associate VP for Research pwebb@umn.edu Sponsored Projects Administration Shutdown Facts for UMN 1300 projects (~24% of total portfolio) and 3

341 views • 10 slides
DATA PROTECTION AND COVID-19 Vicky Ling Founder member of the Law Consultancy Network

DATA PROTECTION AND COVID-19 Vicky Ling Founder member of the Law Consultancy Network

DATA PROTECTION AND COVID-19 Vicky Ling Founder member of the Law Consultancy Network www.lawconsultancynetwork.co.uk WELCOME! Introductions: Vicky Ling a consultant working in the legal sector who worked with LawWorks on GDPR

300 views • 27 slides
The Other 95%: The Unsecure Internet You Dont Know About Internet Protocol Manipulations

The Other 95%: The Unsecure Internet You Dont Know About Internet Protocol Manipulations

The Other 95%: The Unsecure Internet You Dont Know About Internet Protocol Manipulations Sharon Goldberg BGP : Border Gateway Protocol DNS : Domain Name System BGP manipulation from July 2013 Abroad USA Qwest/ Centurylink Endpoint in

381 views • 11 slides
DISSECTING DNS STAKEHOLDERS IN MOBILE NETWORKS 2 CoNEXT 2017, Seoul/Incheon WHY TO STUDY

DISSECTING DNS STAKEHOLDERS IN MOBILE NETWORKS 2 CoNEXT 2017, Seoul/Incheon WHY TO STUDY

Mario Almeida, Alessandro Finamore, Diego Perino, Narseo Vallina-Rodriguez, Matteo Varvello CoNEXT 2017 - Seoul/Incheon, South Korea DISSECTING DNS STAKEHOLDERS IN MOBILE NETWORKS 2 CoNEXT 2017, Seoul/Incheon WHY TO STUDY DNS IN MOBILE

476 views • 28 slides
Operators Deep Dive Graham Hayes / HP Ron Rickard / eBay Inc. Graham Hayes - HP Cloud Ron

Operators Deep Dive Graham Hayes / HP Ron Rickard / eBay Inc. Graham Hayes - HP Cloud Ron

Operators Deep Dive Graham Hayes / HP Ron Rickard / eBay Inc. Graham Hayes - HP Cloud Ron Rickard Sr. Cloud Engineer, eBay Inc. rrickard@ebaysf.com irc.freenode.net: rjrjr Agenda Designate Overview Designate REST API Designate and Neutron

571 views • 33 slides
Non Profit Lobbying What is lobbying? Is it the proverbial, sinister behind-the-scenes

Non Profit Lobbying What is lobbying? Is it the proverbial, sinister behind-the-scenes

Non Profit Lobbying What is lobbying? Is it the proverbial, sinister behind-the-scenes handshake agreement? Or is it something not so sinister? What do you think? Lobbying is Political to be political, as per the IRS, means to engaged in

214 views • 5 slides
DNS OF TURBULENT PIPE FLOW : H OW FAR CAN WE REACH TODAY ? M.Quadrio 1 &amp; P . Luchini 2 1

DNS OF TURBULENT PIPE FLOW : H OW FAR CAN WE REACH TODAY ? M.Quadrio 1 &amp; P . Luchini 2 1

The well-designed DNS Pipe or channel? The (far) future of DNS What can we do today? Conclusions DNS OF TURBULENT PIPE FLOW : H OW FAR CAN WE REACH TODAY ? M.Quadrio 1 &amp; P . Luchini 2 1 Politecnico di Milano, Dip. Ing. Aerospaziale 2

498 views • 24 slides
Installing TEAMserver Technical requirements and recommendations 2014 Installing TEAMserver

Installing TEAMserver Technical requirements and recommendations 2014 Installing TEAMserver

Installing TEAMserver Technical requirements and recommendations 2014 Installing TEAMserver Before installing the TEAMserver, we would like to know: What is the hardware used? Are you planning to install TEAMserver and SQL Server on

220 views • 10 slides
Semantic based DNS Forensics Samuel Marchal, J er ome Fran cois, Radu State and Thomas

Semantic based DNS Forensics Samuel Marchal, J er ome Fran cois, Radu State and Thomas

samuel.marchal@uni.lu 3/12/12 Semantic based DNS Forensics Samuel Marchal, J er ome Fran cois, Radu State and Thomas Engel Motivations Semantic analysis Experiments and Results Conclusion Outline 1 Motivations 2 Semantic analysis 3

509 views • 19 slides
Towards the Direct Numerical Simulation of a Nuclear Pebble Bed Flow Star-CD User Conference

Towards the Direct Numerical Simulation of a Nuclear Pebble Bed Flow Star-CD User Conference

Towards the Direct Numerical Simulation of a Nuclear Pebble Bed Flow Star-CD User Conference 22-23 March, 2011 Amsterdam A. Shams, F. Roelofs, E.M.J. Komen shams@nrg.eu Presentation Plan Introduction: Problem Description Strategies

560 views • 34 slides

More recommend