1 / 17

DNS, DNS Security, and DNSSEC

DNS, DNS Security, and DNSSEC. Olaf M. Kolkman olaf@nlnetlabs.nl. Agenda. 9:00 - 13:00 30 mins break at 11:00 13:00-14:15 lunch 14:15-18:00 (ca) 5 mins break at 16:15. Introductions. http://dns-school.org /. May not be permanent!. Who am I (Olaf).

karinc
Télécharger la présentation

DNS, DNS Security, and DNSSEC

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DNS, DNS Security, and DNSSEC • Olaf M. Kolkman • olaf@nlnetlabs.nl

  2. Agenda • 9:00 - 13:00 • 30 mins break at 11:00 • 13:00-14:15 lunch • 14:15-18:00 (ca) • 5 mins break at 16:15

  3. Introductions http://dns-school.org/ May not be permanent!

  4. Who am I (Olaf) • Director of NLnet Labs, a charity working on open standards and open source software • NSD, Unbound, ldns, Net::DNS, Net::DNS::SEC • DNSSEC evangineering • Previously @ RIPE NCC: responsible for DNSSEC deployment • DNSEXT chair 2001-2006 • IAB member since 2006 and its chair 2007-2011

  5. Who am I (Willem) • System and Network Engineer at NLnet Labs • Previously @ AHK, also SNE • All-rounder (but does not skate the 10km)

  6. Who are you • Your names • Background experience • Unix prompt: huh prompt? • make: make what, a pie everyday? • named: Yes, I was, as a candidate for the board • zones and domains: stay out of my personal space • Write down what you want to achieve by the end of these two days • We will be looking at that at the end of the two days • Is there anything we should pay special attention to?

  7. Training the Trainers • Intended to get you bootstrapped for providing trainings to others • Part of our mission • Bit of improvisation on our side, and on yours This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  8. NLnet Labs To develop Open Source Software and Open Standards for the benefits of the Internet. Paraphrased Article 1 of the Foundations Charter

  9. ldns

  10. Not-For-Profit • We provide this course on an expenses only basis • If you use this material then consider to support NLnet Labs’ mission Financially:http://www.nlnetlabs.nl/labs/contributors/

  11. BLOK 1: Classic DNS • DNS and its weaknesses • Unbound security settings • Authoritative Server protection

  12. BLOK 2: Unbound in Practice • Hands on Labs Work: • Installing UNBOUND resolver Software • Building a DNS tree/infrastructure • Theory and Demonstrations around UNBOUND: • Hardware dimensioning, Network issues affecting Performance, Advanced configuration,Performance settings Monitoring, Monitoring security Graphs Statistics Debugging facilities

  13. BLOK 3: DNSSEC in Theory DNS Security fundamentals • Public Key Cryptography and DNS Resource Records • Theory of operations Chains of Trust Do's and don'ts of DNSSEC serving Troubleshooting • Signature failures Transport failures strategies and tools for troubleshooting

  14. BLOK 4: Securing the Labs infrastructure • Hands on signing, serving, and troubleshooting • Creating secure delegations

  15. BLOK 5: DNS KEYs: risks and management • Introduction to OpenDNSSEC

  16. BLOK 6: Introducing DNSSEC in a workflow • How to design your project, components to think about • Participants take a stab at a high level project plan

  17. BLOK 7: Software and tools availability and development • where to find more information and some hints and tips on writing software with Net::DNS and ldns

More Related