Submit Search
Upload
ION Mumbai - Jitender Kumar: DNSSEC
•
0 likes
•
401 views
Deploy360 Programme (Internet Society)
Follow
Jitender Kumar's presentation from ION Mumbai on 11 October 2012
Read less
Read more
Report
Share
Report
Share
1 of 9
Download now
Download to read offline
Recommended
ION Belfast - Why Implement DNSSEC? - Jim Galvin
ION Belfast - Why Implement DNSSEC? - Jim Galvin
Deploy360 Programme (Internet Society)
Benefits of using foss
Benefits of using foss
Ruwan Ranganath
Gaurav - VoIP - ClubHack2007
Gaurav - VoIP - ClubHack2007
ClubHack
ION Sao Paulo - Jiri Prusa: Policies and IPv6
ION Sao Paulo - Jiri Prusa: Policies and IPv6
Deploy360 Programme (Internet Society)
Challenges and Opportunities in Deploying IPv6, DNSSEC, and Other Key Technol...
Challenges and Opportunities in Deploying IPv6, DNSSEC, and Other Key Technol...
Deploy360 Programme (Internet Society)
ION Mumbai - Shailesh Gupta: Business Case for IPv6 and DNSSEC
ION Mumbai - Shailesh Gupta: Business Case for IPv6 and DNSSEC
Deploy360 Programme (Internet Society)
DNSSEC: How to deploy it, and why you should bother (ION Toronto 2011)
DNSSEC: How to deploy it, and why you should bother (ION Toronto 2011)
Deploy360 Programme (Internet Society)
ION Ljubljana - Benjamin Zwittnig: DNSSEC in .SI
ION Ljubljana - Benjamin Zwittnig: DNSSEC in .SI
Deploy360 Programme (Internet Society)
Recommended
ION Belfast - Why Implement DNSSEC? - Jim Galvin
ION Belfast - Why Implement DNSSEC? - Jim Galvin
Deploy360 Programme (Internet Society)
Benefits of using foss
Benefits of using foss
Ruwan Ranganath
Gaurav - VoIP - ClubHack2007
Gaurav - VoIP - ClubHack2007
ClubHack
ION Sao Paulo - Jiri Prusa: Policies and IPv6
ION Sao Paulo - Jiri Prusa: Policies and IPv6
Deploy360 Programme (Internet Society)
Challenges and Opportunities in Deploying IPv6, DNSSEC, and Other Key Technol...
Challenges and Opportunities in Deploying IPv6, DNSSEC, and Other Key Technol...
Deploy360 Programme (Internet Society)
ION Mumbai - Shailesh Gupta: Business Case for IPv6 and DNSSEC
ION Mumbai - Shailesh Gupta: Business Case for IPv6 and DNSSEC
Deploy360 Programme (Internet Society)
DNSSEC: How to deploy it, and why you should bother (ION Toronto 2011)
DNSSEC: How to deploy it, and why you should bother (ION Toronto 2011)
Deploy360 Programme (Internet Society)
ION Ljubljana - Benjamin Zwittnig: DNSSEC in .SI
ION Ljubljana - Benjamin Zwittnig: DNSSEC in .SI
Deploy360 Programme (Internet Society)
World IPv6 Day Recap (ION Toronto 2011)
World IPv6 Day Recap (ION Toronto 2011)
Deploy360 Programme (Internet Society)
ION Belfast - Opening Slides - Chris Grundemann
ION Belfast - Opening Slides - Chris Grundemann
Deploy360 Programme (Internet Society)
ION Ljubljana - Aaron Hughes: Best Current Operational Practices
ION Ljubljana - Aaron Hughes: Best Current Operational Practices
Deploy360 Programme (Internet Society)
ION Tokyo Panel - IPv6 in Asia Pacific: Untangling the Web, Kaname Nishikuza
ION Tokyo Panel - IPv6 in Asia Pacific: Untangling the Web, Kaname Nishikuza
Deploy360 Programme (Internet Society)
IPv6 and Telecom: IPv4 Is FInally Running Out. Now What?
IPv6 and Telecom: IPv4 Is FInally Running Out. Now What?
Deploy360 Programme (Internet Society)
Good Men Rising: IPv6 & DNSSEC
Good Men Rising: IPv6 & DNSSEC
Deploy360 Programme (Internet Society)
ION Belfast - IETF Update - Chris Grundemann
ION Belfast - IETF Update - Chris Grundemann
Deploy360 Programme (Internet Society)
IPv6 Address Planning
IPv6 Address Planning
Deploy360 Programme (Internet Society)
ION Djibouti: KENIC DNSSEC Case Study
ION Djibouti: KENIC DNSSEC Case Study
Deploy360 Programme (Internet Society)
ION San Diego - US Federal IPv6 Deployments
ION San Diego - US Federal IPv6 Deployments
Deploy360 Programme (Internet Society)
ION Krakow - DNSSEC Panel Introduction
ION Krakow - DNSSEC Panel Introduction
Deploy360 Programme (Internet Society)
ION Sri Lanka - Why Implement DNSSEC?
ION Sri Lanka - Why Implement DNSSEC?
Deploy360 Programme (Internet Society)
ION Toronto - Why Implement DNSSEC?
ION Toronto - Why Implement DNSSEC?
Deploy360 Programme (Internet Society)
History of DNSSEC from .ASIA signing event
History of DNSSEC from .ASIA signing event
hread
DNSSEC: What a Registrar Needs to Know
DNSSEC: What a Registrar Needs to Know
laurenrprice
Best DNS Servers To Use Buy Server Memory Clearance.pptx
Best DNS Servers To Use Buy Server Memory Clearance.pptx
Memory Clearance
FOSE 2011: DNSSEC and the Government, Lessons Learned
FOSE 2011: DNSSEC and the Government, Lessons Learned
Neustar, Inc.
DNSSEC for Registrars by .ORG & Afilias
DNSSEC for Registrars by .ORG & Afilias
ORG, The Public Interest Registry
F5's Dynamic DNS Services
F5's Dynamic DNS Services
F5 Networks
Lecture 11 active directory
Lecture 11 active directory
Tanveer Malik
DNSSEC: How to deploy it, and why you should bother (ION Toronto 2011)
DNSSEC: How to deploy it, and why you should bother (ION Toronto 2011)
Internet Society
DNS Security
DNS Security
johnmcclure00
More Related Content
Viewers also liked
World IPv6 Day Recap (ION Toronto 2011)
World IPv6 Day Recap (ION Toronto 2011)
Deploy360 Programme (Internet Society)
ION Belfast - Opening Slides - Chris Grundemann
ION Belfast - Opening Slides - Chris Grundemann
Deploy360 Programme (Internet Society)
ION Ljubljana - Aaron Hughes: Best Current Operational Practices
ION Ljubljana - Aaron Hughes: Best Current Operational Practices
Deploy360 Programme (Internet Society)
ION Tokyo Panel - IPv6 in Asia Pacific: Untangling the Web, Kaname Nishikuza
ION Tokyo Panel - IPv6 in Asia Pacific: Untangling the Web, Kaname Nishikuza
Deploy360 Programme (Internet Society)
IPv6 and Telecom: IPv4 Is FInally Running Out. Now What?
IPv6 and Telecom: IPv4 Is FInally Running Out. Now What?
Deploy360 Programme (Internet Society)
Good Men Rising: IPv6 & DNSSEC
Good Men Rising: IPv6 & DNSSEC
Deploy360 Programme (Internet Society)
ION Belfast - IETF Update - Chris Grundemann
ION Belfast - IETF Update - Chris Grundemann
Deploy360 Programme (Internet Society)
IPv6 Address Planning
IPv6 Address Planning
Deploy360 Programme (Internet Society)
ION Djibouti: KENIC DNSSEC Case Study
ION Djibouti: KENIC DNSSEC Case Study
Deploy360 Programme (Internet Society)
ION San Diego - US Federal IPv6 Deployments
ION San Diego - US Federal IPv6 Deployments
Deploy360 Programme (Internet Society)
ION Krakow - DNSSEC Panel Introduction
ION Krakow - DNSSEC Panel Introduction
Deploy360 Programme (Internet Society)
Viewers also liked
(11)
World IPv6 Day Recap (ION Toronto 2011)
World IPv6 Day Recap (ION Toronto 2011)
ION Belfast - Opening Slides - Chris Grundemann
ION Belfast - Opening Slides - Chris Grundemann
ION Ljubljana - Aaron Hughes: Best Current Operational Practices
ION Ljubljana - Aaron Hughes: Best Current Operational Practices
ION Tokyo Panel - IPv6 in Asia Pacific: Untangling the Web, Kaname Nishikuza
ION Tokyo Panel - IPv6 in Asia Pacific: Untangling the Web, Kaname Nishikuza
IPv6 and Telecom: IPv4 Is FInally Running Out. Now What?
IPv6 and Telecom: IPv4 Is FInally Running Out. Now What?
Good Men Rising: IPv6 & DNSSEC
Good Men Rising: IPv6 & DNSSEC
ION Belfast - IETF Update - Chris Grundemann
ION Belfast - IETF Update - Chris Grundemann
IPv6 Address Planning
IPv6 Address Planning
ION Djibouti: KENIC DNSSEC Case Study
ION Djibouti: KENIC DNSSEC Case Study
ION San Diego - US Federal IPv6 Deployments
ION San Diego - US Federal IPv6 Deployments
ION Krakow - DNSSEC Panel Introduction
ION Krakow - DNSSEC Panel Introduction
Similar to ION Mumbai - Jitender Kumar: DNSSEC
ION Sri Lanka - Why Implement DNSSEC?
ION Sri Lanka - Why Implement DNSSEC?
Deploy360 Programme (Internet Society)
ION Toronto - Why Implement DNSSEC?
ION Toronto - Why Implement DNSSEC?
Deploy360 Programme (Internet Society)
History of DNSSEC from .ASIA signing event
History of DNSSEC from .ASIA signing event
hread
DNSSEC: What a Registrar Needs to Know
DNSSEC: What a Registrar Needs to Know
laurenrprice
Best DNS Servers To Use Buy Server Memory Clearance.pptx
Best DNS Servers To Use Buy Server Memory Clearance.pptx
Memory Clearance
FOSE 2011: DNSSEC and the Government, Lessons Learned
FOSE 2011: DNSSEC and the Government, Lessons Learned
Neustar, Inc.
DNSSEC for Registrars by .ORG & Afilias
DNSSEC for Registrars by .ORG & Afilias
ORG, The Public Interest Registry
F5's Dynamic DNS Services
F5's Dynamic DNS Services
F5 Networks
Lecture 11 active directory
Lecture 11 active directory
Tanveer Malik
DNSSEC: How to deploy it, and why you should bother (ION Toronto 2011)
DNSSEC: How to deploy it, and why you should bother (ION Toronto 2011)
Internet Society
DNS Security
DNS Security
johnmcclure00
Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...
Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...
Real-Time Innovations (RTI)
Oracle Open World 2017 Delphix and DBVisit
Oracle Open World 2017 Delphix and DBVisit
Kellyn Pot'Vin-Gorman
DNS Made Easy Sales Brochure
DNS Made Easy Sales Brochure
DNS Made Easy
Intelligent DNS Scale
Intelligent DNS Scale
Peter Silva
ICANN Draft Strategic Plan 2010-2013
ICANN Draft Strategic Plan 2010-2013
OneWebDay, Inc.
Leveraging the JSON API as a Self-Service Tool
Leveraging the JSON API as a Self-Service Tool
Zenoss
ICANN Update
ICANN Update
APNIC
Domain Name System (DNS) - Domain Registration and Website Hosting Basics
Domain Name System (DNS) - Domain Registration and Website Hosting Basics
Asif Shahzad
Active Directory Domain Services.pptx
Active Directory Domain Services.pptx
syedasadraza13
Similar to ION Mumbai - Jitender Kumar: DNSSEC
(20)
ION Sri Lanka - Why Implement DNSSEC?
ION Sri Lanka - Why Implement DNSSEC?
ION Toronto - Why Implement DNSSEC?
ION Toronto - Why Implement DNSSEC?
History of DNSSEC from .ASIA signing event
History of DNSSEC from .ASIA signing event
DNSSEC: What a Registrar Needs to Know
DNSSEC: What a Registrar Needs to Know
Best DNS Servers To Use Buy Server Memory Clearance.pptx
Best DNS Servers To Use Buy Server Memory Clearance.pptx
FOSE 2011: DNSSEC and the Government, Lessons Learned
FOSE 2011: DNSSEC and the Government, Lessons Learned
DNSSEC for Registrars by .ORG & Afilias
DNSSEC for Registrars by .ORG & Afilias
F5's Dynamic DNS Services
F5's Dynamic DNS Services
Lecture 11 active directory
Lecture 11 active directory
DNSSEC: How to deploy it, and why you should bother (ION Toronto 2011)
DNSSEC: How to deploy it, and why you should bother (ION Toronto 2011)
DNS Security
DNS Security
Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...
Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...
Oracle Open World 2017 Delphix and DBVisit
Oracle Open World 2017 Delphix and DBVisit
DNS Made Easy Sales Brochure
DNS Made Easy Sales Brochure
Intelligent DNS Scale
Intelligent DNS Scale
ICANN Draft Strategic Plan 2010-2013
ICANN Draft Strategic Plan 2010-2013
Leveraging the JSON API as a Self-Service Tool
Leveraging the JSON API as a Self-Service Tool
ICANN Update
ICANN Update
Domain Name System (DNS) - Domain Registration and Website Hosting Basics
Domain Name System (DNS) - Domain Registration and Website Hosting Basics
Active Directory Domain Services.pptx
Active Directory Domain Services.pptx
More from Deploy360 Programme (Internet Society)
ION Belgrade - Jordi Palet Martinez IPv6 Success Stories
ION Belgrade - Jordi Palet Martinez IPv6 Success Stories
Deploy360 Programme (Internet Society)
ION Belgrade - ISOC Serbia Belgrade Chapter Presentation
ION Belgrade - ISOC Serbia Belgrade Chapter Presentation
Deploy360 Programme (Internet Society)
ION Belgrade - IETF Update
ION Belgrade - IETF Update
Deploy360 Programme (Internet Society)
ION Belgrade - Opening Slides
ION Belgrade - Opening Slides
Deploy360 Programme (Internet Society)
ION Belgrade - MANRS by Serbian Open eXchange (SOX)
ION Belgrade - MANRS by Serbian Open eXchange (SOX)
Deploy360 Programme (Internet Society)
ION Belgrade - Closing Slides
ION Belgrade - Closing Slides
Deploy360 Programme (Internet Society)
AusNOG - Two Years of Good MANRS
AusNOG - Two Years of Good MANRS
Deploy360 Programme (Internet Society)
ION Malta - IETF Update
ION Malta - IETF Update
Deploy360 Programme (Internet Society)
ION Malta - MANRS Introduction
ION Malta - MANRS Introduction
Deploy360 Programme (Internet Society)
ION Malta - Introduction to DNSSEC
ION Malta - Introduction to DNSSEC
Deploy360 Programme (Internet Society)
ION Malta - DANE: The Future of TLS
ION Malta - DANE: The Future of TLS
Deploy360 Programme (Internet Society)
ION Malta - IANA Transition Roles & Accountability
ION Malta - IANA Transition Roles & Accountability
Deploy360 Programme (Internet Society)
ION Malta - IPv6 Case Study: Finland
ION Malta - IPv6 Case Study: Finland
Deploy360 Programme (Internet Society)
ION Malta - Seeweb Thoughts on IPv6 Transition
ION Malta - Seeweb Thoughts on IPv6 Transition
Deploy360 Programme (Internet Society)
ION Malta - Seeweb Why MANRS is good for you
ION Malta - Seeweb Why MANRS is good for you
Deploy360 Programme (Internet Society)
ION Malta - Opening Slides
ION Malta - Opening Slides
Deploy360 Programme (Internet Society)
ION Malta - Closing Slides
ION Malta - Closing Slides
Deploy360 Programme (Internet Society)
ION Durban - How peering behaviour affects growth of the internet
ION Durban - How peering behaviour affects growth of the internet
Deploy360 Programme (Internet Society)
ION Durban - Introduction to ISOC Gauteng Chapter
ION Durban - Introduction to ISOC Gauteng Chapter
Deploy360 Programme (Internet Society)
ION Durban - What's Happening at the IETF?
ION Durban - What's Happening at the IETF?
Deploy360 Programme (Internet Society)
More from Deploy360 Programme (Internet Society)
(20)
ION Belgrade - Jordi Palet Martinez IPv6 Success Stories
ION Belgrade - Jordi Palet Martinez IPv6 Success Stories
ION Belgrade - ISOC Serbia Belgrade Chapter Presentation
ION Belgrade - ISOC Serbia Belgrade Chapter Presentation
ION Belgrade - IETF Update
ION Belgrade - IETF Update
ION Belgrade - Opening Slides
ION Belgrade - Opening Slides
ION Belgrade - MANRS by Serbian Open eXchange (SOX)
ION Belgrade - MANRS by Serbian Open eXchange (SOX)
ION Belgrade - Closing Slides
ION Belgrade - Closing Slides
AusNOG - Two Years of Good MANRS
AusNOG - Two Years of Good MANRS
ION Malta - IETF Update
ION Malta - IETF Update
ION Malta - MANRS Introduction
ION Malta - MANRS Introduction
ION Malta - Introduction to DNSSEC
ION Malta - Introduction to DNSSEC
ION Malta - DANE: The Future of TLS
ION Malta - DANE: The Future of TLS
ION Malta - IANA Transition Roles & Accountability
ION Malta - IANA Transition Roles & Accountability
ION Malta - IPv6 Case Study: Finland
ION Malta - IPv6 Case Study: Finland
ION Malta - Seeweb Thoughts on IPv6 Transition
ION Malta - Seeweb Thoughts on IPv6 Transition
ION Malta - Seeweb Why MANRS is good for you
ION Malta - Seeweb Why MANRS is good for you
ION Malta - Opening Slides
ION Malta - Opening Slides
ION Malta - Closing Slides
ION Malta - Closing Slides
ION Durban - How peering behaviour affects growth of the internet
ION Durban - How peering behaviour affects growth of the internet
ION Durban - Introduction to ISOC Gauteng Chapter
ION Durban - Introduction to ISOC Gauteng Chapter
ION Durban - What's Happening at the IETF?
ION Durban - What's Happening at the IETF?
ION Mumbai - Jitender Kumar: DNSSEC
1.
DNSSEC
Jitender Kumar jkumar@afilias.in ION Conference, Mumbai, October 2012
2.
Agenda
• About Afilias • DNSSEC • DNSSEC Signing • DNSSEC Validation • Afilias’s Role in DNSSEC Deployment ION Conference, Mumbai, October 2012 © Afilias Limited
3.
About Afilias
• Best known for domain name registry services • Supporting 21M names across 16 TLDs ICANN contracted gTLDs Country Code TLDs © Afilias Limited ION Conference, Mumbai, October 2012
4.
What is DNSSEC
? • A set of security extensions to the existing DNS protocol added by the Internet Engineering Task Force (IETF). • DNSSEC provides : – Authentication of the source of the information in a DNS response – Integrity of the information in a DNS response – Authenticated denial of existence • DNSSEC doesn’t provide : – Confidentiality, access control lists, or other means of differentiating between inquirers. – Protection against Denial of Service (DoS) attacks • Two principle deployment dimensions for us to consider – Signing; and – Validating ION Conference, Mumbai, October 2012 © Afilias Limited
5.
Signing
• Afilias has been signing TLDs since before the root zone was signed • We are responsible for the key material used for the signing process, including publication • .IN Registry has been one of the early adopter of DNSSEC, facilitated by Afilias as we are the registry services provider • NamesBeyond and Net4India, registrars who have deployed DNSSEC services ION Conference, Mumbai, October 2012 © Afilias Limited
6.
Validating
• Our DNS provides authoritative responses when queried about a zone that we manage • Afilias provides the DS record that enables validation of signed domains in TLDs we host • Registrars are responsible for ensuring the registry has the public key information it needs for the DS record ION Conference, Mumbai, October 2012 © Afilias Limited
7.
Gap In The
System • The public key information needed for the DS record is managed by the DNS hosting provider • Everything works great as long as the registrar is the DNS hosting provider • When a third party DNS hosting provider is used there needs to be an interaction between the registrar and that provider • This is currently a manual copy-and-paste ION Conference, Mumbai, October 2012 © Afilias Limited
8.
Reference
• http://www.internetsociety.org/what-we-do/ technology-matters/dnssec ION Conference, Mumbai, October 2012 © Afilias Limited
9.
THANK YOU
ION Conference, Mumbai, October 2012 © Afilias Limited
Download now