SlideShare a Scribd company logo

ION Mumbai - Jitender Kumar: DNSSEC

Deploy360 Programme (Internet Society)
Deploy360 Programme (Internet Society)

Jitender Kumar's presentation from ION Mumbai on 11 October 2012

1 of 9
Download to read offline
DNSSEC Jitender Kumar jkumar@afilias.in ION Conference, Mumbai, October 2012
Agenda •  About Afilias •  DNSSEC •  DNSSEC Signing •  DNSSEC Validation •  Afilias’s Role in DNSSEC Deployment ION Conference, Mumbai, October 2012 © Afilias Limited
About Afilias • Best known for domain name registry services • Supporting 21M names across 16 TLDs ICANN contracted gTLDs Country Code TLDs © Afilias Limited ION Conference, Mumbai, October 2012
What is DNSSEC ? •  A set of security extensions to the existing DNS protocol added by the Internet Engineering Task Force (IETF). •  DNSSEC provides : –  Authentication of the source of the information in a DNS response –  Integrity of the information in a DNS response –  Authenticated denial of existence •  DNSSEC doesn’t provide : –  Confidentiality, access control lists, or other means of differentiating between inquirers. –  Protection against Denial of Service (DoS) attacks •  Two principle deployment dimensions for us to consider –  Signing; and –  Validating ION Conference, Mumbai, October 2012 © Afilias Limited
Signing •  Afilias has been signing TLDs since before the root zone was signed •  We are responsible for the key material used for the signing process, including publication •  .IN Registry has been one of the early adopter of DNSSEC, facilitated by Afilias as we are the registry services provider •  NamesBeyond and Net4India, registrars who have deployed DNSSEC services ION Conference, Mumbai, October 2012 © Afilias Limited
Validating •  Our DNS provides authoritative responses when queried about a zone that we manage •  Afilias provides the DS record that enables validation of signed domains in TLDs we host •  Registrars are responsible for ensuring the registry has the public key information it needs for the DS record ION Conference, Mumbai, October 2012 © Afilias Limited
Gap In The System •  The public key information needed for the DS record is managed by the DNS hosting provider •  Everything works great as long as the registrar is the DNS hosting provider •  When a third party DNS hosting provider is used there needs to be an interaction between the registrar and that provider •  This is currently a manual copy-and-paste ION Conference, Mumbai, October 2012 © Afilias Limited
Reference •  http://www.internetsociety.org/what-we-do/ technology-matters/dnssec ION Conference, Mumbai, October 2012 © Afilias Limited
THANK YOU ION Conference, Mumbai, October 2012 © Afilias Limited

Recommended

ION Belfast - Why Implement DNSSEC? - Jim Galvin
ION Belfast - Why Implement DNSSEC? - Jim GalvinION Belfast - Why Implement DNSSEC? - Jim Galvin
ION Belfast - Why Implement DNSSEC? - Jim GalvinDeploy360 Programme (Internet Society)
 
Benefits of using foss
Benefits of using fossBenefits of using foss
Benefits of using fossRuwan Ranganath
 
Gaurav - VoIP - ClubHack2007
Gaurav - VoIP - ClubHack2007Gaurav - VoIP - ClubHack2007
Gaurav - VoIP - ClubHack2007ClubHack
 
ION Sao Paulo - Jiri Prusa: Policies and IPv6
ION Sao Paulo - Jiri Prusa: Policies and IPv6ION Sao Paulo - Jiri Prusa: Policies and IPv6
ION Sao Paulo - Jiri Prusa: Policies and IPv6Deploy360 Programme (Internet Society)
 
Challenges and Opportunities in Deploying IPv6, DNSSEC, and Other Key Technol...
Challenges and Opportunities in Deploying IPv6, DNSSEC, and Other Key Technol...Challenges and Opportunities in Deploying IPv6, DNSSEC, and Other Key Technol...
Challenges and Opportunities in Deploying IPv6, DNSSEC, and Other Key Technol...Deploy360 Programme (Internet Society)
 
ION Mumbai - Shailesh Gupta: Business Case for IPv6 and DNSSEC
ION Mumbai - Shailesh Gupta: Business Case for IPv6 and DNSSECION Mumbai - Shailesh Gupta: Business Case for IPv6 and DNSSEC
ION Mumbai - Shailesh Gupta: Business Case for IPv6 and DNSSECDeploy360 Programme (Internet Society)
 
DNSSEC: How to deploy it, and why you should bother (ION Toronto 2011)
DNSSEC: How to deploy it, and why you should bother (ION Toronto 2011)DNSSEC: How to deploy it, and why you should bother (ION Toronto 2011)
DNSSEC: How to deploy it, and why you should bother (ION Toronto 2011)Deploy360 Programme (Internet Society)
 
ION Ljubljana - Benjamin Zwittnig: DNSSEC in .SI
ION Ljubljana - Benjamin Zwittnig: DNSSEC in .SIION Ljubljana - Benjamin Zwittnig: DNSSEC in .SI
ION Ljubljana - Benjamin Zwittnig: DNSSEC in .SIDeploy360 Programme (Internet Society)
 

Recommended

ION Belfast - Why Implement DNSSEC? - Jim Galvin
ION Belfast - Why Implement DNSSEC? - Jim GalvinION Belfast - Why Implement DNSSEC? - Jim Galvin
ION Belfast - Why Implement DNSSEC? - Jim GalvinDeploy360 Programme (Internet Society)
 
Benefits of using foss
Benefits of using fossBenefits of using foss
Benefits of using fossRuwan Ranganath
 
Gaurav - VoIP - ClubHack2007
Gaurav - VoIP - ClubHack2007Gaurav - VoIP - ClubHack2007
Gaurav - VoIP - ClubHack2007ClubHack
 
ION Sao Paulo - Jiri Prusa: Policies and IPv6
ION Sao Paulo - Jiri Prusa: Policies and IPv6ION Sao Paulo - Jiri Prusa: Policies and IPv6
ION Sao Paulo - Jiri Prusa: Policies and IPv6Deploy360 Programme (Internet Society)
 
Challenges and Opportunities in Deploying IPv6, DNSSEC, and Other Key Technol...
Challenges and Opportunities in Deploying IPv6, DNSSEC, and Other Key Technol...Challenges and Opportunities in Deploying IPv6, DNSSEC, and Other Key Technol...
Challenges and Opportunities in Deploying IPv6, DNSSEC, and Other Key Technol...Deploy360 Programme (Internet Society)
 
ION Mumbai - Shailesh Gupta: Business Case for IPv6 and DNSSEC
ION Mumbai - Shailesh Gupta: Business Case for IPv6 and DNSSECION Mumbai - Shailesh Gupta: Business Case for IPv6 and DNSSEC
ION Mumbai - Shailesh Gupta: Business Case for IPv6 and DNSSECDeploy360 Programme (Internet Society)
 
DNSSEC: How to deploy it, and why you should bother (ION Toronto 2011)
DNSSEC: How to deploy it, and why you should bother (ION Toronto 2011)DNSSEC: How to deploy it, and why you should bother (ION Toronto 2011)
DNSSEC: How to deploy it, and why you should bother (ION Toronto 2011)Deploy360 Programme (Internet Society)
 
ION Ljubljana - Benjamin Zwittnig: DNSSEC in .SI
ION Ljubljana - Benjamin Zwittnig: DNSSEC in .SIION Ljubljana - Benjamin Zwittnig: DNSSEC in .SI
ION Ljubljana - Benjamin Zwittnig: DNSSEC in .SIDeploy360 Programme (Internet Society)
 
World IPv6 Day Recap (ION Toronto 2011)
World IPv6 Day Recap (ION Toronto 2011) World IPv6 Day Recap (ION Toronto 2011)
World IPv6 Day Recap (ION Toronto 2011) Deploy360 Programme (Internet Society)
 
ION Belfast - Opening Slides - Chris Grundemann
ION Belfast - Opening Slides - Chris GrundemannION Belfast - Opening Slides - Chris Grundemann
ION Belfast - Opening Slides - Chris GrundemannDeploy360 Programme (Internet Society)
 
ION Ljubljana - Aaron Hughes: Best Current Operational Practices
ION Ljubljana - Aaron Hughes: Best Current Operational PracticesION Ljubljana - Aaron Hughes: Best Current Operational Practices
ION Ljubljana - Aaron Hughes: Best Current Operational PracticesDeploy360 Programme (Internet Society)
 
ION Tokyo Panel - IPv6 in Asia Pacific: Untangling the Web, Kaname Nishikuza
ION Tokyo Panel - IPv6 in Asia Pacific: Untangling the Web, Kaname NishikuzaION Tokyo Panel - IPv6 in Asia Pacific: Untangling the Web, Kaname Nishikuza
ION Tokyo Panel - IPv6 in Asia Pacific: Untangling the Web, Kaname NishikuzaDeploy360 Programme (Internet Society)
 
IPv6 and Telecom: IPv4 Is FInally Running Out. Now What?
IPv6 and Telecom: IPv4 Is FInally Running Out. Now What?IPv6 and Telecom: IPv4 Is FInally Running Out. Now What?
IPv6 and Telecom: IPv4 Is FInally Running Out. Now What?Deploy360 Programme (Internet Society)
 
Good Men Rising: IPv6 & DNSSEC
Good Men Rising: IPv6 & DNSSECGood Men Rising: IPv6 & DNSSEC
Good Men Rising: IPv6 & DNSSECDeploy360 Programme (Internet Society)
 
ION Belfast - IETF Update - Chris Grundemann
ION Belfast - IETF Update - Chris GrundemannION Belfast - IETF Update - Chris Grundemann
ION Belfast - IETF Update - Chris GrundemannDeploy360 Programme (Internet Society)
 
IPv6 Address Planning
IPv6 Address PlanningIPv6 Address Planning
IPv6 Address PlanningDeploy360 Programme (Internet Society)
 
ION Djibouti: KENIC DNSSEC Case Study
ION Djibouti: KENIC DNSSEC Case StudyION Djibouti: KENIC DNSSEC Case Study
ION Djibouti: KENIC DNSSEC Case StudyDeploy360 Programme (Internet Society)
 
ION San Diego - US Federal IPv6 Deployments
ION San Diego - US Federal IPv6 DeploymentsION San Diego - US Federal IPv6 Deployments
ION San Diego - US Federal IPv6 DeploymentsDeploy360 Programme (Internet Society)
 
ION Krakow - DNSSEC Panel Introduction
ION Krakow - DNSSEC Panel IntroductionION Krakow - DNSSEC Panel Introduction
ION Krakow - DNSSEC Panel IntroductionDeploy360 Programme (Internet Society)
 
ION Sri Lanka - Why Implement DNSSEC?
ION Sri Lanka - Why Implement DNSSEC?ION Sri Lanka - Why Implement DNSSEC?
ION Sri Lanka - Why Implement DNSSEC?Deploy360 Programme (Internet Society)
 
ION Toronto - Why Implement DNSSEC?
ION Toronto - Why Implement DNSSEC? ION Toronto - Why Implement DNSSEC?
ION Toronto - Why Implement DNSSEC? Deploy360 Programme (Internet Society)
 
History of DNSSEC from .ASIA signing event
History of DNSSEC from .ASIA signing eventHistory of DNSSEC from .ASIA signing event
History of DNSSEC from .ASIA signing eventhread
 
DNSSEC: What a Registrar Needs to Know
DNSSEC: What a Registrar Needs to KnowDNSSEC: What a Registrar Needs to Know
DNSSEC: What a Registrar Needs to Knowlaurenrprice
 
Best DNS Servers To Use Buy Server Memory Clearance.pptx
Best DNS Servers To Use Buy Server Memory Clearance.pptxBest DNS Servers To Use Buy Server Memory Clearance.pptx
Best DNS Servers To Use Buy Server Memory Clearance.pptxMemory Clearance
 
FOSE 2011: DNSSEC and the Government, Lessons Learned
FOSE 2011: DNSSEC and the Government, Lessons LearnedFOSE 2011: DNSSEC and the Government, Lessons Learned
FOSE 2011: DNSSEC and the Government, Lessons LearnedNeustar, Inc.
 
DNSSEC for Registrars by .ORG & Afilias
DNSSEC for Registrars by .ORG & AfiliasDNSSEC for Registrars by .ORG & Afilias
DNSSEC for Registrars by .ORG & AfiliasORG, The Public Interest Registry
 
F5's Dynamic DNS Services
F5's Dynamic DNS ServicesF5's Dynamic DNS Services
F5's Dynamic DNS ServicesF5 Networks
 
Lecture 11 active directory
Lecture 11 active directoryLecture 11 active directory
Lecture 11 active directoryTanveer Malik
 
DNSSEC: How to deploy it, and why you should bother (ION Toronto 2011)
DNSSEC: How to deploy it, and why you should bother (ION Toronto 2011)DNSSEC: How to deploy it, and why you should bother (ION Toronto 2011)
DNSSEC: How to deploy it, and why you should bother (ION Toronto 2011)Internet Society
 
DNS Security
DNS SecurityDNS Security
DNS Securityjohnmcclure00
 

More Related Content

Viewers also liked

ION Tokyo Panel - IPv6 in Asia Pacific: Untangling the Web, Kaname Nishikuza
ION Tokyo Panel - IPv6 in Asia Pacific: Untangling the Web, Kaname NishikuzaION Tokyo Panel - IPv6 in Asia Pacific: Untangling the Web, Kaname Nishikuza
ION Tokyo Panel - IPv6 in Asia Pacific: Untangling the Web, Kaname NishikuzaDeploy360 Programme (Internet Society)
 

Viewers also liked (11)

World IPv6 Day Recap (ION Toronto 2011)
World IPv6 Day Recap (ION Toronto 2011) World IPv6 Day Recap (ION Toronto 2011)
World IPv6 Day Recap (ION Toronto 2011)
 
ION Belfast - Opening Slides - Chris Grundemann
ION Belfast - Opening Slides - Chris GrundemannION Belfast - Opening Slides - Chris Grundemann
ION Belfast - Opening Slides - Chris Grundemann
 
ION Ljubljana - Aaron Hughes: Best Current Operational Practices
ION Ljubljana - Aaron Hughes: Best Current Operational PracticesION Ljubljana - Aaron Hughes: Best Current Operational Practices
ION Ljubljana - Aaron Hughes: Best Current Operational Practices
 
ION Tokyo Panel - IPv6 in Asia Pacific: Untangling the Web, Kaname Nishikuza
ION Tokyo Panel - IPv6 in Asia Pacific: Untangling the Web, Kaname NishikuzaION Tokyo Panel - IPv6 in Asia Pacific: Untangling the Web, Kaname Nishikuza
ION Tokyo Panel - IPv6 in Asia Pacific: Untangling the Web, Kaname Nishikuza
 
IPv6 and Telecom: IPv4 Is FInally Running Out. Now What?
IPv6 and Telecom: IPv4 Is FInally Running Out. Now What?IPv6 and Telecom: IPv4 Is FInally Running Out. Now What?
IPv6 and Telecom: IPv4 Is FInally Running Out. Now What?
 
Good Men Rising: IPv6 & DNSSEC
Good Men Rising: IPv6 & DNSSECGood Men Rising: IPv6 & DNSSEC
Good Men Rising: IPv6 & DNSSEC
 
ION Belfast - IETF Update - Chris Grundemann
ION Belfast - IETF Update - Chris GrundemannION Belfast - IETF Update - Chris Grundemann
ION Belfast - IETF Update - Chris Grundemann
 
IPv6 Address Planning
IPv6 Address PlanningIPv6 Address Planning
IPv6 Address Planning
 
ION Djibouti: KENIC DNSSEC Case Study
ION Djibouti: KENIC DNSSEC Case StudyION Djibouti: KENIC DNSSEC Case Study
ION Djibouti: KENIC DNSSEC Case Study
 
ION San Diego - US Federal IPv6 Deployments
ION San Diego - US Federal IPv6 DeploymentsION San Diego - US Federal IPv6 Deployments
ION San Diego - US Federal IPv6 Deployments
 
ION Krakow - DNSSEC Panel Introduction
ION Krakow - DNSSEC Panel IntroductionION Krakow - DNSSEC Panel Introduction
ION Krakow - DNSSEC Panel Introduction
 

Similar to ION Mumbai - Jitender Kumar: DNSSEC

History of DNSSEC from .ASIA signing event
History of DNSSEC from .ASIA signing eventHistory of DNSSEC from .ASIA signing event
History of DNSSEC from .ASIA signing eventhread
 
DNSSEC: What a Registrar Needs to Know
DNSSEC: What a Registrar Needs to KnowDNSSEC: What a Registrar Needs to Know
DNSSEC: What a Registrar Needs to Knowlaurenrprice
 
Best DNS Servers To Use Buy Server Memory Clearance.pptx
Best DNS Servers To Use Buy Server Memory Clearance.pptxBest DNS Servers To Use Buy Server Memory Clearance.pptx
Best DNS Servers To Use Buy Server Memory Clearance.pptxMemory Clearance
 
FOSE 2011: DNSSEC and the Government, Lessons Learned
FOSE 2011: DNSSEC and the Government, Lessons LearnedFOSE 2011: DNSSEC and the Government, Lessons Learned
FOSE 2011: DNSSEC and the Government, Lessons LearnedNeustar, Inc.
 
F5's Dynamic DNS Services
F5's Dynamic DNS ServicesF5's Dynamic DNS Services
F5's Dynamic DNS ServicesF5 Networks
 
Lecture 11 active directory
Lecture 11 active directoryLecture 11 active directory
Lecture 11 active directoryTanveer Malik
 
DNSSEC: How to deploy it, and why you should bother (ION Toronto 2011)
DNSSEC: How to deploy it, and why you should bother (ION Toronto 2011)DNSSEC: How to deploy it, and why you should bother (ION Toronto 2011)
DNSSEC: How to deploy it, and why you should bother (ION Toronto 2011)Internet Society
 
Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...
Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...
Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...Real-Time Innovations (RTI)
 
Oracle Open World 2017 Delphix and DBVisit
Oracle Open World 2017 Delphix and DBVisitOracle Open World 2017 Delphix and DBVisit
Oracle Open World 2017 Delphix and DBVisitKellyn Pot'Vin-Gorman
 
DNS Made Easy Sales Brochure
DNS Made Easy Sales BrochureDNS Made Easy Sales Brochure
DNS Made Easy Sales BrochureDNS Made Easy
 
Intelligent DNS Scale
Intelligent DNS ScaleIntelligent DNS Scale
Intelligent DNS ScalePeter Silva
 
ICANN Draft Strategic Plan 2010-2013
ICANN Draft Strategic Plan 2010-2013ICANN Draft Strategic Plan 2010-2013
ICANN Draft Strategic Plan 2010-2013OneWebDay, Inc.
 
Leveraging the JSON API as a Self-Service Tool
Leveraging the JSON API as a Self-Service ToolLeveraging the JSON API as a Self-Service Tool
Leveraging the JSON API as a Self-Service ToolZenoss
 
ICANN Update
ICANN UpdateICANN Update
ICANN UpdateAPNIC
 
Domain Name System (DNS) - Domain Registration and Website Hosting Basics
Domain Name System (DNS) - Domain Registration and Website Hosting BasicsDomain Name System (DNS) - Domain Registration and Website Hosting Basics
Domain Name System (DNS) - Domain Registration and Website Hosting BasicsAsif Shahzad
 
Active Directory Domain Services.pptx
Active Directory Domain Services.pptxActive Directory Domain Services.pptx
Active Directory Domain Services.pptxsyedasadraza13
 

Similar to ION Mumbai - Jitender Kumar: DNSSEC (20)

ION Sri Lanka - Why Implement DNSSEC?
ION Sri Lanka - Why Implement DNSSEC?ION Sri Lanka - Why Implement DNSSEC?
ION Sri Lanka - Why Implement DNSSEC?
 
ION Toronto - Why Implement DNSSEC?
ION Toronto - Why Implement DNSSEC? ION Toronto - Why Implement DNSSEC?
ION Toronto - Why Implement DNSSEC?
 
History of DNSSEC from .ASIA signing event
History of DNSSEC from .ASIA signing eventHistory of DNSSEC from .ASIA signing event
History of DNSSEC from .ASIA signing event
 
DNSSEC: What a Registrar Needs to Know
DNSSEC: What a Registrar Needs to KnowDNSSEC: What a Registrar Needs to Know
DNSSEC: What a Registrar Needs to Know
 
Best DNS Servers To Use Buy Server Memory Clearance.pptx
Best DNS Servers To Use Buy Server Memory Clearance.pptxBest DNS Servers To Use Buy Server Memory Clearance.pptx
Best DNS Servers To Use Buy Server Memory Clearance.pptx
 
FOSE 2011: DNSSEC and the Government, Lessons Learned
FOSE 2011: DNSSEC and the Government, Lessons LearnedFOSE 2011: DNSSEC and the Government, Lessons Learned
FOSE 2011: DNSSEC and the Government, Lessons Learned
 
DNSSEC for Registrars by .ORG & Afilias
DNSSEC for Registrars by .ORG & AfiliasDNSSEC for Registrars by .ORG & Afilias
DNSSEC for Registrars by .ORG & Afilias
 
F5's Dynamic DNS Services
F5's Dynamic DNS ServicesF5's Dynamic DNS Services
F5's Dynamic DNS Services
 
Lecture 11 active directory
Lecture 11 active directoryLecture 11 active directory
Lecture 11 active directory
 
DNSSEC: How to deploy it, and why you should bother (ION Toronto 2011)
DNSSEC: How to deploy it, and why you should bother (ION Toronto 2011)DNSSEC: How to deploy it, and why you should bother (ION Toronto 2011)
DNSSEC: How to deploy it, and why you should bother (ION Toronto 2011)
 
DNS Security
DNS SecurityDNS Security
DNS Security
 
Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...
Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...
Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...
 
Oracle Open World 2017 Delphix and DBVisit
Oracle Open World 2017 Delphix and DBVisitOracle Open World 2017 Delphix and DBVisit
Oracle Open World 2017 Delphix and DBVisit
 
DNS Made Easy Sales Brochure
DNS Made Easy Sales BrochureDNS Made Easy Sales Brochure
DNS Made Easy Sales Brochure
 
Intelligent DNS Scale
Intelligent DNS ScaleIntelligent DNS Scale
Intelligent DNS Scale
 
ICANN Draft Strategic Plan 2010-2013
ICANN Draft Strategic Plan 2010-2013ICANN Draft Strategic Plan 2010-2013
ICANN Draft Strategic Plan 2010-2013
 
Leveraging the JSON API as a Self-Service Tool
Leveraging the JSON API as a Self-Service ToolLeveraging the JSON API as a Self-Service Tool
Leveraging the JSON API as a Self-Service Tool
 
ICANN Update
ICANN UpdateICANN Update
ICANN Update
 
Domain Name System (DNS) - Domain Registration and Website Hosting Basics
Domain Name System (DNS) - Domain Registration and Website Hosting BasicsDomain Name System (DNS) - Domain Registration and Website Hosting Basics
Domain Name System (DNS) - Domain Registration and Website Hosting Basics
 
Active Directory Domain Services.pptx
Active Directory Domain Services.pptxActive Directory Domain Services.pptx
Active Directory Domain Services.pptx
 

More from Deploy360 Programme (Internet Society)

More from Deploy360 Programme (Internet Society) (20)

ION Belgrade - Jordi Palet Martinez IPv6 Success Stories
ION Belgrade - Jordi Palet Martinez IPv6 Success StoriesION Belgrade - Jordi Palet Martinez IPv6 Success Stories
ION Belgrade - Jordi Palet Martinez IPv6 Success Stories
 
ION Belgrade - ISOC Serbia Belgrade Chapter Presentation
ION Belgrade - ISOC Serbia Belgrade Chapter PresentationION Belgrade - ISOC Serbia Belgrade Chapter Presentation
ION Belgrade - ISOC Serbia Belgrade Chapter Presentation
 
ION Belgrade - IETF Update
ION Belgrade - IETF UpdateION Belgrade - IETF Update
ION Belgrade - IETF Update
 
ION Belgrade - Opening Slides
ION Belgrade - Opening SlidesION Belgrade - Opening Slides
ION Belgrade - Opening Slides
 
ION Belgrade - MANRS by Serbian Open eXchange (SOX)
ION Belgrade - MANRS by Serbian Open eXchange (SOX)ION Belgrade - MANRS by Serbian Open eXchange (SOX)
ION Belgrade - MANRS by Serbian Open eXchange (SOX)
 
ION Belgrade - Closing Slides
ION Belgrade - Closing SlidesION Belgrade - Closing Slides
ION Belgrade - Closing Slides
 
AusNOG - Two Years of Good MANRS
AusNOG - Two Years of Good MANRSAusNOG - Two Years of Good MANRS
AusNOG - Two Years of Good MANRS
 
ION Malta - IETF Update
ION Malta - IETF UpdateION Malta - IETF Update
ION Malta - IETF Update
 
ION Malta - MANRS Introduction
ION Malta - MANRS IntroductionION Malta - MANRS Introduction
ION Malta - MANRS Introduction
 
ION Malta - Introduction to DNSSEC
ION Malta - Introduction to DNSSECION Malta - Introduction to DNSSEC
ION Malta - Introduction to DNSSEC
 
ION Malta - DANE: The Future of TLS
ION Malta - DANE: The Future of TLSION Malta - DANE: The Future of TLS
ION Malta - DANE: The Future of TLS
 
ION Malta - IANA Transition Roles & Accountability
ION Malta - IANA Transition Roles & AccountabilityION Malta - IANA Transition Roles & Accountability
ION Malta - IANA Transition Roles & Accountability
 
ION Malta - IPv6 Case Study: Finland
ION Malta - IPv6 Case Study: FinlandION Malta - IPv6 Case Study: Finland
ION Malta - IPv6 Case Study: Finland
 
ION Malta - Seeweb Thoughts on IPv6 Transition
ION Malta - Seeweb Thoughts on IPv6 TransitionION Malta - Seeweb Thoughts on IPv6 Transition
ION Malta - Seeweb Thoughts on IPv6 Transition
 
ION Malta - Seeweb Why MANRS is good for you
ION Malta - Seeweb Why MANRS is good for youION Malta - Seeweb Why MANRS is good for you
ION Malta - Seeweb Why MANRS is good for you
 
ION Malta - Opening Slides
ION Malta - Opening SlidesION Malta - Opening Slides
ION Malta - Opening Slides
 
ION Malta - Closing Slides
ION Malta - Closing SlidesION Malta - Closing Slides
ION Malta - Closing Slides
 
ION Durban - How peering behaviour affects growth of the internet
ION Durban - How peering behaviour affects growth of the internetION Durban - How peering behaviour affects growth of the internet
ION Durban - How peering behaviour affects growth of the internet
 
ION Durban - Introduction to ISOC Gauteng Chapter
ION Durban - Introduction to ISOC Gauteng ChapterION Durban - Introduction to ISOC Gauteng Chapter
ION Durban - Introduction to ISOC Gauteng Chapter
 
ION Durban - What's Happening at the IETF?
ION Durban - What's Happening at the IETF?ION Durban - What's Happening at the IETF?
ION Durban - What's Happening at the IETF?
 

ION Mumbai - Jitender Kumar: DNSSEC

  • 1. DNSSEC Jitender Kumar jkumar@afilias.in ION Conference, Mumbai, October 2012
  • 2. Agenda •  About Afilias •  DNSSEC •  DNSSEC Signing •  DNSSEC Validation •  Afilias’s Role in DNSSEC Deployment ION Conference, Mumbai, October 2012 © Afilias Limited
  • 3. About Afilias • Best known for domain name registry services • Supporting 21M names across 16 TLDs ICANN contracted gTLDs Country Code TLDs © Afilias Limited ION Conference, Mumbai, October 2012
  • 4. What is DNSSEC ? •  A set of security extensions to the existing DNS protocol added by the Internet Engineering Task Force (IETF). •  DNSSEC provides : –  Authentication of the source of the information in a DNS response –  Integrity of the information in a DNS response –  Authenticated denial of existence •  DNSSEC doesn’t provide : –  Confidentiality, access control lists, or other means of differentiating between inquirers. –  Protection against Denial of Service (DoS) attacks •  Two principle deployment dimensions for us to consider –  Signing; and –  Validating ION Conference, Mumbai, October 2012 © Afilias Limited
  • 5. Signing •  Afilias has been signing TLDs since before the root zone was signed •  We are responsible for the key material used for the signing process, including publication •  .IN Registry has been one of the early adopter of DNSSEC, facilitated by Afilias as we are the registry services provider •  NamesBeyond and Net4India, registrars who have deployed DNSSEC services ION Conference, Mumbai, October 2012 © Afilias Limited
  • 6. Validating •  Our DNS provides authoritative responses when queried about a zone that we manage •  Afilias provides the DS record that enables validation of signed domains in TLDs we host •  Registrars are responsible for ensuring the registry has the public key information it needs for the DS record ION Conference, Mumbai, October 2012 © Afilias Limited
  • 7. Gap In The System •  The public key information needed for the DS record is managed by the DNS hosting provider •  Everything works great as long as the registrar is the DNS hosting provider •  When a third party DNS hosting provider is used there needs to be an interaction between the registrar and that provider •  This is currently a manual copy-and-paste ION Conference, Mumbai, October 2012 © Afilias Limited
  • 8. Reference •  http://www.internetsociety.org/what-we-do/ technology-matters/dnssec ION Conference, Mumbai, October 2012 © Afilias Limited
  • 9. THANK YOU ION Conference, Mumbai, October 2012 © Afilias Limited