SlideShare ist ein Scribd-Unternehmen logo

UA DNSSEC Status Update: ENOG3

Dmitry Kohmanyuk
Dmitry Kohmanyuk
1 von 9
Downloaden Sie, um offline zu lesen
DNSSEC in UA - Status Update Dmitry Kohmanyuk May 22, 2012 1
Test zone UA.UA • November 8th, 2011 • Zone UA.UA signed, keys in DLV (dlv.isc.org) • UA has DS record for ua.ua • Test web site (can use Firefox plugin to verify) 2
Zone UA Key Generation Ceremony • December 2nd, 2011 • Key parameters: RSASHA512 (algorithm 10) KSK bits: 2048 ZSK bits: 1024 3
DNSSEC Testbed Environment Test signing environment: – BIND 9.8 – some shell and Make magic – FreeBSD with jails – rsync 4
Public server with cloned UA (signed with test key) • Anycast server: ho1.ua.ua 195.47.253.17 2001:67c:258::17 • Test trust anchor: ua. IN DS 29019 10 2 68B5F97978F45398C9C0382161701EA3AB4A882011DCAA4F51888 00D D58FE2AD • This is not a production zone, use as your own risk (but all NS records are the same) 5
Public resolver - enabled DNSSEC validation • Announced February 7th 2012 at Fifth IPv6 Workshop in Kiev • Code name “Lighthouse” – lh.cctld.ua 194.44.71.71 2001:7f8:55:7::71 • Uses test authoritative server 6
Live Deployment Schedule • KSK in UA - Mach 27th 2012 • DS in DLV - March 28th 2012 • DS in Root Zone - April 13th 2012 • DS delegations in UA -- 6 total: – ua.ua netassist.ua rovno.ua nic.ua; chernovtsy.ua cv.ua (added May21) 7
DNSSEC traffic, ho1.ns.ua anycast 8
Questions? www.hostmaster.ua/dnssec info@hostmaster.ua 9

Empfohlen

DNSSEC in UA: Zero to Live in Six Months
DNSSEC in UA: Zero to Live in Six MonthsDNSSEC in UA: Zero to Live in Six Months
DNSSEC in UA: Zero to Live in Six MonthsDmitry Kohmanyuk
 
[2015-11월 정기 세미나]K8s on openstack
[2015-11월 정기 세미나]K8s on openstack[2015-11월 정기 세미나]K8s on openstack
[2015-11월 정기 세미나]K8s on openstackOpenStack Korea Community
 
OVN - Basics and deep dive
OVN - Basics and deep diveOVN - Basics and deep dive
OVN - Basics and deep diveTrinath Somanchi
 
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...LinuxCon ContainerCon CloudOpen China
 
Your House is My House: Use of Offensive Enclaves In Adversarial Operations
Your House is My House: Use of Offensive Enclaves In Adversarial OperationsYour House is My House: Use of Offensive Enclaves In Adversarial Operations
Your House is My House: Use of Offensive Enclaves In Adversarial OperationsDimitry Snezhkov
 
Cac linux clusterintro
Cac linux clusterintroCac linux clusterintro
Cac linux clusterintroadolgert
 
Getting started with open stack
Getting started with open stackGetting started with open stack
Getting started with open stackDan Radez
 
Red Hat Forum Tokyo - OpenStack Architecture
Red Hat Forum Tokyo - OpenStack ArchitectureRed Hat Forum Tokyo - OpenStack Architecture
Red Hat Forum Tokyo - OpenStack ArchitectureDan Radez
 

Empfohlen

DNSSEC in UA: Zero to Live in Six Months
DNSSEC in UA: Zero to Live in Six MonthsDNSSEC in UA: Zero to Live in Six Months
DNSSEC in UA: Zero to Live in Six MonthsDmitry Kohmanyuk
 
[2015-11월 정기 세미나]K8s on openstack
[2015-11월 정기 세미나]K8s on openstack[2015-11월 정기 세미나]K8s on openstack
[2015-11월 정기 세미나]K8s on openstackOpenStack Korea Community
 
OVN - Basics and deep dive
OVN - Basics and deep diveOVN - Basics and deep dive
OVN - Basics and deep diveTrinath Somanchi
 
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...LinuxCon ContainerCon CloudOpen China
 
Your House is My House: Use of Offensive Enclaves In Adversarial Operations
Your House is My House: Use of Offensive Enclaves In Adversarial OperationsYour House is My House: Use of Offensive Enclaves In Adversarial Operations
Your House is My House: Use of Offensive Enclaves In Adversarial OperationsDimitry Snezhkov
 
Cac linux clusterintro
Cac linux clusterintroCac linux clusterintro
Cac linux clusterintroadolgert
 
Getting started with open stack
Getting started with open stackGetting started with open stack
Getting started with open stackDan Radez
 
Red Hat Forum Tokyo - OpenStack Architecture
Red Hat Forum Tokyo - OpenStack ArchitectureRed Hat Forum Tokyo - OpenStack Architecture
Red Hat Forum Tokyo - OpenStack ArchitectureDan Radez
 
Configuring Syslog by Octavio
Configuring Syslog by OctavioConfiguring Syslog by Octavio
Configuring Syslog by OctavioRowell Dionicio
 
CoreOS introduction - Johann Romefort
CoreOS introduction - Johann RomefortCoreOS introduction - Johann Romefort
CoreOS introduction - Johann RomefortStylight
 
Docker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know nowDocker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know nowPLUMgrid
 
How to master OpenStack in 2 hours
How to master OpenStack in 2 hoursHow to master OpenStack in 2 hours
How to master OpenStack in 2 hoursOpenCity Community
 
CoreOS intro
CoreOS introCoreOS intro
CoreOS introTimo Derstappen
 
OpenStack : DevStack installation using VirtualBox & Ubnutu (Juno with Neutron)
OpenStack : DevStack installation using VirtualBox & Ubnutu (Juno with Neutron)OpenStack : DevStack installation using VirtualBox & Ubnutu (Juno with Neutron)
OpenStack : DevStack installation using VirtualBox & Ubnutu (Juno with Neutron)Ian Choi
 
Swift Install Workshop - OpenStack Conference Spring 2012
Swift Install Workshop - OpenStack Conference Spring 2012Swift Install Workshop - OpenStack Conference Spring 2012
Swift Install Workshop - OpenStack Conference Spring 2012Joe Arnold
 
Solidity intro
Solidity introSolidity intro
Solidity introAngello Pozo
 
Syslog Centralization Logging with Windows ~ A techXpress Guide
Syslog Centralization Logging with Windows ~ A techXpress GuideSyslog Centralization Logging with Windows ~ A techXpress Guide
Syslog Centralization Logging with Windows ~ A techXpress GuideAbhishek Kumar
 
Integrating Linux Systems with Active Directory Using Open Source Tools
Integrating Linux Systems with Active Directory Using Open Source ToolsIntegrating Linux Systems with Active Directory Using Open Source Tools
Integrating Linux Systems with Active Directory Using Open Source ToolsAll Things Open
 
Docker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on LinuxDocker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on LinuxMichael Boelen
 
Load Balancing Apps in Docker Swarm with NGINX
Load Balancing Apps in Docker Swarm with NGINXLoad Balancing Apps in Docker Swarm with NGINX
Load Balancing Apps in Docker Swarm with NGINXNGINX, Inc.
 
Introduction to Docker & CoreOS - Symfony User Group Cologne
Introduction to Docker & CoreOS - Symfony User Group CologneIntroduction to Docker & CoreOS - Symfony User Group Cologne
Introduction to Docker & CoreOS - Symfony User Group CologneD
 
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...BlueHat Security Conference
 
Openstack Trunk Port
Openstack Trunk PortOpenstack Trunk Port
Openstack Trunk Portbenceromsics
 
Octo talk : docker multi-host networking
Octo talk : docker multi-host networking Octo talk : docker multi-host networking
Octo talk : docker multi-host networking Hervé Leclerc
 
DockerCon EU 2015: Docker Networking Deep Dive
DockerCon EU 2015: Docker Networking Deep DiveDockerCon EU 2015: Docker Networking Deep Dive
DockerCon EU 2015: Docker Networking Deep DiveDocker, Inc.
 
Weave Networking on Docker
Weave Networking on DockerWeave Networking on Docker
Weave Networking on DockerStylight
 
OpenStack networking-sfc flow 분석
OpenStack networking-sfc flow 분석OpenStack networking-sfc flow 분석
OpenStack networking-sfc flow 분석Yongyoon Shin
 
From zero to Docker
From zero to DockerFrom zero to Docker
From zero to DockerGiovanni Toraldo
 
DNSSEC in UA Domain (ENOG2)
DNSSEC in UA Domain (ENOG2)DNSSEC in UA Domain (ENOG2)
DNSSEC in UA Domain (ENOG2)Dmitry Kohmanyuk
 
tow nodes Oracle 12c RAC on virtualbox
tow nodes Oracle 12c RAC on virtualboxtow nodes Oracle 12c RAC on virtualbox
tow nodes Oracle 12c RAC on virtualboxjustinit
 

Weitere ähnliche Inhalte

Was ist angesagt?

Configuring Syslog by Octavio
Configuring Syslog by OctavioConfiguring Syslog by Octavio
Configuring Syslog by OctavioRowell Dionicio
 
CoreOS introduction - Johann Romefort
CoreOS introduction - Johann RomefortCoreOS introduction - Johann Romefort
CoreOS introduction - Johann RomefortStylight
 
Docker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know nowDocker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know nowPLUMgrid
 
How to master OpenStack in 2 hours
How to master OpenStack in 2 hoursHow to master OpenStack in 2 hours
How to master OpenStack in 2 hoursOpenCity Community
 
OpenStack : DevStack installation using VirtualBox & Ubnutu (Juno with Neutron)
OpenStack : DevStack installation using VirtualBox & Ubnutu (Juno with Neutron)OpenStack : DevStack installation using VirtualBox & Ubnutu (Juno with Neutron)
OpenStack : DevStack installation using VirtualBox & Ubnutu (Juno with Neutron)Ian Choi
 
Swift Install Workshop - OpenStack Conference Spring 2012
Swift Install Workshop - OpenStack Conference Spring 2012Swift Install Workshop - OpenStack Conference Spring 2012
Swift Install Workshop - OpenStack Conference Spring 2012Joe Arnold
 
Syslog Centralization Logging with Windows ~ A techXpress Guide
Syslog Centralization Logging with Windows ~ A techXpress GuideSyslog Centralization Logging with Windows ~ A techXpress Guide
Syslog Centralization Logging with Windows ~ A techXpress GuideAbhishek Kumar
 
Integrating Linux Systems with Active Directory Using Open Source Tools
Integrating Linux Systems with Active Directory Using Open Source ToolsIntegrating Linux Systems with Active Directory Using Open Source Tools
Integrating Linux Systems with Active Directory Using Open Source ToolsAll Things Open
 
Docker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on LinuxDocker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on LinuxMichael Boelen
 
Load Balancing Apps in Docker Swarm with NGINX
Load Balancing Apps in Docker Swarm with NGINXLoad Balancing Apps in Docker Swarm with NGINX
Load Balancing Apps in Docker Swarm with NGINXNGINX, Inc.
 
Introduction to Docker & CoreOS - Symfony User Group Cologne
Introduction to Docker & CoreOS - Symfony User Group CologneIntroduction to Docker & CoreOS - Symfony User Group Cologne
Introduction to Docker & CoreOS - Symfony User Group CologneD
 
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...BlueHat Security Conference
 
Openstack Trunk Port
Openstack Trunk PortOpenstack Trunk Port
Openstack Trunk Portbenceromsics
 
Octo talk : docker multi-host networking
Octo talk : docker multi-host networking Octo talk : docker multi-host networking
Octo talk : docker multi-host networking Hervé Leclerc
 
DockerCon EU 2015: Docker Networking Deep Dive
DockerCon EU 2015: Docker Networking Deep DiveDockerCon EU 2015: Docker Networking Deep Dive
DockerCon EU 2015: Docker Networking Deep DiveDocker, Inc.
 
Weave Networking on Docker
Weave Networking on DockerWeave Networking on Docker
Weave Networking on DockerStylight
 
OpenStack networking-sfc flow 분석
OpenStack networking-sfc flow 분석OpenStack networking-sfc flow 분석
OpenStack networking-sfc flow 분석Yongyoon Shin
 

Was ist angesagt? (20)

Configuring Syslog by Octavio
Configuring Syslog by OctavioConfiguring Syslog by Octavio
Configuring Syslog by Octavio
 
CoreOS introduction - Johann Romefort
CoreOS introduction - Johann RomefortCoreOS introduction - Johann Romefort
CoreOS introduction - Johann Romefort
 
Docker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know nowDocker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know now
 
How to master OpenStack in 2 hours
How to master OpenStack in 2 hoursHow to master OpenStack in 2 hours
How to master OpenStack in 2 hours
 
CoreOS intro
CoreOS introCoreOS intro
CoreOS intro
 
OpenStack : DevStack installation using VirtualBox & Ubnutu (Juno with Neutron)
OpenStack : DevStack installation using VirtualBox & Ubnutu (Juno with Neutron)OpenStack : DevStack installation using VirtualBox & Ubnutu (Juno with Neutron)
OpenStack : DevStack installation using VirtualBox & Ubnutu (Juno with Neutron)
 
Swift Install Workshop - OpenStack Conference Spring 2012
Swift Install Workshop - OpenStack Conference Spring 2012Swift Install Workshop - OpenStack Conference Spring 2012
Swift Install Workshop - OpenStack Conference Spring 2012
 
Solidity intro
Solidity introSolidity intro
Solidity intro
 
Syslog Centralization Logging with Windows ~ A techXpress Guide
Syslog Centralization Logging with Windows ~ A techXpress GuideSyslog Centralization Logging with Windows ~ A techXpress Guide
Syslog Centralization Logging with Windows ~ A techXpress Guide
 
Integrating Linux Systems with Active Directory Using Open Source Tools
Integrating Linux Systems with Active Directory Using Open Source ToolsIntegrating Linux Systems with Active Directory Using Open Source Tools
Integrating Linux Systems with Active Directory Using Open Source Tools
 
Docker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on LinuxDocker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on Linux
 
Load Balancing Apps in Docker Swarm with NGINX
Load Balancing Apps in Docker Swarm with NGINXLoad Balancing Apps in Docker Swarm with NGINX
Load Balancing Apps in Docker Swarm with NGINX
 
Introduction to Docker & CoreOS - Symfony User Group Cologne
Introduction to Docker & CoreOS - Symfony User Group CologneIntroduction to Docker & CoreOS - Symfony User Group Cologne
Introduction to Docker & CoreOS - Symfony User Group Cologne
 
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
 
Openstack Trunk Port
Openstack Trunk PortOpenstack Trunk Port
Openstack Trunk Port
 
Octo talk : docker multi-host networking
Octo talk : docker multi-host networking Octo talk : docker multi-host networking
Octo talk : docker multi-host networking
 
DockerCon EU 2015: Docker Networking Deep Dive
DockerCon EU 2015: Docker Networking Deep DiveDockerCon EU 2015: Docker Networking Deep Dive
DockerCon EU 2015: Docker Networking Deep Dive
 
Weave Networking on Docker
Weave Networking on DockerWeave Networking on Docker
Weave Networking on Docker
 
OpenStack networking-sfc flow 분석
OpenStack networking-sfc flow 분석OpenStack networking-sfc flow 분석
OpenStack networking-sfc flow 분석
 
From zero to Docker
From zero to DockerFrom zero to Docker
From zero to Docker
 

Ähnlich wie UA DNSSEC Status Update: ENOG3

DNSSEC in UA Domain (ENOG2)
DNSSEC in UA Domain (ENOG2)DNSSEC in UA Domain (ENOG2)
DNSSEC in UA Domain (ENOG2)Dmitry Kohmanyuk
 
tow nodes Oracle 12c RAC on virtualbox
tow nodes Oracle 12c RAC on virtualboxtow nodes Oracle 12c RAC on virtualbox
tow nodes Oracle 12c RAC on virtualboxjustinit
 
DNSSEC/DANE/TLS Testing in Go6Lab
DNSSEC/DANE/TLS Testing in Go6LabDNSSEC/DANE/TLS Testing in Go6Lab
DNSSEC/DANE/TLS Testing in Go6LabAPNIC
 
DNSSEC Deployment for .VN and share information of DNSSEC's plan in 2017
DNSSEC Deployment for .VN and share information of DNSSEC's plan in 2017DNSSEC Deployment for .VN and share information of DNSSEC's plan in 2017
DNSSEC Deployment for .VN and share information of DNSSEC's plan in 2017APNIC
 
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOSPart 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOSMen and Mice
 
BIND 9 - making a modern DNS server
BIND 9 - making a modern DNS serverBIND 9 - making a modern DNS server
BIND 9 - making a modern DNS serverJisc
 
Tokyo azure meetup #10 azure update, october
Tokyo azure meetup #10 azure update, octoberTokyo azure meetup #10 azure update, october
Tokyo azure meetup #10 azure update, octoberTokyo Azure Meetup
 
Tokyo azure meetup #9 azure update, october
Tokyo azure meetup #9 azure update, octoberTokyo azure meetup #9 azure update, october
Tokyo azure meetup #9 azure update, octoberTokyo Azure Meetup
 
Mens jan piet_dnssec-in-practice
Mens jan piet_dnssec-in-practiceMens jan piet_dnssec-in-practice
Mens jan piet_dnssec-in-practicekuchinskaya
 
OpenStack - JobShop @Iași, 2016
OpenStack - JobShop @Iași, 2016OpenStack - JobShop @Iași, 2016
OpenStack - JobShop @Iași, 2016Alexandru Coman
 
Easy backup & restore with Clonezilla - Tips form Basic to Advanced
Easy backup & restore with Clonezilla - Tips form Basic to AdvancedEasy backup & restore with Clonezilla - Tips form Basic to Advanced
Easy backup & restore with Clonezilla - Tips form Basic to AdvancedChenkai Sun
 
Dockercon 2015 Recap
Dockercon 2015 RecapDockercon 2015 Recap
Dockercon 2015 Recapehazlett
 
Software defined storage
Software defined storageSoftware defined storage
Software defined storageGluster.org
 
This one goes to 11!
This one goes to 11!This one goes to 11!
This one goes to 11!APNIC
 

Ähnlich wie UA DNSSEC Status Update: ENOG3 (20)

DNSSEC in UA Domain (ENOG2)
DNSSEC in UA Domain (ENOG2)DNSSEC in UA Domain (ENOG2)
DNSSEC in UA Domain (ENOG2)
 
tow nodes Oracle 12c RAC on virtualbox
tow nodes Oracle 12c RAC on virtualboxtow nodes Oracle 12c RAC on virtualbox
tow nodes Oracle 12c RAC on virtualbox
 
DNSSEC/DANE/TLS Testing in Go6Lab
DNSSEC/DANE/TLS Testing in Go6LabDNSSEC/DANE/TLS Testing in Go6Lab
DNSSEC/DANE/TLS Testing in Go6Lab
 
openSUSE12.2 Review
openSUSE12.2 ReviewopenSUSE12.2 Review
openSUSE12.2 Review
 
DNSSEC Deployment for .VN and share information of DNSSEC's plan in 2017
DNSSEC Deployment for .VN and share information of DNSSEC's plan in 2017DNSSEC Deployment for .VN and share information of DNSSEC's plan in 2017
DNSSEC Deployment for .VN and share information of DNSSEC's plan in 2017
 
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOSPart 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
 
BIND 9 - making a modern DNS server
BIND 9 - making a modern DNS serverBIND 9 - making a modern DNS server
BIND 9 - making a modern DNS server
 
Tokyo azure meetup #10 azure update, october
Tokyo azure meetup #10 azure update, octoberTokyo azure meetup #10 azure update, october
Tokyo azure meetup #10 azure update, october
 
Tokyo azure meetup #9 azure update, october
Tokyo azure meetup #9 azure update, octoberTokyo azure meetup #9 azure update, october
Tokyo azure meetup #9 azure update, october
 
ION Islamabad - DANE/DNSSEC/TLS Testing in the go6lab
ION Islamabad - DANE/DNSSEC/TLS Testing in the go6labION Islamabad - DANE/DNSSEC/TLS Testing in the go6lab
ION Islamabad - DANE/DNSSEC/TLS Testing in the go6lab
 
Mens jan piet_dnssec-in-practice
Mens jan piet_dnssec-in-practiceMens jan piet_dnssec-in-practice
Mens jan piet_dnssec-in-practice
 
OpenStack - JobShop @Iași, 2016
OpenStack - JobShop @Iași, 2016OpenStack - JobShop @Iași, 2016
OpenStack - JobShop @Iași, 2016
 
Nodejs - A quick tour (v4)
Nodejs - A quick tour (v4)Nodejs - A quick tour (v4)
Nodejs - A quick tour (v4)
 
Easy backup & restore with Clonezilla - Tips form Basic to Advanced
Easy backup & restore with Clonezilla - Tips form Basic to AdvancedEasy backup & restore with Clonezilla - Tips form Basic to Advanced
Easy backup & restore with Clonezilla - Tips form Basic to Advanced
 
Dockercon 2015 Recap
Dockercon 2015 RecapDockercon 2015 Recap
Dockercon 2015 Recap
 
FreeBSD is not Linux
FreeBSD is not LinuxFreeBSD is not Linux
FreeBSD is not Linux
 
File server-info
File server-infoFile server-info
File server-info
 
DNSSEC implementation in Russia
DNSSEC implementation in Russia DNSSEC implementation in Russia
DNSSEC implementation in Russia
 
Software defined storage
Software defined storageSoftware defined storage
Software defined storage
 
This one goes to 11!
This one goes to 11!This one goes to 11!
This one goes to 11!
 

Mehr von Dmitry Kohmanyuk

UA Perspectives: Talk at UAdom 2012
UA Perspectives: Talk at UAdom 2012UA Perspectives: Talk at UAdom 2012
UA Perspectives: Talk at UAdom 2012Dmitry Kohmanyuk
 
IPv6 for Developers - icamp.lviv.ua 2011
IPv6 for Developers - icamp.lviv.ua 2011IPv6 for Developers - icamp.lviv.ua 2011
IPv6 for Developers - icamp.lviv.ua 2011Dmitry Kohmanyuk
 
.UA ccTLD Overview - ENOG1
.UA ccTLD Overview - ENOG1.UA ccTLD Overview - ENOG1
.UA ccTLD Overview - ENOG1Dmitry Kohmanyuk
 
Dnssec in UA - Talk at UAdom 2011
Dnssec in UA - Talk at UAdom 2011Dnssec in UA - Talk at UAdom 2011
Dnssec in UA - Talk at UAdom 2011Dmitry Kohmanyuk
 
DNSSEC: там и здесь
DNSSEC: там и здесьDNSSEC: там и здесь
DNSSEC: там и здесьDmitry Kohmanyuk
 
DNSSEC in the World and Ukraine
DNSSEC in the World and UkraineDNSSEC in the World and Ukraine
DNSSEC in the World and UkraineDmitry Kohmanyuk
 

Mehr von Dmitry Kohmanyuk (7)

UA Perspectives: Talk at UAdom 2012
UA Perspectives: Talk at UAdom 2012UA Perspectives: Talk at UAdom 2012
UA Perspectives: Talk at UAdom 2012
 
DNS Alphabet Soup
DNS Alphabet SoupDNS Alphabet Soup
DNS Alphabet Soup
 
IPv6 for Developers - icamp.lviv.ua 2011
IPv6 for Developers - icamp.lviv.ua 2011IPv6 for Developers - icamp.lviv.ua 2011
IPv6 for Developers - icamp.lviv.ua 2011
 
.UA ccTLD Overview - ENOG1
.UA ccTLD Overview - ENOG1.UA ccTLD Overview - ENOG1
.UA ccTLD Overview - ENOG1
 
Dnssec in UA - Talk at UAdom 2011
Dnssec in UA - Talk at UAdom 2011Dnssec in UA - Talk at UAdom 2011
Dnssec in UA - Talk at UAdom 2011
 
DNSSEC: там и здесь
DNSSEC: там и здесьDNSSEC: там и здесь
DNSSEC: там и здесь
 
DNSSEC in the World and Ukraine
DNSSEC in the World and UkraineDNSSEC in the World and Ukraine
DNSSEC in the World and Ukraine
 

UA DNSSEC Status Update: ENOG3

  • 1. DNSSEC in UA - Status Update Dmitry Kohmanyuk May 22, 2012 1
  • 2. Test zone UA.UA • November 8th, 2011 • Zone UA.UA signed, keys in DLV (dlv.isc.org) • UA has DS record for ua.ua • Test web site (can use Firefox plugin to verify) 2
  • 3. Zone UA Key Generation Ceremony • December 2nd, 2011 • Key parameters: RSASHA512 (algorithm 10) KSK bits: 2048 ZSK bits: 1024 3
  • 4. DNSSEC Testbed Environment Test signing environment: – BIND 9.8 – some shell and Make magic – FreeBSD with jails – rsync 4
  • 5. Public server with cloned UA (signed with test key) • Anycast server: ho1.ua.ua 195.47.253.17 2001:67c:258::17 • Test trust anchor: ua. IN DS 29019 10 2 68B5F97978F45398C9C0382161701EA3AB4A882011DCAA4F51888 00D D58FE2AD • This is not a production zone, use as your own risk (but all NS records are the same) 5
  • 6. Public resolver - enabled DNSSEC validation • Announced February 7th 2012 at Fifth IPv6 Workshop in Kiev • Code name “Lighthouse” – lh.cctld.ua 194.44.71.71 2001:7f8:55:7::71 • Uses test authoritative server 6
  • 7. Live Deployment Schedule • KSK in UA - Mach 27th 2012 • DS in DLV - March 28th 2012 • DS in Root Zone - April 13th 2012 • DS delegations in UA -- 6 total: – ua.ua netassist.ua rovno.ua nic.ua; chernovtsy.ua cv.ua (added May21) 7