Scribd Logo
Upload

Welcome to Scribd!

  • Dnssec Signing of

    Uploaded by

    JennieAWalsh
    8 views7 pages
    Afilias operates the .ORG domain registry and DNS infrastructure on behalf of PIR. They were preparing to sign the .ORG zone with DNSSEC to add security and authentication to the domain name system. Afilias ran a globally distributed DNS network with anycast nodes in North America, Europe, and Asia on diverse open source software. They chose to implement NSEC3 when it was finalized in 2008 as it provides protections against zone enumeration walks and allows gradual expansion of signed delegations.

    Original Description:

    htjd

    Original Title

    Dnssec Signing of .Org

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Afilias operates the .ORG domain registry and DNS infrastructure on behalf of PIR. They were preparing to sign the .ORG zone with DNSSEC to add security and authentication to the domain name system. Afilias ran a globally distributed DNS network with anycast nodes in North America, Europe, and Asia on diverse open source software. They chose to implement NSEC3 when it was finalized in 2008 as it provides protections against zone enumeration walks and allows gradual expansion of signed delegations.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    8 views7 pages

    Dnssec Signing of

    Uploaded by

    JennieAWalsh
    Afilias operates the .ORG domain registry and DNS infrastructure on behalf of PIR. They were preparing to sign the .ORG zone with DNSSEC to add security and authentication to the domain name system. Afilias ran a globally distributed DNS network with anycast nodes in North America, Europe, and Asia on diverse open source software. They chose to implement NSEC3 when it was finalized in 2008 as it provides protections against zone enumeration walks and allows gradual expansion of signed delegations.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 7

    SM

    DNSSEC Signing of .org

    Dave Knight UKNOF 12, Bristol, UK

    AliasLimited

    www.alias.info

    Background
    Afilias operates the .ORG registry and DNS on behalf of PIR ORG has 6 servers, all of which are anycast in IPv4 and IPv6 Nameserver nodes in North America, Europe, and Asia Diverse, open source platform BIND9 and NSD Linux and FreeBSD Intel and POWER5 Cisco and Juniper Two transit providers per node

    AliasLimited

    www.alias.info

    DNS Infrastructure

    AliasLimited

    www.alias.info

    DNSSEC Signer

    AliasLimited

    www.alias.info

    NSEC3
    Decided to wait for NSEC3, RFC 5155 was published in early 2008 Provides measures against zone enumeration An NSEC record contains two canonically ordered names to show that nothing exists between them walking the chain of NSEC records allows discovery of all names in the zone An NSEC3 record contains the next hashed owner name in the hash order of the zone Permits gradual expansion of delegation-centric zones Only secure delegations (those with a DS record) need to be signed / have an NSEC3 RR NSEC3 support in NSD and BIND9 by the end of 2008
    AliasLimited www.alias.info

    Timeline

    AliasLimited

    www.alias.info

    Questions?

    AliasLimited

    www.alias.info

    You might also like