Evolution of DNSSEC Implementation at Nominet

Slide Note
Embed
Share

This content details the evolution of DNSSEC implementation at Nominet, covering key milestones from initial infrastructure deployment in 2008 to the adoption of a new approach in 2016. It discusses the challenges faced, technology used over the years, and the transition to a new DNSSEC approach in 2016 focused on security and efficiency. The journey reflects the continuous improvement and adaptation in securing the DNS infrastructure.

hieu_7
hieu_7 Follow

Uploaded on Sep 25, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. How we made DNSSEC simple(r) 09.04.19 Brett Carr

  2. DNSSEC primer Public keys published in zone. Private keys need to be protected. Rapidly updated zones need constant signing. If signing breaks updates stop. Classed as a critical top tier service. 2

  3. DNSSEC at Nominet A potted history 2008 initial infrastructure deployment 2009 we first signed .uk 2011 we had a small issue 2013 changed infrastructure 2014 we started signing gtlds 2016 Changed infrastructure 3

  4. DNSSEC Tech used 2009 Sun SCA6000 HSM and Centos 5 opendnssec signing automation Sites in Oxford and Kent Unreliable Failure caused 2011 Issue Taken over by Oracle Price Hike Support split between two companies 4

  5. DNSSEC Tech used 2013 Thales HSM Network based Opendnssec signing automation Sites in Slough and West London Reliable but Complex and difficult to support. Support split between two companies 5

  6. 2016- New DNSSEC No HSM All signing is done on a geographically replicated VM with BIND. Supported by one company (ISC) Private Keys on encrypted partition protected by a split password. Split password intervention needed at boot. Access to machine is XFR and console only. (no ssh) Console login protected by split password. All changes done by engineer and monitored by a security officer. 6

  7. 2018 Brett is less stressed 7

  8. Questions ? 8

Related


Challenges Faced in DNSSEC Deployment by Geoff Huston at APNIC June 2016

Challenges Faced in DNSSEC Deployment by Geoff Huston at APNIC June 2016

seraphine
Exploring DANE, DNSSEC, and TLS in Go6Lab

Exploring DANE, DNSSEC, and TLS in Go6Lab

kasz640
Enhancing WHOIS Updates with DNSSEC, ASPLAIN, and Abuse Contact Implementation

Enhancing WHOIS Updates with DNSSEC, ASPLAIN, and Abuse Contact Implementation

lash_9
Upgrade Requirements, Challenges, and Solutions for Same-Server DoT Implementation

Upgrade Requirements, Challenges, and Solutions for Same-Server DoT Implementation

mbout
Apache Traffic Control Update Highlights

Apache Traffic Control Update Highlights

ayan456
Roughtime: Securing time for IoT devices

Roughtime: Securing time for IoT devices

jayda
DNS Research Federation: Advancing Understanding of Cybersecurity Impact

DNS Research Federation: Advancing Understanding of Cybersecurity Impact

bri_k
Understanding Domain Names for Authoritative DNS Servers

Understanding Domain Names for Authoritative DNS Servers

asy_mar
Evolution of Public Policy Implementation Studies

Evolution of Public Policy Implementation Studies

kai
PBN Planning and Implementation Status in Ukraine

PBN Planning and Implementation Status in Ukraine

kelf644
Community Project Implementation Structures in Gulf of Guinea Northern Regions

Community Project Implementation Structures in Gulf of Guinea Northern Regions

amarantha
Understanding Small Area Fair Market Rents (SAFMR) Implementation Webinar

Understanding Small Area Fair Market Rents (SAFMR) Implementation Webinar

larr_yc
Utilizing Direct Observation for Implementation Facilitation

Utilizing Direct Observation for Implementation Facilitation

jsol
City of Oakland Finance Dept. Public Outreach Session - Measure W Vacant Property Tax Implementation Ordinance

City of Oakland Finance Dept. Public Outreach Session - Measure W Vacant Property Tax Implementation Ordinance

yzipp
HIT Implementation Planning for Quality and Safety Lecture

HIT Implementation Planning for Quality and Safety Lecture

maon673
Implementation of Medication Assisted Treatment Standards and Phases to Evidence Implementation

Implementation of Medication Assisted Treatment Standards and Phases to Evidence Implementation

cgle
Evolution of Compact Star-Forming Galaxies and Quiescent Galaxies

Evolution of Compact Star-Forming Galaxies and Quiescent Galaxies

jace798
The Scopes Monkey Trial: Clash of Cultures and Evolution Debate

The Scopes Monkey Trial: Clash of Cultures and Evolution Debate

navratil_j
Rules and Practices for Software Evolution Support

Rules and Practices for Software Evolution Support

eder513
Software Evolution: Managing Change and Evolution in Organizational Systems

Software Evolution: Managing Change and Evolution in Organizational Systems

zhou_mo
Darwin and the Theory of Evolution: A Comprehensive Overview

Darwin and the Theory of Evolution: A Comprehensive Overview

audri
Understanding Evolution: Key Concepts and Perspectives

Understanding Evolution: Key Concepts and Perspectives

ashif
Unveiling the Cosmic Evolution: A Journey Through Galaxies, Stars, and Empty Space

Unveiling the Cosmic Evolution: A Journey Through Galaxies, Stars, and Empty Space

kaon343
Advancing Digital NOTAM Implementation: Evolution and Future Trends

Advancing Digital NOTAM Implementation: Evolution and Future Trends

wilhelmina

More Related Content

Understanding Implementation Science: Bridging Research and Practice
Understanding Implementation Science: Bridging Research and Practice
Challenges in Standard QUIC Protocol Implementation
Challenges in Standard QUIC Protocol Implementation
Parallel Implementation of Multivariate Empirical Mode Decomposition on GPU
Parallel Implementation of Multivariate Empirical Mode Decomposition on GPU
Precision Implementation Approach in Evidence-Based Practice
Precision Implementation Approach in Evidence-Based Practice
Policy Implementation in Uganda: Evidence and Challenges
Policy Implementation in Uganda: Evidence and Challenges
Update on ESCO Implementation in EURES
Update on ESCO Implementation in EURES
Challenges in Policy Implementation and Lessons Learned
Challenges in Policy Implementation and Lessons Learned
Overview of Ethio-SHEP Project Team and Implementation Structure
Overview of Ethio-SHEP Project Team and Implementation Structure
Strategic Plan for Implementation
Strategic Plan for Implementation
Overview of IFRS Implementation in Japan
Overview of IFRS Implementation in Japan
CAP Implementation Progress in Mali-Meteo and Fast-Tracking in Africa
CAP Implementation Progress in Mali-Meteo and Fast-Tracking in Africa
Understanding Policy Implementation Diagnostic Framework for Low Carbon Policies
Understanding Policy Implementation Diagnostic Framework for Low Carbon Policies
Evolution and Plant Systematics Lecture Overview
Evolution and Plant Systematics Lecture Overview
Critique of Unilinear Cultural Evolution Models
Critique of Unilinear Cultural Evolution Models
Understanding Phylogeny and Evolution in Angiosperms
Understanding Phylogeny and Evolution in Angiosperms
Evolution of Modern State: Three Macro-Patterns Explored
Evolution of Modern State: Three Macro-Patterns Explored
Evolutionary Concepts and Natural Selection Explained
Evolutionary Concepts and Natural Selection Explained
Understanding the Geological Time Scale and Earth's Evolution
Understanding the Geological Time Scale and Earth's Evolution
Evolution of Inscriptions in Ancient Indian History
Evolution of Inscriptions in Ancient Indian History
Sankhya's Theory of Evolution Explained by Dr. Satya Deva Mishra
Sankhya's Theory of Evolution Explained by Dr. Satya Deva Mishra
Evolution and Impact of Wi-Fi Technology Trends
Evolution and Impact of Wi-Fi Technology Trends
The Mysteries of Life: Origins, Evolution, and Plant Cells
The Mysteries of Life: Origins, Evolution, and Plant Cells
Evolution of Internet Technology in Tourism: A Comprehensive Study
Evolution of Internet Technology in Tourism: A Comprehensive Study
Evolution of Liberal Citizenship Theory
Evolution of Liberal Citizenship Theory