SlideShare una empresa de Scribd logo

Yeti DNS - Experimenting at the root

Men and Mice
Men and Mice

Yeti-DNS is an international research project with the purpose of testing new technologies and procedures in running the Internet root zone. The project runs tests on DNSSEC key rollovers in the root, as well as experimenting with new ways to manage the DNSSEC keys (multiple zone signing keys). An interview with Shane Kerr, a coordinator for the Yeti-DNS project, forms part of this webinar. The interview sheds light on the technical and political aspects of the project and introduces the latest results from experiments. The webinar also includes a tutorial on how to use the Yeti-DNS root name servers to configure a BIND 9 DNS resolver in order to take part in the project.

Tecnología
1 de 17
Descargar para leer sin conexión
Yeti-DNS Experimenting at the root 1
© Men & Mice http://menandmice.com Yeti-DNS Interview with Yeti-DNS coordinator Shane Kerr Tutorials - BIND 9 Resolver using Yeti-DNS - Unbound Resolver using Yeti-DNS 2
© Men & Mice http://menandmice.com Interview with Shane Kerr 3
© Men & Mice http://menandmice.com Using Yeti-DNS root The Yeti-DNS project relies on interested networks to run DNS-resolver towards the Yeti-DNS root • to generate "real-world" query traffic • Yeti-DNS is IPv6-only •you need IPv6 connectivity to participate (native IPv6 is best, but a tunnel is fine) • Setup is not hard • but keep in mind that Yeti-DNS is an experimental project, there might be glitches and downtime • do not run a mission critical network via Yeti-DNS • research or internal IT staff networks, Guest-WLAN etc might be fine 4
© Men & Mice http://menandmice.com BIND 9 with Yeti-DNS root Example for Ubuntu 16.04: # apt install bind9 # wget -O /etc/bind/yeti-root.hints 
 https://raw.githubusercontent.com/BII-Lab/Yeti-Project/master/domain/named.cache # vi /etc/bind/named.conf.local ——
 zone "." {
 type hint;
 file "/etc/bind/yeti-root.hints";
 };
 
 managed-keys {
 "." initial-key 257 3 8 "AwEAAaP3gGQ4db0tAiDEky0dcUNGeI1aTDYP5NFxzhbdpD60ZhKLVV4K
 yxPmoSNUpq5Fv5M0iBwK1Tyswsyq/9sMSoZ8zx8aT3ho1YnPsSqQeJfj
 TT1WsX6YZ5Kw6B2QkjRNa6OMGZ96Kn8AI/slqsw+z8hY49Sn3baeo9iJ
 xHPzloNc2dQkW4aLqzNEYxnuoJsthCfGrPSAXlUjY9m3YKIaEWR5WFYQ
 k770fT+gGWLk/54Vp0sG+Lw75JZnwhDhixPFaToTDNqbHQmkEylq1XJL
 O15uZ/+RZNRfTXZKO4fVR0tMEbMAITqRmyP8xLXY4RXbS4J32gnenQbz
 ABX8sQmwO7s=";
 }; 5 Fetching the Yeti-DNS Root-Hints Configure the Yeti-Root- Hints The Yeti-DNS Root KSK for DNSSEC validation
© Men & Mice http://menandmice.com BIND 9 with Yeti-DNS root Example for Ubuntu 16.04: # vi /etc/bind/named.conf.default-zones ----- // prime the server with knowledge of the root servers
 #zone "." {
 # type hint;
 # file "/etc/bind/db.root";
 #}; ------ # named-checkconf # systemctl restart bind9 # systemctl status bind9 6 uncommenting the "official" IANA Root-Hints check the configuration and restart BIND 9
© Men & Mice http://menandmice.com BIND 9 with Yeti-DNS root Example for Ubuntu 16.04: # dig @localhost ns .
 ; <<>> DiG 9.10.3-P4-Ubuntu <<>> @localhost ns .
 ; (1 server found)
 ;; global options: +cmd
 ;; Got answer:
 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52931
 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 25, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION:
 ; EDNS: version: 0, flags:; udp: 4096
 ;; QUESTION SECTION:
 ;. IN NS
 ;; ANSWER SECTION:
 . 86367 IN NS yeti1.ipv6.ernet.in.
 . 86367 IN NS yeti-ns2.dns-lab.net.
 . 86367 IN NS yeti-ns.as59715.net.
 . 86367 IN NS yeti.ipv6.ernet.in.
 . 86367 IN NS dahu2.yeti.eu.org.
 […]
 . 86367 IN NS bii.dns-lab.net.
 . 86367 IN NS yeti-ns.lab.nic.cl.
 . 86367 IN NS yeti-ns.tisf.net.
 . 86367 IN NS 18ac3e7343f016890c510e93f93526.yeti-dns.net. ;; Query time: 0 msec
 ;; SERVER: 127.0.0.1#53(127.0.0.1)
 ;; WHEN: Thu Jun 09 13:06:49 CEST 2016
 ;; MSG SIZE rcvd: 823 7 Query for the Nameserver NS- RRSET of the root zone (must be DNSSEC validated 
 AD-Flag!) the list of Yeti-DNS root server
© Men & Mice http://menandmice.com Unbound with Yeti-DNS root Example for Ubuntu 16.04: # apt install unbound # wget wget -O /etc/unbound/yeti-root.hints 
 https://raw.githubusercontent.com/BII-Lab/Yeti-Project/master/domain/named.cache # vi /etc/unbound/unbound.conf.d/yeti-root.conf
 ——
 server:
 root-hints: "yeti-root.hints" —— 8 fetching the Yeti-DNS root-hints
© Men & Mice http://menandmice.com Unbound with Yeti-DNS root Example for Ubuntu 16.04: ! ! # wget -O /var/lib/unbound/root.key 
 https://raw.githubusercontent.com/BII-Lab/Yeti-Project/master/domain/KSK.pub # echo 'ROOT_TRUST_ANCHOR_UPDATE="false"' >> /etc/default/unbound 9 fetching the Yeti-DNS root-KSK for DNSSEC validation disabling the update of the DNSSEC root KSK via unbound-anchor
© Men & Mice http://menandmice.com Unbound with Yeti-DNS root Example for Ubuntu 16.04: ! ! # unbound-checkconf 
 unbound-checkconf: no errors in /etc/unbound/unbound.conf # systemctl restart unbound # systemctl status unbound ! 10 check the Unbound configuration for errors
© Men & Mice http://menandmice.com Unbound with Yeti-DNS root Example for Ubuntu 16.04: # dig @localhost ns . ; <<>> DiG 9.10.3-P4-Ubuntu <<>> @localhost ns .
 ; (1 server found)
 ;; global options: +cmd
 ;; Got answer:
 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29228
 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 25, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION:
 ; EDNS: version: 0, flags:; udp: 4096
 ;; QUESTION SECTION:
 ;. IN NS ;; ANSWER SECTION: . 86369 IN NS 3f79bb7b435b05321651daefd374cd.yeti-dns.net.
 . […]
 . 86369 IN NS yeti-ns.tisf.net.
 . 86369 IN NS yeti-ns1.dns-lab.net.
 . 86369 IN NS 2e7d2c03a9507ae265ecf5b5356885.yeti-dns.net.
 . 86369 IN NS yeti.ipv6.ernet.in.
 . 86369 IN NS dahu1.yeti.eu.org.
 . 86369 IN NS yeti-ns.wide.ad.jp.
 ;; Query time: 0 msec
 ;; SERVER: 127.0.0.1#53(127.0.0.1)
 ;; WHEN: Thu Jun 09 13:44:23 CEST 2016
 ;; MSG SIZE rcvd: 823 11 Query for the Nameserver NS- RRSET of the root zone (must be DNSSEC validated 
 AD-Flag!) the list of Yeti-DNS root server
© Men & Mice http://menandmice.com Yeti-DNS resources Website: 
 http://yeti-dns.org/ Mailinglist: http://lists.yeti-dns.org/mailman/listinfo/discuss Statistics: http://yeti-dns.org/statistics.html Yeti-Root-Server Monitoring: (via RIPE Atlas) http://yeti-dns.org/monitor.html 12
© Men & Mice http://menandmice.com Upcoming training classes Special 
 4 day IPv6 Intro & Advanced Topics Workshop
 
 August 1 – 4, 2016 Livermore, CA (USA) 13 https://www.menandmice.com/support-training/training/ipv6/
© Men & Mice http://menandmice.com Upcoming training classes KEA-DHCP August 8 – 9, 2016 - Amsterdam, The Netherlands October 13 – 14, 2016 - West Coast, USA October 17 – 18, 2016 - East Coast, USA November 21 – 22, 2016 - Amsterdam, The Netherlands Two days - Hands-On training US$ 1795 14 https://www.menandmice.com/support-training/training/kea-dhcp-training/
© Men & Mice http://menandmice.com more training •August 22 – 24, 2016 Introduction to DNS & BIND Hands-On class Amsterdam, The Netherlands • August 22 – 26, 2016 Introduction & Advanced DNS and BIND Topics Hands-on class Amsterdam, The Netherlands •August 24 – 26, 2016 DNSSEC Technical Workshop – Implementation and Deployment Amsterdam, The Netherlands •October 3 – 5, 2016 Introduction to DNS & BIND Hands-On class Arlington (VA), USA •October 3 – 7, 2016 Introduction & Advanced DNS and BIND Topics Hands- on class Arlington (VA), USA •October 5 – 7, 2016 DNSSEC Technical Workshop – Implementation and Deployment Arlington (VA), USA 15 https://www.menandmice.com/support-training/training/
© Men & Mice http://menandmice.com ISC Webinars Webinar: Extending Kea with Hooks 29 June 2016 - 10:00 AM PST / 5:00 PM UCT https://goo.gl/ZP3NIc 16
© Men & Mice http://menandmice.com Thank you! ! Questions? Comments? 17

Recomendados

DNSSEC signing Tutorial
DNSSEC signing Tutorial DNSSEC signing Tutorial
DNSSEC signing Tutorial Men and Mice
 
DNSTap Webinar
DNSTap WebinarDNSTap Webinar
DNSTap WebinarMen and Mice
 
Namespaces for Local Networks
Namespaces for Local NetworksNamespaces for Local Networks
Namespaces for Local NetworksMen and Mice
 
The DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rollsThe DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rollsMen and Mice
 
DNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing SolutionsDNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing SolutionsMen and Mice
 
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOSPart 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOSMen and Mice
 
BIND 9 logging best practices
BIND 9 logging best practicesBIND 9 logging best practices
BIND 9 logging best practicesMen and Mice
 
Part 2 - Local Name Resolution in Windows Networks
Part 2 - Local Name Resolution in Windows NetworksPart 2 - Local Name Resolution in Windows Networks
Part 2 - Local Name Resolution in Windows NetworksMen and Mice
 

Recomendados

DNSSEC signing Tutorial
DNSSEC signing Tutorial DNSSEC signing Tutorial
DNSSEC signing Tutorial Men and Mice
 
DNSTap Webinar
DNSTap WebinarDNSTap Webinar
DNSTap WebinarMen and Mice
 
Namespaces for Local Networks
Namespaces for Local NetworksNamespaces for Local Networks
Namespaces for Local NetworksMen and Mice
 
The DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rollsThe DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rollsMen and Mice
 
DNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing SolutionsDNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing SolutionsMen and Mice
 
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOSPart 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOSMen and Mice
 
BIND 9 logging best practices
BIND 9 logging best practicesBIND 9 logging best practices
BIND 9 logging best practicesMen and Mice
 
Part 2 - Local Name Resolution in Windows Networks
Part 2 - Local Name Resolution in Windows NetworksPart 2 - Local Name Resolution in Windows Networks
Part 2 - Local Name Resolution in Windows NetworksMen and Mice
 
What is new in BIND 9.11?
What is new in BIND 9.11?What is new in BIND 9.11?
What is new in BIND 9.11?Men and Mice
 
The CAA-Record for increased encryption security
The CAA-Record for increased encryption securityThe CAA-Record for increased encryption security
The CAA-Record for increased encryption securityMen and Mice
 
How to send DNS over anything encrypted
How to send DNS over anything encryptedHow to send DNS over anything encrypted
How to send DNS over anything encryptedMen and Mice
 
RIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinarRIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinarMen and Mice
 
Keeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runitKeeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runitMen and Mice
 
Windows Server 2016 Webinar
Windows Server 2016 WebinarWindows Server 2016 Webinar
Windows Server 2016 WebinarMen and Mice
 
Kea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCKea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCMen and Mice
 
Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...
Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...
Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...APNIC
 
SMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANESMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANEMen and Mice
 
The KNOT DNS Server
The KNOT DNS ServerThe KNOT DNS Server
The KNOT DNS ServerMen and Mice
 
RIPE 70 Report Webinar
RIPE 70 Report WebinarRIPE 70 Report Webinar
RIPE 70 Report WebinarMen and Mice
 
Why Managed Service Providers Should Embrace Container Technology
Why Managed Service Providers Should Embrace Container TechnologyWhy Managed Service Providers Should Embrace Container Technology
Why Managed Service Providers Should Embrace Container TechnologySagi Brody
 
Passive DNS Collection – Henry Stern, Cisco
Passive DNS Collection – Henry Stern, CiscoPassive DNS Collection – Henry Stern, Cisco
Passive DNS Collection – Henry Stern, CiscoHenry Stern
 
Fighting Abuse with DNS
Fighting Abuse with DNSFighting Abuse with DNS
Fighting Abuse with DNSMen and Mice
 
HAProxy scale out using open source
HAProxy scale out using open sourceHAProxy scale out using open source
HAProxy scale out using open sourceIngo Walz
 
DNSSEC Tutorial; USENIX LISA 2013
DNSSEC Tutorial; USENIX LISA 2013DNSSEC Tutorial; USENIX LISA 2013
DNSSEC Tutorial; USENIX LISA 2013Shumon Huque
 
Get your instance by name integration of nova, neutron and designate
Get your instance by name integration of nova, neutron and designateGet your instance by name integration of nova, neutron and designate
Get your instance by name integration of nova, neutron and designateMiguel Lavalle
 
DNS over HTTPS
DNS over HTTPSDNS over HTTPS
DNS over HTTPSDaniel Stenberg
 
Observability with HAProxy
Observability with HAProxyObservability with HAProxy
Observability with HAProxyHAProxy Technologies
 
Presentation iv implementasi 802x eap tls peap mscha pv2
Presentation iv implementasi 802x eap tls peap mscha pv2Presentation iv implementasi 802x eap tls peap mscha pv2
Presentation iv implementasi 802x eap tls peap mscha pv2Hell19
 
PLNOG 5: Eric Ziegast, Zbigniew Jasinski - DNSSEC
PLNOG 5: Eric Ziegast, Zbigniew Jasinski - DNSSECPLNOG 5: Eric Ziegast, Zbigniew Jasinski - DNSSEC
PLNOG 5: Eric Ziegast, Zbigniew Jasinski - DNSSECPROIDEA
 
Caching and tuning fun for high scalability
Caching and tuning fun for high scalabilityCaching and tuning fun for high scalability
Caching and tuning fun for high scalabilityWim Godden
 

Más contenido relacionado

La actualidad más candente

What is new in BIND 9.11?
What is new in BIND 9.11?What is new in BIND 9.11?
What is new in BIND 9.11?Men and Mice
 
The CAA-Record for increased encryption security
The CAA-Record for increased encryption securityThe CAA-Record for increased encryption security
The CAA-Record for increased encryption securityMen and Mice
 
How to send DNS over anything encrypted
How to send DNS over anything encryptedHow to send DNS over anything encrypted
How to send DNS over anything encryptedMen and Mice
 
RIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinarRIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinarMen and Mice
 
Keeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runitKeeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runitMen and Mice
 
Windows Server 2016 Webinar
Windows Server 2016 WebinarWindows Server 2016 Webinar
Windows Server 2016 WebinarMen and Mice
 
Kea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCKea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCMen and Mice
 
Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...
Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...
Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...APNIC
 
SMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANESMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANEMen and Mice
 
The KNOT DNS Server
The KNOT DNS ServerThe KNOT DNS Server
The KNOT DNS ServerMen and Mice
 
RIPE 70 Report Webinar
RIPE 70 Report WebinarRIPE 70 Report Webinar
RIPE 70 Report WebinarMen and Mice
 
Why Managed Service Providers Should Embrace Container Technology
Why Managed Service Providers Should Embrace Container TechnologyWhy Managed Service Providers Should Embrace Container Technology
Why Managed Service Providers Should Embrace Container TechnologySagi Brody
 
Passive DNS Collection – Henry Stern, Cisco
Passive DNS Collection – Henry Stern, CiscoPassive DNS Collection – Henry Stern, Cisco
Passive DNS Collection – Henry Stern, CiscoHenry Stern
 
Fighting Abuse with DNS
Fighting Abuse with DNSFighting Abuse with DNS
Fighting Abuse with DNSMen and Mice
 
HAProxy scale out using open source
HAProxy scale out using open sourceHAProxy scale out using open source
HAProxy scale out using open sourceIngo Walz
 
DNSSEC Tutorial; USENIX LISA 2013
DNSSEC Tutorial; USENIX LISA 2013DNSSEC Tutorial; USENIX LISA 2013
DNSSEC Tutorial; USENIX LISA 2013Shumon Huque
 
Get your instance by name integration of nova, neutron and designate
Get your instance by name integration of nova, neutron and designateGet your instance by name integration of nova, neutron and designate
Get your instance by name integration of nova, neutron and designateMiguel Lavalle
 
Presentation iv implementasi 802x eap tls peap mscha pv2
Presentation iv implementasi 802x eap tls peap mscha pv2Presentation iv implementasi 802x eap tls peap mscha pv2
Presentation iv implementasi 802x eap tls peap mscha pv2Hell19
 

La actualidad más candente (20)

What is new in BIND 9.11?
What is new in BIND 9.11?What is new in BIND 9.11?
What is new in BIND 9.11?
 
The CAA-Record for increased encryption security
The CAA-Record for increased encryption securityThe CAA-Record for increased encryption security
The CAA-Record for increased encryption security
 
How to send DNS over anything encrypted
How to send DNS over anything encryptedHow to send DNS over anything encrypted
How to send DNS over anything encrypted
 
RIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinarRIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinar
 
Keeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runitKeeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runit
 
Windows Server 2016 Webinar
Windows Server 2016 WebinarWindows Server 2016 Webinar
Windows Server 2016 Webinar
 
Kea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCKea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISC
 
Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...
Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...
Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...
 
SMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANESMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANE
 
The KNOT DNS Server
The KNOT DNS ServerThe KNOT DNS Server
The KNOT DNS Server
 
RIPE 70 Report Webinar
RIPE 70 Report WebinarRIPE 70 Report Webinar
RIPE 70 Report Webinar
 
Why Managed Service Providers Should Embrace Container Technology
Why Managed Service Providers Should Embrace Container TechnologyWhy Managed Service Providers Should Embrace Container Technology
Why Managed Service Providers Should Embrace Container Technology
 
Passive DNS Collection – Henry Stern, Cisco
Passive DNS Collection – Henry Stern, CiscoPassive DNS Collection – Henry Stern, Cisco
Passive DNS Collection – Henry Stern, Cisco
 
Fighting Abuse with DNS
Fighting Abuse with DNSFighting Abuse with DNS
Fighting Abuse with DNS
 
HAProxy scale out using open source
HAProxy scale out using open sourceHAProxy scale out using open source
HAProxy scale out using open source
 
DNSSEC Tutorial; USENIX LISA 2013
DNSSEC Tutorial; USENIX LISA 2013DNSSEC Tutorial; USENIX LISA 2013
DNSSEC Tutorial; USENIX LISA 2013
 
Get your instance by name integration of nova, neutron and designate
Get your instance by name integration of nova, neutron and designateGet your instance by name integration of nova, neutron and designate
Get your instance by name integration of nova, neutron and designate
 
DNS over HTTPS
DNS over HTTPSDNS over HTTPS
DNS over HTTPS
 
Observability with HAProxy
Observability with HAProxyObservability with HAProxy
Observability with HAProxy
 
Presentation iv implementasi 802x eap tls peap mscha pv2
Presentation iv implementasi 802x eap tls peap mscha pv2Presentation iv implementasi 802x eap tls peap mscha pv2
Presentation iv implementasi 802x eap tls peap mscha pv2
 

Similar a Yeti DNS - Experimenting at the root

PLNOG 5: Eric Ziegast, Zbigniew Jasinski - DNSSEC
PLNOG 5: Eric Ziegast, Zbigniew Jasinski - DNSSECPLNOG 5: Eric Ziegast, Zbigniew Jasinski - DNSSEC
PLNOG 5: Eric Ziegast, Zbigniew Jasinski - DNSSECPROIDEA
 
Caching and tuning fun for high scalability
Caching and tuning fun for high scalabilityCaching and tuning fun for high scalability
Caching and tuning fun for high scalabilityWim Godden
 
The New Root Zone DNSSEC KSK
The New Root Zone DNSSEC KSKThe New Root Zone DNSSEC KSK
The New Root Zone DNSSEC KSKAPNIC
 
SUSE - performance analysis-with_ceph
SUSE - performance analysis-with_cephSUSE - performance analysis-with_ceph
SUSE - performance analysis-with_cephinwin stack
 
Ceph Day Chicago - Ceph Deployment at Target: Best Practices and Lessons Learned
Ceph Day Chicago - Ceph Deployment at Target: Best Practices and Lessons LearnedCeph Day Chicago - Ceph Deployment at Target: Best Practices and Lessons Learned
Ceph Day Chicago - Ceph Deployment at Target: Best Practices and Lessons LearnedCeph Community
 
Performance analysis with_ceph
Performance analysis with_cephPerformance analysis with_ceph
Performance analysis with_cephAlex Lau
 
Nagios Conference 2013 - Spenser Reinhardt - Securing Your Nagios Server
Nagios Conference 2013 - Spenser Reinhardt - Securing Your Nagios ServerNagios Conference 2013 - Spenser Reinhardt - Securing Your Nagios Server
Nagios Conference 2013 - Spenser Reinhardt - Securing Your Nagios ServerNagios
 
DNS_Tutorial 2.pptx
DNS_Tutorial 2.pptxDNS_Tutorial 2.pptx
DNS_Tutorial 2.pptxviditsir
 
Ceph Deployment at Target: Customer Spotlight
Ceph Deployment at Target: Customer SpotlightCeph Deployment at Target: Customer Spotlight
Ceph Deployment at Target: Customer SpotlightRed_Hat_Storage
 
Ceph Deployment at Target: Customer Spotlight
Ceph Deployment at Target: Customer SpotlightCeph Deployment at Target: Customer Spotlight
Ceph Deployment at Target: Customer SpotlightColleen Corrice
 
Practical Tips for Novell Cluster Services
Practical Tips for Novell Cluster ServicesPractical Tips for Novell Cluster Services
Practical Tips for Novell Cluster ServicesNovell
 
Oracle 11g R2 RAC setup on rhel 5.0
Oracle 11g R2 RAC setup on rhel 5.0Oracle 11g R2 RAC setup on rhel 5.0
Oracle 11g R2 RAC setup on rhel 5.0Santosh Kangane
 
Mens jan piet_dnssec-in-practice
Mens jan piet_dnssec-in-practiceMens jan piet_dnssec-in-practice
Mens jan piet_dnssec-in-practicekuchinskaya
 
Introduction to Stacki at Atlanta Meetup February 2016
Introduction to Stacki at Atlanta Meetup February 2016Introduction to Stacki at Atlanta Meetup February 2016
Introduction to Stacki at Atlanta Meetup February 2016StackIQ
 
2017 DNSSEC KSK Rollover
2017 DNSSEC KSK Rollover2017 DNSSEC KSK Rollover
2017 DNSSEC KSK RolloverAPNIC
 
Hostvn ceph in production v1.1 dungtq
Hostvn ceph in production v1.1 dungtqHostvn ceph in production v1.1 dungtq
Hostvn ceph in production v1.1 dungtqViet Stack
 
dns-sec-4-slides
dns-sec-4-slidesdns-sec-4-slides
dns-sec-4-slideskj teoh
 

Similar a Yeti DNS - Experimenting at the root (20)

PLNOG 5: Eric Ziegast, Zbigniew Jasinski - DNSSEC
PLNOG 5: Eric Ziegast, Zbigniew Jasinski - DNSSECPLNOG 5: Eric Ziegast, Zbigniew Jasinski - DNSSEC
PLNOG 5: Eric Ziegast, Zbigniew Jasinski - DNSSEC
 
Caching and tuning fun for high scalability
Caching and tuning fun for high scalabilityCaching and tuning fun for high scalability
Caching and tuning fun for high scalability
 
The New Root Zone DNSSEC KSK
The New Root Zone DNSSEC KSKThe New Root Zone DNSSEC KSK
The New Root Zone DNSSEC KSK
 
SUSE - performance analysis-with_ceph
SUSE - performance analysis-with_cephSUSE - performance analysis-with_ceph
SUSE - performance analysis-with_ceph
 
DNSSEC at Penn
DNSSEC at PennDNSSEC at Penn
DNSSEC at Penn
 
Ceph Day Chicago - Ceph Deployment at Target: Best Practices and Lessons Learned
Ceph Day Chicago - Ceph Deployment at Target: Best Practices and Lessons LearnedCeph Day Chicago - Ceph Deployment at Target: Best Practices and Lessons Learned
Ceph Day Chicago - Ceph Deployment at Target: Best Practices and Lessons Learned
 
Performance analysis with_ceph
Performance analysis with_cephPerformance analysis with_ceph
Performance analysis with_ceph
 
Nagios Conference 2013 - Spenser Reinhardt - Securing Your Nagios Server
Nagios Conference 2013 - Spenser Reinhardt - Securing Your Nagios ServerNagios Conference 2013 - Spenser Reinhardt - Securing Your Nagios Server
Nagios Conference 2013 - Spenser Reinhardt - Securing Your Nagios Server
 
DNS_Tutorial 2.pptx
DNS_Tutorial 2.pptxDNS_Tutorial 2.pptx
DNS_Tutorial 2.pptx
 
Ceph Deployment at Target: Customer Spotlight
Ceph Deployment at Target: Customer SpotlightCeph Deployment at Target: Customer Spotlight
Ceph Deployment at Target: Customer Spotlight
 
Ceph Deployment at Target: Customer Spotlight
Ceph Deployment at Target: Customer SpotlightCeph Deployment at Target: Customer Spotlight
Ceph Deployment at Target: Customer Spotlight
 
Practical Tips for Novell Cluster Services
Practical Tips for Novell Cluster ServicesPractical Tips for Novell Cluster Services
Practical Tips for Novell Cluster Services
 
Oracle 11g R2 RAC setup on rhel 5.0
Oracle 11g R2 RAC setup on rhel 5.0Oracle 11g R2 RAC setup on rhel 5.0
Oracle 11g R2 RAC setup on rhel 5.0
 
Big Data on DC/OS
Big Data on DC/OSBig Data on DC/OS
Big Data on DC/OS
 
Mens jan piet_dnssec-in-practice
Mens jan piet_dnssec-in-practiceMens jan piet_dnssec-in-practice
Mens jan piet_dnssec-in-practice
 
Introduction to Stacki at Atlanta Meetup February 2016
Introduction to Stacki at Atlanta Meetup February 2016Introduction to Stacki at Atlanta Meetup February 2016
Introduction to Stacki at Atlanta Meetup February 2016
 
2017 DNSSEC KSK Rollover
2017 DNSSEC KSK Rollover2017 DNSSEC KSK Rollover
2017 DNSSEC KSK Rollover
 
Hostvn ceph in production v1.1 dungtq
Hostvn ceph in production v1.1 dungtqHostvn ceph in production v1.1 dungtq
Hostvn ceph in production v1.1 dungtq
 
Hostvn ceph in production v1.1 dungtq
Hostvn ceph in production v1.1 dungtqHostvn ceph in production v1.1 dungtq
Hostvn ceph in production v1.1 dungtq
 
dns-sec-4-slides
dns-sec-4-slidesdns-sec-4-slides
dns-sec-4-slides
 

Más de Men and Mice

Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network StrategiesCisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network StrategiesMen and Mice
 
PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2Men and Mice
 
IETF 93 Review Webinar
IETF 93 Review WebinarIETF 93 Review Webinar
IETF 93 Review WebinarMen and Mice
 
DNSSEC best practices Webinar
DNSSEC best practices WebinarDNSSEC best practices Webinar
DNSSEC best practices WebinarMen and Mice
 
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)Men and Mice
 
DNSSEC and DANE – E-Mail security reloaded
DNSSEC and DANE – E-Mail security reloadedDNSSEC and DANE – E-Mail security reloaded
DNSSEC and DANE – E-Mail security reloadedMen and Mice
 
IETF 90 Report – DNS, DHCP, IPv6 and DANE
IETF 90 Report – DNS, DHCP, IPv6 and DANEIETF 90 Report – DNS, DHCP, IPv6 and DANE
IETF 90 Report – DNS, DHCP, IPv6 and DANEMen and Mice
 
Scripting and automation with the Men & Mice Suite
Scripting and automation with the Men & Mice SuiteScripting and automation with the Men & Mice Suite
Scripting and automation with the Men & Mice SuiteMen and Mice
 

Más de Men and Mice (11)

Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network StrategiesCisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
 
PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2
 
PowerDNS Webinar
PowerDNS Webinar PowerDNS Webinar
PowerDNS Webinar
 
IETF 93 Review Webinar
IETF 93 Review WebinarIETF 93 Review Webinar
IETF 93 Review Webinar
 
DNSSEC best practices Webinar
DNSSEC best practices WebinarDNSSEC best practices Webinar
DNSSEC best practices Webinar
 
IETF 92 Webinar
IETF 92 WebinarIETF 92 Webinar
IETF 92 Webinar
 
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
 
DNSSEC and DANE – E-Mail security reloaded
DNSSEC and DANE – E-Mail security reloadedDNSSEC and DANE – E-Mail security reloaded
DNSSEC and DANE – E-Mail security reloaded
 
IETF 90 Report – DNS, DHCP, IPv6 and DANE
IETF 90 Report – DNS, DHCP, IPv6 and DANEIETF 90 Report – DNS, DHCP, IPv6 and DANE
IETF 90 Report – DNS, DHCP, IPv6 and DANE
 
RIPE 68 Webinar
RIPE 68 WebinarRIPE 68 Webinar
RIPE 68 Webinar
 
Scripting and automation with the Men & Mice Suite
Scripting and automation with the Men & Mice SuiteScripting and automation with the Men & Mice Suite
Scripting and automation with the Men & Mice Suite
 

Último

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 

Último (20)

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 

Yeti DNS - Experimenting at the root

  • 2. © Men & Mice http://menandmice.com Yeti-DNS Interview with Yeti-DNS coordinator Shane Kerr Tutorials - BIND 9 Resolver using Yeti-DNS - Unbound Resolver using Yeti-DNS 2
  • 3. © Men & Mice http://menandmice.com Interview with Shane Kerr 3
  • 4. © Men & Mice http://menandmice.com Using Yeti-DNS root The Yeti-DNS project relies on interested networks to run DNS-resolver towards the Yeti-DNS root • to generate "real-world" query traffic • Yeti-DNS is IPv6-only •you need IPv6 connectivity to participate (native IPv6 is best, but a tunnel is fine) • Setup is not hard • but keep in mind that Yeti-DNS is an experimental project, there might be glitches and downtime • do not run a mission critical network via Yeti-DNS • research or internal IT staff networks, Guest-WLAN etc might be fine 4
  • 5. © Men & Mice http://menandmice.com BIND 9 with Yeti-DNS root Example for Ubuntu 16.04: # apt install bind9 # wget -O /etc/bind/yeti-root.hints 
 https://raw.githubusercontent.com/BII-Lab/Yeti-Project/master/domain/named.cache # vi /etc/bind/named.conf.local ——
 zone "." {
 type hint;
 file "/etc/bind/yeti-root.hints";
 };
 
 managed-keys {
 "." initial-key 257 3 8 "AwEAAaP3gGQ4db0tAiDEky0dcUNGeI1aTDYP5NFxzhbdpD60ZhKLVV4K
 yxPmoSNUpq5Fv5M0iBwK1Tyswsyq/9sMSoZ8zx8aT3ho1YnPsSqQeJfj
 TT1WsX6YZ5Kw6B2QkjRNa6OMGZ96Kn8AI/slqsw+z8hY49Sn3baeo9iJ
 xHPzloNc2dQkW4aLqzNEYxnuoJsthCfGrPSAXlUjY9m3YKIaEWR5WFYQ
 k770fT+gGWLk/54Vp0sG+Lw75JZnwhDhixPFaToTDNqbHQmkEylq1XJL
 O15uZ/+RZNRfTXZKO4fVR0tMEbMAITqRmyP8xLXY4RXbS4J32gnenQbz
 ABX8sQmwO7s=";
 }; 5 Fetching the Yeti-DNS Root-Hints Configure the Yeti-Root- Hints The Yeti-DNS Root KSK for DNSSEC validation
  • 6. © Men & Mice http://menandmice.com BIND 9 with Yeti-DNS root Example for Ubuntu 16.04: # vi /etc/bind/named.conf.default-zones ----- // prime the server with knowledge of the root servers
 #zone "." {
 # type hint;
 # file "/etc/bind/db.root";
 #}; ------ # named-checkconf # systemctl restart bind9 # systemctl status bind9 6 uncommenting the "official" IANA Root-Hints check the configuration and restart BIND 9
  • 7. © Men & Mice http://menandmice.com BIND 9 with Yeti-DNS root Example for Ubuntu 16.04: # dig @localhost ns .
 ; <<>> DiG 9.10.3-P4-Ubuntu <<>> @localhost ns .
 ; (1 server found)
 ;; global options: +cmd
 ;; Got answer:
 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52931
 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 25, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION:
 ; EDNS: version: 0, flags:; udp: 4096
 ;; QUESTION SECTION:
 ;. IN NS
 ;; ANSWER SECTION:
 . 86367 IN NS yeti1.ipv6.ernet.in.
 . 86367 IN NS yeti-ns2.dns-lab.net.
 . 86367 IN NS yeti-ns.as59715.net.
 . 86367 IN NS yeti.ipv6.ernet.in.
 . 86367 IN NS dahu2.yeti.eu.org.
 […]
 . 86367 IN NS bii.dns-lab.net.
 . 86367 IN NS yeti-ns.lab.nic.cl.
 . 86367 IN NS yeti-ns.tisf.net.
 . 86367 IN NS 18ac3e7343f016890c510e93f93526.yeti-dns.net. ;; Query time: 0 msec
 ;; SERVER: 127.0.0.1#53(127.0.0.1)
 ;; WHEN: Thu Jun 09 13:06:49 CEST 2016
 ;; MSG SIZE rcvd: 823 7 Query for the Nameserver NS- RRSET of the root zone (must be DNSSEC validated 
 AD-Flag!) the list of Yeti-DNS root server
  • 8. © Men & Mice http://menandmice.com Unbound with Yeti-DNS root Example for Ubuntu 16.04: # apt install unbound # wget wget -O /etc/unbound/yeti-root.hints 
 https://raw.githubusercontent.com/BII-Lab/Yeti-Project/master/domain/named.cache # vi /etc/unbound/unbound.conf.d/yeti-root.conf
 ——
 server:
 root-hints: "yeti-root.hints" —— 8 fetching the Yeti-DNS root-hints
  • 9. © Men & Mice http://menandmice.com Unbound with Yeti-DNS root Example for Ubuntu 16.04: ! ! # wget -O /var/lib/unbound/root.key 
 https://raw.githubusercontent.com/BII-Lab/Yeti-Project/master/domain/KSK.pub # echo 'ROOT_TRUST_ANCHOR_UPDATE="false"' >> /etc/default/unbound 9 fetching the Yeti-DNS root-KSK for DNSSEC validation disabling the update of the DNSSEC root KSK via unbound-anchor
  • 10. © Men & Mice http://menandmice.com Unbound with Yeti-DNS root Example for Ubuntu 16.04: ! ! # unbound-checkconf 
 unbound-checkconf: no errors in /etc/unbound/unbound.conf # systemctl restart unbound # systemctl status unbound ! 10 check the Unbound configuration for errors
  • 11. © Men & Mice http://menandmice.com Unbound with Yeti-DNS root Example for Ubuntu 16.04: # dig @localhost ns . ; <<>> DiG 9.10.3-P4-Ubuntu <<>> @localhost ns .
 ; (1 server found)
 ;; global options: +cmd
 ;; Got answer:
 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29228
 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 25, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION:
 ; EDNS: version: 0, flags:; udp: 4096
 ;; QUESTION SECTION:
 ;. IN NS ;; ANSWER SECTION: . 86369 IN NS 3f79bb7b435b05321651daefd374cd.yeti-dns.net.
 . […]
 . 86369 IN NS yeti-ns.tisf.net.
 . 86369 IN NS yeti-ns1.dns-lab.net.
 . 86369 IN NS 2e7d2c03a9507ae265ecf5b5356885.yeti-dns.net.
 . 86369 IN NS yeti.ipv6.ernet.in.
 . 86369 IN NS dahu1.yeti.eu.org.
 . 86369 IN NS yeti-ns.wide.ad.jp.
 ;; Query time: 0 msec
 ;; SERVER: 127.0.0.1#53(127.0.0.1)
 ;; WHEN: Thu Jun 09 13:44:23 CEST 2016
 ;; MSG SIZE rcvd: 823 11 Query for the Nameserver NS- RRSET of the root zone (must be DNSSEC validated 
 AD-Flag!) the list of Yeti-DNS root server
  • 12. © Men & Mice http://menandmice.com Yeti-DNS resources Website: 
 http://yeti-dns.org/ Mailinglist: http://lists.yeti-dns.org/mailman/listinfo/discuss Statistics: http://yeti-dns.org/statistics.html Yeti-Root-Server Monitoring: (via RIPE Atlas) http://yeti-dns.org/monitor.html 12
  • 13. © Men & Mice http://menandmice.com Upcoming training classes Special 
 4 day IPv6 Intro & Advanced Topics Workshop
 
 August 1 – 4, 2016 Livermore, CA (USA) 13 https://www.menandmice.com/support-training/training/ipv6/
  • 14. © Men & Mice http://menandmice.com Upcoming training classes KEA-DHCP August 8 – 9, 2016 - Amsterdam, The Netherlands October 13 – 14, 2016 - West Coast, USA October 17 – 18, 2016 - East Coast, USA November 21 – 22, 2016 - Amsterdam, The Netherlands Two days - Hands-On training US$ 1795 14 https://www.menandmice.com/support-training/training/kea-dhcp-training/
  • 15. © Men & Mice http://menandmice.com more training •August 22 – 24, 2016 Introduction to DNS & BIND Hands-On class Amsterdam, The Netherlands • August 22 – 26, 2016 Introduction & Advanced DNS and BIND Topics Hands-on class Amsterdam, The Netherlands •August 24 – 26, 2016 DNSSEC Technical Workshop – Implementation and Deployment Amsterdam, The Netherlands •October 3 – 5, 2016 Introduction to DNS & BIND Hands-On class Arlington (VA), USA •October 3 – 7, 2016 Introduction & Advanced DNS and BIND Topics Hands- on class Arlington (VA), USA •October 5 – 7, 2016 DNSSEC Technical Workshop – Implementation and Deployment Arlington (VA), USA 15 https://www.menandmice.com/support-training/training/
  • 16. © Men & Mice http://menandmice.com ISC Webinars Webinar: Extending Kea with Hooks 29 June 2016 - 10:00 AM PST / 5:00 PM UCT https://goo.gl/ZP3NIc 16
  • 17. © Men & Mice http://menandmice.com Thank you! ! Questions? Comments? 17