SlideShare una empresa de Scribd logo
1 de 26
Descargar para leer sin conexión
DNSSEC
                        for the Root Zone
                                 LACNIC XIII
                          Curacao, Netherlands Antilles
                                   May 2010

                             Mehmet Akcin, ICANN




Tuesday, May 18, 2010
This design is the result of a cooperation
                     between ICANN & VeriSign with
                    support from the U.S. DoC NTIA




Tuesday, May 18, 2010
Quick Recap
                    • 2048-bit RSA KSK, 1024-bit RSA ZSK
                    • Signatures with RSA/SHA-256
                    • Split ZSK/KSK operations
                    • Incremental deployment
                    • Deliberately Unvalidatable Root Zone
                        (DURZ)
                    • more information @ www.root-dnssec.org
Tuesday, May 18, 2010
DURZ Deployment

                    • The Deliberately Unvalidatable Root Zone
                        (DURZ) deployment started on 27 January.
                    • As of 5 May, all 13 root servers are serving
                        the DURZ.




Tuesday, May 18, 2010
DURZ Data Collections
       Pre-DURZ                   2010-01-19 ✔
       L                          2010-01-27 ✔
       A                          2010-02-10 ✔
       I,M                        2010-03-03 ✔
       D, E, K                    2010-03-24 ✔
       B,C,F,G,H                  2010-04-14 ✔
       J                          2010-05-05 ✔

Tuesday, May 18, 2010
Tuesday, May 18, 2010
L-Root’s DURZ Date
                             01/26/10




Tuesday, May 18, 2010
Tuesday, May 18, 2010
Tuesday, May 18, 2010
All Roots serving DURZ
                             Date 05/05/10




Tuesday, May 18, 2010
Tuesday, May 18, 2010
L-Root’s DURZ Date
                             01/26/10




Tuesday, May 18, 2010
All Roots serving DURZ
                    Date 05/05/10




Tuesday, May 18, 2010
Tuesday, May 18, 2010
Tuesday, May 18, 2010
UDP Priming Query Rate
                                                   for the previous month
                                                 as of 2010 05 01 00:00:00
                             450
                                                                                              A root
                                                                                              C root
                             400                                                              D root
                                                                                              E root
                             350                                                              F root
                                                                                              G root
                                                                                              H root
                             300
        Queries Per Second




                                                                                              J root
                                                                                              L root
                             250                                                              M root


                             200


                             150


                             100


                              50


                              0
                              MAR31   APR5   APR10      APR15         APR20   APR25   APR30

                                                     Date/Time, UTC


Tuesday, May 18, 2010
UDP Priming Query Rate
                                                               for the previous month
                                                             as of 2010 05 01 00:00:00
                             450
                                                                                                        A root
                                                                                                        C root
                             400                                                                        D root
                                                                                                        E root
                             350                                                                        F root
                                                                                                        G root
                                      A single nameserver                                               H root
                             300             instance with
        Queries Per Second




                                                                                                        J root
                                          max-cache-ttl=0                                               L root
                             250                                                                        M root


                             200


                             150


                             100


                              50


                              0
                              MAR31       APR5        APR10       APR15         APR20   APR25   APR30

                                                               Date/Time, UTC


Tuesday, May 18, 2010
DS Change Requests

                    • Approach likely to be based on existing
                        methods for TLD managers to request
                        changes in root zone.
                    • Anticipate being able to accept DS requests
                        in early June.




Tuesday, May 18, 2010
Policy Update

                    • Updated versions of the draft KSK and ZSK
                        DNSSEC Practice Statements (DPS) will be
                        published shortly.
                        ‣ Not much has changed substantively, but please
                          read these practice statements – answers to
                          most questions regarding DNSSEC for the Root
                          Zone can be found in the DPS.



Tuesday, May 18, 2010
TCR Update

                    • Trusted Community Representative
                        Applications were submitted between
                        13-24 April 2010.
                    • 61 Total Applications
                        ‣ 5 from LACNIC
                        ‣ Background checks are being completed.


Tuesday, May 18, 2010
KSK Ceremonies

                    • First ceremony will take a place in ICANN
                        KSK East Coast Facility in Culpeper,Virginia
                    • 16 June 2010
                        ‣ More information will be posted on website
                          http://www.root-dnssec.org




Tuesday, May 18, 2010
Documentation
                                     Available at www.root-dnssec.org



                    •   Requirements
                    •   High Level Technical Architecture
                    •   DNSSEC Practice Statements (DPS)
                    •   Trust Anchor Publication
                    •   Deployment Plan
                    •   KSK Ceremonies Guide
                    •   TCR Proposal
                    •   Resolver Testing with a DURZ
                    •   DS Record Handling
                    •   DNSSEC Key Management Implementation
Tuesday, May 18, 2010
Next Steps
                    • 2010-06-16: First Key Signing Key (KSK)
                        Ceremony
                        ‣ Culpeper, US (ICANN East Coast KSK facility)
                    • 2010-07-15: Distribution of validatable,
                        production, signed root zone; publication of
                        root zone trust anchor
                        ‣ More data analysis and dodging meetings and
                          holidays.


Tuesday, May 18, 2010
Questions & Answers



Tuesday, May 18, 2010
rootsign@icann.org



Tuesday, May 18, 2010
Root DNSSEC Design Team
                             Joe Abley
                         Mehmet Akcin
                           David Blacka
                          David Conrad
                          Richard Lamb
                           Matt Larson
                        Fredrik Ljunggren
                           Dave Knight
                        Tomofumi Okubo
                          Jakob Schlyter
                         Duane Wessels


Tuesday, May 18, 2010

Más contenido relacionado

Último

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers:  A Deep Dive into Serverless Spatial Data and FMECloud Frontiers:  A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

Último (20)

Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers:  A Deep Dive into Serverless Spatial Data and FMECloud Frontiers:  A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬  The future of MySQL is Postgres   🐘🐬  The future of MySQL is Postgres   🐘
🐬 The future of MySQL is Postgres 🐘
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 

Destacado

Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
 

Destacado (20)

AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity -  Best PracticesTime Management & Productivity -  Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
 
ChatGPT webinar slides
ChatGPT webinar slidesChatGPT webinar slides
ChatGPT webinar slides
 
More than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike RoutesMore than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike Routes
 

Signing the Root

  • 1. DNSSEC for the Root Zone LACNIC XIII Curacao, Netherlands Antilles May 2010 Mehmet Akcin, ICANN Tuesday, May 18, 2010
  • 2. This design is the result of a cooperation between ICANN & VeriSign with support from the U.S. DoC NTIA Tuesday, May 18, 2010
  • 3. Quick Recap • 2048-bit RSA KSK, 1024-bit RSA ZSK • Signatures with RSA/SHA-256 • Split ZSK/KSK operations • Incremental deployment • Deliberately Unvalidatable Root Zone (DURZ) • more information @ www.root-dnssec.org Tuesday, May 18, 2010
  • 4. DURZ Deployment • The Deliberately Unvalidatable Root Zone (DURZ) deployment started on 27 January. • As of 5 May, all 13 root servers are serving the DURZ. Tuesday, May 18, 2010
  • 5. DURZ Data Collections Pre-DURZ 2010-01-19 ✔ L 2010-01-27 ✔ A 2010-02-10 ✔ I,M 2010-03-03 ✔ D, E, K 2010-03-24 ✔ B,C,F,G,H 2010-04-14 ✔ J 2010-05-05 ✔ Tuesday, May 18, 2010
  • 7. L-Root’s DURZ Date 01/26/10 Tuesday, May 18, 2010
  • 10. All Roots serving DURZ Date 05/05/10 Tuesday, May 18, 2010
  • 12. L-Root’s DURZ Date 01/26/10 Tuesday, May 18, 2010
  • 13. All Roots serving DURZ Date 05/05/10 Tuesday, May 18, 2010
  • 16. UDP Priming Query Rate for the previous month as of 2010 05 01 00:00:00 450 A root C root 400 D root E root 350 F root G root H root 300 Queries Per Second J root L root 250 M root 200 150 100 50 0 MAR31 APR5 APR10 APR15 APR20 APR25 APR30 Date/Time, UTC Tuesday, May 18, 2010
  • 17. UDP Priming Query Rate for the previous month as of 2010 05 01 00:00:00 450 A root C root 400 D root E root 350 F root G root A single nameserver H root 300 instance with Queries Per Second J root max-cache-ttl=0 L root 250 M root 200 150 100 50 0 MAR31 APR5 APR10 APR15 APR20 APR25 APR30 Date/Time, UTC Tuesday, May 18, 2010
  • 18. DS Change Requests • Approach likely to be based on existing methods for TLD managers to request changes in root zone. • Anticipate being able to accept DS requests in early June. Tuesday, May 18, 2010
  • 19. Policy Update • Updated versions of the draft KSK and ZSK DNSSEC Practice Statements (DPS) will be published shortly. ‣ Not much has changed substantively, but please read these practice statements – answers to most questions regarding DNSSEC for the Root Zone can be found in the DPS. Tuesday, May 18, 2010
  • 20. TCR Update • Trusted Community Representative Applications were submitted between 13-24 April 2010. • 61 Total Applications ‣ 5 from LACNIC ‣ Background checks are being completed. Tuesday, May 18, 2010
  • 21. KSK Ceremonies • First ceremony will take a place in ICANN KSK East Coast Facility in Culpeper,Virginia • 16 June 2010 ‣ More information will be posted on website http://www.root-dnssec.org Tuesday, May 18, 2010
  • 22. Documentation Available at www.root-dnssec.org • Requirements • High Level Technical Architecture • DNSSEC Practice Statements (DPS) • Trust Anchor Publication • Deployment Plan • KSK Ceremonies Guide • TCR Proposal • Resolver Testing with a DURZ • DS Record Handling • DNSSEC Key Management Implementation Tuesday, May 18, 2010
  • 23. Next Steps • 2010-06-16: First Key Signing Key (KSK) Ceremony ‣ Culpeper, US (ICANN East Coast KSK facility) • 2010-07-15: Distribution of validatable, production, signed root zone; publication of root zone trust anchor ‣ More data analysis and dodging meetings and holidays. Tuesday, May 18, 2010
  • 26. Root DNSSEC Design Team Joe Abley Mehmet Akcin David Blacka David Conrad Richard Lamb Matt Larson Fredrik Ljunggren Dave Knight Tomofumi Okubo Jakob Schlyter Duane Wessels Tuesday, May 18, 2010