13th APNIC Open Policy Meeting

DNS Security Tutorial - DNSSEC, introduction to the concept and current state

The Domain Name System (DNS) is one of the main parts of the Internet Infrastructure. End-users trust that DNS will give correct results. At the moment, however, DNS lacks a mechanism to establish the authenticity and integrity of the data it provides. DNSSEC is a set of extensions to provide end-to-end authenticity and integrity.

This introduction will cover.

• DNS security threads
• DNSSEC security mechanisms
• DNSSEC server protection
• DNSSEC data protection
• Delegation issues
• Keymanagement issues
• Current developments

Examples are based on BIND nameserver.

Intended audience

The DNSSEC introduction is intended for those who are familiar with common DNS terminology and are interested in learning about the concepts and mechanisms that DNSSEC offers.

Tutorial outcome

Our goal is to provide participants with the ability to deploy DNSSEC in their own organisation.

Tutor - Olaf M. Kolkman

Olaf M. Kolkman is a scientific programmer at the RIPE NCC. His background is in Astronomy. He joined the RIPE NCC test-traffic project in 1997, was responsible for the RIPE NCC operations group and is now a member of the New Projects group and working on the Deployment of Internet Security Infrastructure (DISI) project.

Top  |  Program