Tweede&bullet&niveau& Validaon&at. nl...100%tekst$ TEXTLEVELS 1 Plain&text 2 3 •...
Transcript of Tweede&bullet&niveau& Validaon&at. nl...100%tekst$ TEXTLEVELS 1 Plain&text 2 3 •...
100% tekst
TEXT LEVELS
Plain text 1
2
3
• Eerste bullet niveau
• Tweede bullet niveau
4 Titel
Klik om de s+jl te bewerken
Klik om de models+jlen te bewerken
§ Tweede niveau
§ Derde niveau
§ Vierde niveau
Vijfde niveau
Wie zijn wij? | Mijlpalen | Organisa@e | Het huidige internet | Missie -‐ Visie | Diensten | Referen@es | SamenvaJng 1
DNSSEC Workshop @ ICANN54
Oct 21, 2015
Marco Davids, Jelte Jansen, Maarten Wullink, Cris@an Hesselman
S@mula@ng DNSSEC Valida@on at .nl
100% tekst
TEXT LEVELS
Plain text 1
2
3
• Eerste bullet niveau
• Tweede bullet niveau
4 Titel
SIDN
• SIDN = registry for the Netherlands (.nl)
• SIDN Labs = R&D team SIDN
• 5.5M domain names, 1.500 registrars
• Largest DNSSEC zone in the world (2.4M signed)
• RSP for .amsterdam (capital) and .aw (Aruba)
• Main DNSSEC challenge: valida@on
100% tekst
TEXT LEVELS
Plain text 1
2
3
• Eerste bullet niveau
• Tweede bullet niveau
4 Titel
#1: DNSSEC Resolver Service
• DNSSEC valida@on by .nl registry
• ISPs don’t, so we decided to do it ourselves
• Also get more experience in opera@ng resolvers
• Two resolver machines running UNBOUND
• Pilot with a high school (1.000 students)
• Opted for a white-‐listed service (unlike Google, Verisign)
100% tekst
TEXT LEVELS
Plain text 1
2
3
• Eerste bullet niveau
• Tweede bullet niveau
4 Titel
#2: DNSSEC Valida@on Device (“ValiBox”)
100% tekst
TEXT LEVELS
Plain text 1
2
3
• Eerste bullet niveau
• Tweede bullet niveau
4 Titel
0.00%$
0.10%$
0.20%$
0.30%$
0.40%$
0.50%$
0.60%$
0.70%$
0.80%$
0.90%$
2013/04/20$
2013/05/20$
2013/06/20$
2013/07/20$
2013/08/20$
2013/09/20$
2013/10/20$
2013/11/20$
2013/12/20$
2014/01/20$
2014/02/20$
2014/03/20$
2014/04/20$
2014/05/20$
2014/06/20$
2014/07/20$
2014/08/20$
2014/09/20$
2014/10/20$
2014/11/20$
2014/12/20$
2015/01/20$
2015/02/20$
2015/03/20$
2015/04/20$
2015/05/20$
2015/06/20$
Percentage)DNSSEC)valida3efouten)
#3: DNSSEC Valida@on Monitor “XXL”
Valida3e Monitor XXL
3+ level labels (and valida@on errors)
Valida@ng Resolver
.nl zone file
Network Engineer
24 hours
Name Server
�
�
�
�
�
�
�
Repair
Registrar/DNS operator
.nl Registry
Access Provider
Resolver
User
XXL-‐version live Apr 4, 2015
error at a registrar
Average Jun 15-‐Jul 15: Number: 6.080 Percentage: 0.25%
100% tekst
TEXT LEVELS
Plain text 1
2
3
• Eerste bullet niveau
• Tweede bullet niveau
4 Titel
#4: Registrar Score Card
100% tekst
TEXT LEVELS
Plain text 1
2
3
• Eerste bullet niveau
• Tweede bullet niveau
4 Titel
Registries Take the Lead!
• ISPs won’t, at least in the Netherlands
• Take a mul@-‐track approach • Offer valida@on func@onality • Help further reducing valida@on errors • Go horizontal (thru ISPs) as well as ver@cal (industry-‐specific)
• Help others • Sponsor sooware development (such as UNBOUND, PowerDNS)
• Sponsor large-‐scale valida@on pilots, for instance at universi@es • Enable policy development, for instance at government agencies
• Promote use (internet.nl, stats.sidnlabs.nl, dnssec.nl)
100% tekst
TEXT LEVELS
Plain text 1
2
3
• Eerste bullet niveau
• Tweede bullet niveau
4 Titel
Ques@ons and Feedback
www.sidnlabs.nl
Cris@an Hesselman
Manager SIDN Labs
[email protected]@sidn.nl
+31 6 25 07 87 33
@hesselma