Lightning Talks session
A lightning talk that describes two tools that might be of general interest to DNS operators. Note: a 5-minute and a 10-minute version are attached. Either might be given.
A group of DNS engineers have formed a design team to look at improving DNSSEC Provisioning with 3rd party DNS providers. Two issues are being looked at:
- DNSSEC requires the registry to have a DS record associated with the zone. When 3rd party DNS providers generate the key(s) and sign the zone, there is no well defined path for providing the DS record to the registry. (Some ccTLDs are...
Not everyone seems to consider DNS fragmentation harmful, and the authors of draft-fujiwara-dnsop-avoid-fragmentation-01 have heard some interesting feedback, which will be anonymized and presented briefly, to inspire ad-hoc bar BOFs to follow.
.ORG was the first gTLD signed with DNSSEC and remains one of the largest, but is still operating on parameters set originally in 2009. PIR, the registry responsible for .ORG, and Afilias, the registry services provider that handles technical operations for .ORG, are reviewing those original parameters and preparing to update them, primarily to move away from SHA1 as the signing algorithm. We...
Some interesting measurements "divided" by operator
DNS over TLS Discovery
The DNS over TLS (DoT) protocol is well defined and ideal for client-to-recursive privacy. However, there is currently no way for a client to upgrade its connection to an existing resolver, for a number of reasons.
This talk concerns the impediments to doing an upgrade, and a proposal for a scheme that solves nearly all of them. The author has a PoC for the scheme,...