OARC 42 (Charlotte, NC, USA)

Name: OARC 42 (Charlotte, NC, USA)
Start: 2024-02-08T09:00:00-05:00
End: 2024-02-09T18:40:00-05:00
Location: Embassy Suites Charlotte Uptown

8–9 Feb 2024 Workshop

Embassy Suites Charlotte Uptown

US/Eastern timezone

OARC Meeting Admin

DNSSEC signer upgrade at PCH.net

8 Feb 2024, 12:20

25m

Salon A/B (Embassy Suites Charlotte Uptown)

Salon A/B

Embassy Suites Charlotte Uptown

401 East Martin Luther King Jr Blvd Charlotte NC 28202 United States

In-Person Standard Presentation OARC 42 Day 1

Tamas Csillag (PCH.net)

In my talk I plan to summarize the properties of
PCH's DNSSEC bump in the wire signer from 2010.
(which was based on bind9 and custom code in c/bash/perl)

What were our goals and motivations for the upgrade.

Why we ended up choosing knot as a replacement signer.

Our process include a keysigning ceremony where ZSKs are generated and RRSIGs for those keys years in advance.

I will talk about how we use the keysigning output with knot's offline-ksk functionality and how we utilize HSMs.

Another part to be presented is nsd and how we use its relatively recent functionality the verifier hook to check the correctness of the DNSSEC signed zones.

Talk duration

Tamas Csillag (PCH.net)

DNS-OARC42-Tamás-2024-02-07-v4.pdf

DNS-OARC42-Tamás-2024-02-07-v6.pdf

OARC 42 (Charlotte, NC, USA)

OARC Meeting Admin

DNSSEC signer upgrade at PCH.net

Salon A/B

Embassy Suites Charlotte Uptown

Speaker

Description

Primary author

Presentation materials

Choose timezone

OARC 42 (Charlotte, NC, USA)

OARC Meeting Admin

Speaker

Description

Primary author

Presentation materials