Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &!...
Transcript of Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &!...
![Page 1: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/1.jpg)
© Men & Mice http://menandmice,com
Commercial DNSSECManagement Solutions
1Wednesday, June 2, 2010
![Page 2: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/2.jpg)
© Men & Mice http://menandmice,com
From Iceland...
2Wednesday, June 2, 2010
![Page 3: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/3.jpg)
© Men & Mice http://menandmice,com
comes more than fire and ice!
3Wednesday, June 2, 2010
![Page 4: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/4.jpg)
© Men & Mice http://menandmice,com
Of Men & Mice
•Icelandic company founded in 1990, privately held
•Specialist in DNS, DHCP and IP address management products and services
‣ 30 people
‣ 7 Service/support engineers
‣ 3 support locations (USA, Iceland, Germany)
•Long history of innovation and success
4Wednesday, June 2, 2010
![Page 5: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/5.jpg)
© Men & Mice http://menandmice,com
Long history of innovation and success…
5Wednesday, June 2, 2010
![Page 6: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/6.jpg)
© Men & Mice http://menandmice,com
Long history of innovation and success…
1998DNS Analyzing Tool
1995DNS server for Mac
2000GUI for BIND
2003DNS Traffic Analyzer
2005DNS, DHCP Management for AD
2008GUI Management for ISC DHCP
2009Support forUnbound/NSD
5Wednesday, June 2, 2010
![Page 7: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/7.jpg)
© Men & Mice http://menandmice,com
More than 10.000 customers
6Wednesday, June 2, 2010
![Page 8: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/8.jpg)
© Men & Mice http://menandmice,com
The Men & Mice System
7Wednesday, June 2, 2010
![Page 9: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/9.jpg)
© Men & Mice http://menandmice,com
Men & Mice Suite – 3 tier architecture
8Wednesday, June 2, 2010
![Page 10: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/10.jpg)
© Men & Mice http://menandmice,com
Integration Layer of existing services
9Wednesday, June 2, 2010
![Page 11: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/11.jpg)
© Men & Mice http://menandmice,com
DNSSEC workflow
DNS Server
DNS Management Team
10Wednesday, June 2, 2010
![Page 12: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/12.jpg)
© Men & Mice http://menandmice,com
DNSSEC workflow
DNS Server
DNS Management Team
Zone changes
10Wednesday, June 2, 2010
![Page 13: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/13.jpg)
© Men & Mice http://menandmice,com
DNSSEC workflow
GUIManagement
DNS Server
DNS Management Team
Zone changes
10Wednesday, June 2, 2010
![Page 14: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/14.jpg)
© Men & Mice http://menandmice,com
DNSSEC workflow
GUIManagement
DNS Server
DNS Management Team
Zone changes
10Wednesday, June 2, 2010
![Page 15: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/15.jpg)
© Men & Mice http://menandmice,com
DNSSEC workflow
GUIManagement
Men & Mice Central
DNS Server
DNS Management Team
Zone changes
10Wednesday, June 2, 2010
![Page 16: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/16.jpg)
© Men & Mice http://menandmice,com
DNSSEC workflow
GUIManagement
Men & Mice Central
DNS Server
DNS Management Team
Zone changes
unsigned Zone
10Wednesday, June 2, 2010
![Page 17: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/17.jpg)
© Men & Mice http://menandmice,com
DNSSEC workflow
GUIManagement
Men & Mice Central
DNS Server
DNSSECZone Signing
& Key Management
DNS Management Team
Zone changes
unsigned Zone
10Wednesday, June 2, 2010
![Page 18: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/18.jpg)
© Men & Mice http://menandmice,com
DNSSEC workflow
GUIManagement
Men & Mice Central
DNS Server
DNSSECZone Signing
& Key Management
DNS Management Team
Zone changes
unsigned Zone
signedZone
10Wednesday, June 2, 2010
![Page 19: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/19.jpg)
© Men & Mice http://menandmice,com
DNSSEC workflow
GUIManagement
Men & Mice Central
DNS Server Controller
DNS Server
DNSSECZone Signing
& Key Management
DNS Management Team
Zone changes
unsigned Zone
signedZone
10Wednesday, June 2, 2010
![Page 20: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/20.jpg)
© Men & Mice http://menandmice,com
DNSSEC workflow
GUIManagement
Men & Mice Central
DNS Server Controller
DNS Server
DNSSECZone Signing
& Key Management
OpenDNSSECSecure64 Signer
DNSSEC ZKT BIND 9.7.x+
Windows 2008R2
DNS Management Team
Zone changes
unsigned Zone
signedZone
10Wednesday, June 2, 2010
![Page 21: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/21.jpg)
© Men & Mice http://menandmice,com
Secure64 Integration
11Wednesday, June 2, 2010
![Page 22: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/22.jpg)
© Men & Mice http://menandmice,com
What is Secure64?
•DNSSEC Signer Hardware Appliance build by Secure64 Software Corporation
•Secure64 DNS Signer is a fully automated DNSSEC signing engine.
•Complies with DNSSEC RFCs 4033, 4034, 4035, 5011, and 5155
12Wednesday, June 2, 2010
![Page 23: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/23.jpg)
© Men & Mice http://menandmice,com
What is Secure64?
•Automates bulk zone signing, resigning, and key rollover
•Supports parent-child synchronization of chains of trust and coordinates with key rollover
•Provides best practice defaults, with optional configurable values for key lengths, signing intervals, and rollover techniques
13Wednesday, June 2, 2010
![Page 24: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/24.jpg)
© Men & Mice http://menandmice,com
What is Secure64?
•Uses a hardware crypto chip (TPM) to generate and maintain private encryption keys that never leave the chip itself
•Keeps the DNSSEC private signing keys safe by never storing them in the clear on disk or in backup keys stores
•Supports secure backup and recovery of signing keys and system keys for disaster recovery
•Provides certification to FIPS 140-2 level 3 (pending)
14Wednesday, June 2, 2010
![Page 25: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/25.jpg)
© Men & Mice http://menandmice,com
Architecture
•The Secure64 Signer acts as an “signer-in-the-middle” system
•The Men & Mice DNS Module takes care of all necessary configuration
•on the signer
•on the hidden master
•on the authoritative slave servers
15Wednesday, June 2, 2010
![Page 26: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/26.jpg)
© Men & Mice http://menandmice,com
Architecture
hidden primary DNS
Men & Mice Central
DNS Admin workstation
Secure64signer
authoritative DNS
(slave)
authoritative DNS
(slave)
DMZ
16Wednesday, June 2, 2010
![Page 27: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/27.jpg)
© Men & Mice http://menandmice,com
creating a zone
hidden primary DNS
DNS Admin workstation
Secure64signer
authoritative DNS
(slave)
authoritative DNS
(slave)
Men & Mice protocol
SSH protocol
DNS protocol
DMZ
Men & Mice Central
17Wednesday, June 2, 2010
![Page 28: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/28.jpg)
© Men & Mice http://menandmice,com
creating a zone
hidden primary DNS
DNS Admin workstation
Secure64signer
authoritative DNS
(slave)
authoritative DNS
(slave)
Men & Mice protocol
SSH protocol
DNS protocol
Zone creation request
DMZ
Men & Mice Central
17Wednesday, June 2, 2010
![Page 29: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/29.jpg)
© Men & Mice http://menandmice,com
creating a zone
hidden primary DNS
DNS Admin workstation
Secure64signer
authoritative DNS
(slave)
authoritative DNS
(slave)
Men & Mice protocol
SSH protocol
DNS protocol
DMZ
Men & Mice Central
17Wednesday, June 2, 2010
![Page 30: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/30.jpg)
© Men & Mice http://menandmice,com
creating a zone
hidden primary DNS
DNS Admin workstation
Secure64signer
authoritative DNS
(slave)
authoritative DNS
(slave)
Men & Mice protocol
SSH protocol
DNS protocol
DMZ
Men & Mice Central
18Wednesday, June 2, 2010
![Page 31: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/31.jpg)
© Men & Mice http://menandmice,com
creating a zone
hidden primary DNS
DNS Admin workstation
Secure64signer
authoritative DNS
(slave)
authoritative DNS
(slave)
Men & Mice protocol
SSH protocol
DNS protocol
creates plain DNS
Zone
DMZ
Men & Mice Central
18Wednesday, June 2, 2010
![Page 32: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/32.jpg)
© Men & Mice http://menandmice,com
creating a zone
hidden primary DNS
DNS Admin workstation
Secure64signer
authoritative DNS
(slave)
authoritative DNS
(slave)
Men & Mice protocol
SSH protocol
DNS protocol
DMZ
Men & Mice Central
18Wednesday, June 2, 2010
![Page 33: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/33.jpg)
© Men & Mice http://menandmice,com
creating a zone
hidden primary DNS
DNS Admin workstation
Secure64signer
authoritative DNS
(slave)
authoritative DNS
(slave)
Men & Mice protocol
SSH protocol
DNS protocol
DMZ
Men & Mice Central
19Wednesday, June 2, 2010
![Page 34: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/34.jpg)
© Men & Mice http://menandmice,com
creating a zone
hidden primary DNS
DNS Admin workstation
Secure64signer
authoritative DNS
(slave)
authoritative DNS
(slave)
Men & Mice protocol
SSH protocol
DNS protocol
configures Secure64 signer
to sign new zone
DMZ
Men & Mice Central
19Wednesday, June 2, 2010
![Page 35: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/35.jpg)
© Men & Mice http://menandmice,com
creating a zone
hidden primary DNS
DNS Admin workstation
Secure64signer
authoritative DNS
(slave)
authoritative DNS
(slave)
Men & Mice protocol
SSH protocol
DNS protocol
DMZ
Men & Mice Central
19Wednesday, June 2, 2010
![Page 36: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/36.jpg)
© Men & Mice http://menandmice,com
creating a zone
DMZ
hidden primary DNS
DNS Admin workstation
Secure64signer
authoritative DNS
(slave)
authoritative DNS
(slave)
Men & Mice protocol
SSH protocol
DNS protocol
Men & Mice Central
20Wednesday, June 2, 2010
![Page 37: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/37.jpg)
© Men & Mice http://menandmice,com
creating a zone
DMZ
hidden primary DNS
DNS Admin workstation
Secure64signer
authoritative DNS
(slave)
authoritative DNS
(slave)
Men & Mice protocol
SSH protocol
DNS protocol
configures slave DNS to load
DNSSEC zone from signer
Men & Mice Central
20Wednesday, June 2, 2010
![Page 38: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/38.jpg)
© Men & Mice http://menandmice,com
creating a zone
DMZ
hidden primary DNS
DNS Admin workstation
Secure64signer
authoritative DNS
(slave)
authoritative DNS
(slave)
Men & Mice protocol
SSH protocol
DNS protocol
Men & Mice Central
20Wednesday, June 2, 2010
![Page 39: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/39.jpg)
© Men & Mice http://menandmice,com
creating a zone
hidden primary DNS
DNS Admin workstation
Secure64signer
authoritative DNS
(slave)
authoritative DNS
(slave)
Men & Mice protocol
SSH protocol
DNS protocol
DMZ
Men & Mice Central
21Wednesday, June 2, 2010
![Page 40: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/40.jpg)
© Men & Mice http://menandmice,com
creating a zone
hidden primary DNS
DNS Admin workstation
Secure64signer
authoritative DNS
(slave)
authoritative DNS
(slave)
Men & Mice protocol
SSH protocol
DNS protocol
DNS Zone Transfer
DMZ
Men & Mice Central
21Wednesday, June 2, 2010
![Page 41: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/41.jpg)
© Men & Mice http://menandmice,com
creating a zone
hidden primary DNS
DNS Admin workstation
Secure64signer
authoritative DNS
(slave)
authoritative DNS
(slave)
Men & Mice protocol
SSH protocol
DNS protocol
DMZ
Men & Mice Central
21Wednesday, June 2, 2010
![Page 42: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/42.jpg)
© Men & Mice http://menandmice,com
creating a zone
DMZ
hidden primary DNS
DNS Admin workstation
Secure64signer
authoritative DNS
(slave)
authoritative DNS
(slave)
Men & Mice protocol
SSH protocol
DNS protocol
Men & Mice Central
22Wednesday, June 2, 2010
![Page 43: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/43.jpg)
© Men & Mice http://menandmice,com
creating a zone
DMZ
hidden primary DNS
DNS Admin workstation
Secure64signer
authoritative DNS
(slave)
authoritative DNS
(slave)
Men & Mice protocol
SSH protocol
DNS protocol
DNS Notify message after zone has been
signed
Men & Mice Central
22Wednesday, June 2, 2010
![Page 44: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/44.jpg)
© Men & Mice http://menandmice,com
creating a zone
DMZ
hidden primary DNS
DNS Admin workstation
Secure64signer
authoritative DNS
(slave)
authoritative DNS
(slave)
Men & Mice protocol
SSH protocol
DNS protocol
Men & Mice Central
22Wednesday, June 2, 2010
![Page 45: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/45.jpg)
© Men & Mice http://menandmice,com
creating a zone
hidden primary DNS
DNS Admin workstation
Secure64signer
authoritative DNS
(slave)
authoritative DNS
(slave)
Men & Mice protocol
SSH protocol
DNS protocol
DMZ
Men & Mice Central
23Wednesday, June 2, 2010
![Page 46: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/46.jpg)
© Men & Mice http://menandmice,com
creating a zone
hidden primary DNS
DNS Admin workstation
Secure64signer
authoritative DNS
(slave)
authoritative DNS
(slave)
Men & Mice protocol
SSH protocol
DNS protocol
DNS Zone Transfer
DMZ
Men & Mice Central
23Wednesday, June 2, 2010
![Page 47: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/47.jpg)
© Men & Mice http://menandmice,com
creating a zone
hidden primary DNS
DNS Admin workstation
Secure64signer
authoritative DNS
(slave)
authoritative DNS
(slave)
Men & Mice protocol
SSH protocol
DNS protocol
DMZ
Men & Mice Central
23Wednesday, June 2, 2010
![Page 48: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/48.jpg)
© Men & Mice http://menandmice,com
zone update
hidden primary DNS
Men & Mice
Central DNS Admin workstation
Secure64signer
authoritative DNS
(slave)
authoritative DNS
(slave)
Men & Mice protocol
SSH protocol
DNS protocol
DMZ
24Wednesday, June 2, 2010
![Page 49: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/49.jpg)
© Men & Mice http://menandmice,com
zone update
hidden primary DNS
Men & Mice
Central DNS Admin workstation
Secure64signer
authoritative DNS
(slave)
authoritative DNS
(slave)
Men & Mice protocol
SSH protocol
DNS protocol
Zone update request
DMZ
24Wednesday, June 2, 2010
![Page 50: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/50.jpg)
© Men & Mice http://menandmice,com
zone update
hidden primary DNS
Men & Mice
Central DNS Admin workstation
Secure64signer
authoritative DNS
(slave)
authoritative DNS
(slave)
Men & Mice protocol
SSH protocol
DNS protocol
DMZ
24Wednesday, June 2, 2010
![Page 51: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/51.jpg)
© Men & Mice http://menandmice,com
zone update
hidden primary DNS
DNS Admin workstation
Secure64signer
authoritative DNS
(slave)
authoritative DNS
(slave)
Men & Mice protocol
SSH protocol
DNS protocol
DMZ
Men & Mice Central
25Wednesday, June 2, 2010
![Page 52: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/52.jpg)
© Men & Mice http://menandmice,com
zone update
hidden primary DNS
DNS Admin workstation
Secure64signer
authoritative DNS
(slave)
authoritative DNS
(slave)
Men & Mice protocol
SSH protocol
DNS protocol
send DNS update
DMZ
Men & Mice Central
25Wednesday, June 2, 2010
![Page 53: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/53.jpg)
© Men & Mice http://menandmice,com
zone update
hidden primary DNS
DNS Admin workstation
Secure64signer
authoritative DNS
(slave)
authoritative DNS
(slave)
Men & Mice protocol
SSH protocol
DNS protocol
DMZ
Men & Mice Central
25Wednesday, June 2, 2010
![Page 54: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/54.jpg)
© Men & Mice http://menandmice,com
zone update
hidden primary DNS
DNS Admin workstation
Secure64signer
authoritative DNS
(slave)
authoritative DNS
(slave)
Men & Mice protocol
SSH protocol
DNS protocol
DMZ
Men & Mice Central
26Wednesday, June 2, 2010
![Page 55: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/55.jpg)
© Men & Mice http://menandmice,com
zone update
hidden primary DNS
DNS Admin workstation
Secure64signer
authoritative DNS
(slave)
authoritative DNS
(slave)
Men & Mice protocol
SSH protocol
DNS protocol
DNS notify
DMZ
Men & Mice Central
26Wednesday, June 2, 2010
![Page 56: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/56.jpg)
© Men & Mice http://menandmice,com
zone update
hidden primary DNS
DNS Admin workstation
Secure64signer
authoritative DNS
(slave)
authoritative DNS
(slave)
Men & Mice protocol
SSH protocol
DNS protocol
DMZ
Men & Mice Central
26Wednesday, June 2, 2010
![Page 57: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/57.jpg)
© Men & Mice http://menandmice,com
zone update
hidden primary DNS
DNS Admin workstation
Secure64signer
authoritative DNS
(slave)
authoritative DNS
(slave)
Men & Mice protocol
SSH protocol
DNS protocol
DMZ
Men & Mice Central
27Wednesday, June 2, 2010
![Page 58: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/58.jpg)
© Men & Mice http://menandmice,com
zone update
hidden primary DNS
DNS Admin workstation
Secure64signer
authoritative DNS
(slave)
authoritative DNS
(slave)
Men & Mice protocol
SSH protocol
DNS protocol
DNS Zone Transfer
DMZ
Men & Mice Central
27Wednesday, June 2, 2010
![Page 59: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/59.jpg)
© Men & Mice http://menandmice,com
zone update
hidden primary DNS
DNS Admin workstation
Secure64signer
authoritative DNS
(slave)
authoritative DNS
(slave)
Men & Mice protocol
SSH protocol
DNS protocol
DMZ
Men & Mice Central
DNS Zone get signed
27Wednesday, June 2, 2010
![Page 60: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/60.jpg)
© Men & Mice http://menandmice,com
zone update
hidden primary DNS
DNS Admin workstation
Secure64signer
authoritative DNS
(slave)
authoritative DNS
(slave)
Men & Mice protocol
SSH protocol
DNS protocol
DMZ
Men & Mice Central
27Wednesday, June 2, 2010
![Page 61: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/61.jpg)
© Men & Mice http://menandmice,com
zone update
DMZ
hidden primary DNS
DNS Admin workstation
Secure64signer
authoritative DNS
(slave)
authoritative DNS
(slave)
Men & Mice protocol
SSH protocol
DNS protocol
Men & Mice Central
28Wednesday, June 2, 2010
![Page 62: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/62.jpg)
© Men & Mice http://menandmice,com
zone update
DMZ
hidden primary DNS
DNS Admin workstation
Secure64signer
authoritative DNS
(slave)
authoritative DNS
(slave)
Men & Mice protocol
SSH protocol
DNS protocol
DNS Notify message after zone has been
signed
Men & Mice Central
28Wednesday, June 2, 2010
![Page 63: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/63.jpg)
© Men & Mice http://menandmice,com
zone update
DMZ
hidden primary DNS
DNS Admin workstation
Secure64signer
authoritative DNS
(slave)
authoritative DNS
(slave)
Men & Mice protocol
SSH protocol
DNS protocol
Men & Mice Central
28Wednesday, June 2, 2010
![Page 64: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/64.jpg)
© Men & Mice http://menandmice,com
zone update
hidden primary DNS
DNS Admin workstation
Secure64signer
authoritative DNS
(slave)
authoritative DNS
(slave)
Men & Mice protocol
SSH protocol
DNS protocol
DMZ
Men & Mice Central
29Wednesday, June 2, 2010
![Page 65: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/65.jpg)
© Men & Mice http://menandmice,com
zone update
hidden primary DNS
DNS Admin workstation
Secure64signer
authoritative DNS
(slave)
authoritative DNS
(slave)
Men & Mice protocol
SSH protocol
DNS protocol
DNS Zone Transfer
DMZ
Men & Mice Central
29Wednesday, June 2, 2010
![Page 66: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/66.jpg)
© Men & Mice http://menandmice,com
zone update
hidden primary DNS
DNS Admin workstation
Secure64signer
authoritative DNS
(slave)
authoritative DNS
(slave)
Men & Mice protocol
SSH protocol
DNS protocol
DMZ
Men & Mice Central
29Wednesday, June 2, 2010
![Page 67: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/67.jpg)
© Men & Mice http://menandmice,com
OpenDNSSEC Integration
30Wednesday, June 2, 2010
![Page 68: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/68.jpg)
© Men & Mice http://menandmice,com
OpenDNSSEC
unsigned Zone
signer engine
KASPauditor
KASPenforcer
security module
key and signing policy
31Wednesday, June 2, 2010
![Page 69: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/69.jpg)
© Men & Mice http://menandmice,com
OpenDNSSEC
unsigned Zone
signedZone
signer engine
KASPauditor
KASPenforcer
security module
key and signing policy
31Wednesday, June 2, 2010
![Page 70: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/70.jpg)
© Men & Mice http://menandmice,com
OpenDNSSEC + Men & Mice
unsigned Zone
signedZone
signer engine
KASPauditor
KASPenforcer
security module
key and signing policy
Men & Mice Central
DNS Server Controller
DNS Server
32Wednesday, June 2, 2010
![Page 71: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/71.jpg)
© Men & Mice http://menandmice,com
OpenDNSSEC + Men & Mice
unsigned Zone
signedZone
signer engine
KASPauditor
KASPenforcer
security module
key and signing policy
Men & Mice Central
DNS Server Controller
DNS Server
verifies and writes unsigned zone
32Wednesday, June 2, 2010
![Page 72: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/72.jpg)
© Men & Mice http://menandmice,com
OpenDNSSEC + Men & Mice
unsigned Zone
signedZone
signer engine
KASPauditor
KASPenforcer
security module
key and signing policy
Men & Mice Central
DNS Server Controller
DNS Server
verifies and writes unsigned zone
selects policy
for zone
32Wednesday, June 2, 2010
![Page 73: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/73.jpg)
© Men & Mice http://menandmice,com
OpenDNSSEC + Men & Mice
unsigned Zone
signedZone
signer engine
KASPauditor
KASPenforcer
security module
key and signing policy
Men & Mice Central
DNS Server Controller
DNS Serverdeploys Zone to
Server
verifies and writes unsigned zone
selects policy
for zone
32Wednesday, June 2, 2010
![Page 74: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/74.jpg)
© Men & Mice http://menandmice,com
Zone List
33Wednesday, June 2, 2010
![Page 75: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/75.jpg)
© Men & Mice http://menandmice,com
enable DNSSEC and select
34Wednesday, June 2, 2010
![Page 76: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/76.jpg)
© Men & Mice http://menandmice,com
zone with DNSSEC records
35Wednesday, June 2, 2010
![Page 77: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/77.jpg)
© Men & Mice http://menandmice,com
zone with DNSSEC records
36Wednesday, June 2, 2010
![Page 78: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/78.jpg)
© Men & Mice http://menandmice,com
DNS Expert checks for DNSSEC zones
37Wednesday, June 2, 2010
![Page 79: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/79.jpg)
© Men & Mice http://menandmice,com
Benefits of the Men & Mice Solution
•free choice of
•DNSSEC signer
•policy management
•and DNS Server engine
38Wednesday, June 2, 2010
![Page 80: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/80.jpg)
© Men & Mice http://menandmice,com
Benefits of the Men & Mice Solution
•supports DNSSEC with
•OpenDNSSEC
•Secure64
•BIND 9.7.x DNS Server
•Windows 2008R2 DNS Server
39Wednesday, June 2, 2010
![Page 81: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/81.jpg)
© Men & Mice http://menandmice,com
Benefits of the Men & Mice Solution
•Fine grained access control
•Detailed history trail
•Sanity checks prevent DNS outage due to human error
•Integration into IP Address Management and DHCP Management
•Non-intrusive approach
40Wednesday, June 2, 2010
![Page 82: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/82.jpg)
© Men & Mice http://menandmice,com
Finis ...
•Questions?
41Wednesday, June 2, 2010
![Page 83: Commercial DNSSEC - TERENA€¦ · DNS!Server! Controller DNS!Server DNSSEC Zone!Signing &! Key!Management OpenDNSSEC Secure64!Signer DNSSEC!ZKT! BIND!9.7.x+ Windows!2008R2 DNS!Management!](https://reader034.fdocuments.net/reader034/viewer/2022043005/5f8c6509807f125884082c2a/html5/thumbnails/83.jpg)
© Men & Mice http://menandmice,com
42Wednesday, June 2, 2010