DOCSLIB.ORG

Domain Name Systems-Based Electronic Mail Security

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Domain Name Systems-Based Electronic Mail Security DRAFT NIST CYBERSECURITY PRACTICE GUIDE DOMAIN NAME SYSTEMS-BASED ELECTRONIC MAIL SECURITY How-To Guides For Security Engineers Scott Rose William Barker Santos Jha Chinedum Irrechukwu Karen Waltermire NIST SPECIAL PUBLICATION 1800-6C DRAFT NIST Special Publication 1800-6C NIST Cybersecurity Practice Guide DOMAIN NAME SYSTEMS- BASED ELECTRONIC MAIL SECURITY 1800-6C Scott Rose How-To Guides Information Technology Laboratory For Security Engineers National Institute of Standards and Technology William C. Barker Dakota Consulting Silver Spring, MD Santos Jha Chinedum Irrechukwu The MITRE Corporation McLean, VA Karen Waltermire National Cybersecurity Center of Excellence National Institute of Standards and Technology November 2016 U.S. Department of Commerce Penny Pritzker, Secretary National Institute of Standards and Technology Willie May, Under Secretary of Commerce for Standards and Technology and Director DRAFT DISCLAIMER Certain commercial entities, equipment, products, or materials may be identified in this document in order to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by NIST or NCCoE, nor is it intended to imply that the entities, equipment, products, or materials are necessarily the best available for the purpose. National Institute of Standards and Technology Special Publication 1800-6C Natl Inst. Stand. Technol. Spec. Publ. 1800-6C, 144 pages (November 2016) CODEN: NSPUE2 Organizations are encouraged to review all draft publications during public comment periods and provide feedback. All publications from NIST’s National Cybersecurity Center of Excellence are available at http://nccoe.nist.gov. Comments on this publication may be submitted to: [email protected] Public comment period: November 2, 2016 through December 19, 2016 National Cybersecurity Center of Excellence National Institute of Standards and Technology 100 Bureau Drive Gaithersburg, MD 20899 Mailstop 2002 Email: [email protected] DNS-Based Email Security Practice Guide iii DRAFT NATIONAL CYBERSECURITY CENTER OF EXCELLENCE The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) addresses businesses’ most pressing cybersecurity problems with practical, standards-based solutions using commercially available technologies. The NCCoE collaborates with industry, academic, and government experts to build modular, open, end-to- end reference designs that are broadly applicable and repeatable. The center’s work results in publicly available NIST Cybersecurity Practice Guides, Special Publication Series 1800, that provide users with the materials lists, configuration files, and other information they need to adopt a similar approach. To learn more about the NCCoE, visit http://nccoe.nist.gov. To learn more about NIST, visit http://www.nist.gov. NIST CYBERSECURITY PRACTICE GUIDES NIST Cybersecurity Practice Guides (Special Publication Series 1800) target specific cybersecurity challenges in the public and private sectors. They are practical, user-friendly guides that facilitate the adoption of standards-based approaches to cybersecurity. They show members of the information security community how to implement example solutions that help them align more easily with relevant standards and best practices. The documents in this series describe example implementations of cybersecurity practices that businesses and other organizations may voluntarily adopt. The documents in this series do not describe regulations or mandatory practices, nor do they carry statutory authority. ABSTRACT This document proposes a reference guide on how to architect, install, and configure a security platform for trustworthy email exchanges across organizational boundaries. The project includes reliable authentication of mail servers, digitally signing and encrypting email, and binding cryptographic key certificates to sources and servers. The example solutions and architectures presented here are based upon standards-based and commercially available products. The example solutions presented here can be used by any organization implementing Domain Name System-based electronic mail security. KEYWORDS electronic mail, digital signature; encryption; domain name system; data integrity; authentication, named entities, internet addresses, internet protocols, privacy DNS-Based Email Security Practice Guide iv DRAFT ACKNOWLEDGMENTS We gratefully acknowledge the contributions of the following individuals and organizations for their generous contributions of expertise, time, and products. Name Organization Nate Lesser National Cybersecurity Center of Excellence Karen Waltermire National Cybersecurity Center of Excellence Doug Montgomery NIST ITL Advanced Networks Technologies Division Janet Jones Microsoft Corporation Paul Fox Microsoft Corporation Joe Gersch Secure64 Saksham Manchanda Secure64 Benno Overeinder NLnet Labs Ralph Dolmans NLnet Labs Willem Toorop NLnet Labs Bud Bruegger Fraunhofer IAO Victoria Risk Internet Systems Consortium Eddy Winstead Internet Systems Consortium DNS-Based Email Security Practice Guide v Contents Contents 1 Introduction........................................................................................................................... 1 1.1 Practice Guide Structure...............................................................................................................2 1.2 Build Overview ..............................................................................................................................3 1.3 Typographical Conventions ..........................................................................................................7 2 How to Install and Configure DNS-Protected Email Security Components.................... 8 2.1 Laboratory Set-up .........................................................................................................................9 2.2 How to Install and Configure Microsoft Server-Based DNS-Protected Email Security Components 18 2.3 How to Install and Configure BIND .............................................................................................18 2.4 NSD 4 Requirements, Installation, Setup, and Configuration Components................................24 2.5 How to Install and Configure OpenDNSSEC ..............................................................................29 2.6 Unbound .....................................................................................................................................34 2.7 How to Install and Configure a DNS Signer Platform .................................................................37 2.8 How to Install and Configure a DNS Authority Platform..............................................................37 2.9 How to Install and Configure DNS Cache...................................................................................37 2.10 How to Install and Configure a Dovecot/Postfix Mail Transfer Agent .........................................38 2.11 How to Install and Configure a Thunderbird Mail Client..............................................................50 3 Device Configuration and Operating Recommendations ............................................... 53 3.1 Using SSL for Cryptographic Certificate Generation ..................................................................54 3.2 Cryptographic Operations (User Actions) ...................................................................................60 3.3 Server-to-Server Encryption Activation and Use ........................................................................67 3.4 Utilities and Useful Tools ............................................................................................................67 Appendix A Acronyms .......................................................................................................... 70 Appendix B References ........................................................................................................ 72 Appendix C Platform Operation and Observations............................................................ 75 C.1 Operations Scenarios ...........................................................................................................75 C.2 Test Sequences ...................................................................................................................76 Appendix D Secure Name System (DNS) Deployment Checklist...................................... 89 Appendix E Overview of Products Contributed by Collaborators.................................... 94 E.1 Open Source MUA and MTA Components ..........................................................................94 E.2 Microsoft Windows-Based Components ..............................................................................96 E.3 NLnet Labs Name Server Daemon-Based Components .....................................................98 DNS-Based Email Security Practice Guide i DRAFT Contents E.4 ISC BIND Component ........................................................................................................100 E.5 Secure64 Component ........................................................................................................103 Appendix F Installation and Configuration Log for NSD4, Unbound, and OpenDNSSEC .. 106 Appendix G Microsoft Installation for the NCCoE ............................................................ 115 G.1 Microsoft Server
Load more

Recommended publications
  • DNS / DNSSEC Workshop
    1/22/18 DNS / DNSSEC Workshop Hong Kong 22-24 January 2018 Issue Date: Revision: Overview • DNS Overview • BIND DNS Configuration • Recursive and Forward DNS • Reverse DNS • Troubleshooting • DNS Security Overview • DNS Transactions • DNS Security Extensions (DNSSec) • DNSSec Key Management and Automation 2 1 1/22/18 Overview • DNS Overview • BIND DNS Configuration • Recursive and Forward DNS • Reverse DNS • Troubleshooting • DNS Security Overview • DNS Transactions • DNS Security Extensions (DNSSec) • DNSSec Key Management and Automation 3 Domain Name System • A lookup mechanism for translating objects into otHer objects – Mapping names to numbers and vice versa • A globally distributed, loosely coHerent, scalable, reliable, dynamic database • Comprised of tHree components – A “name space” – Servers making tHat name space available – Resolvers (clients) query tHe servers about tHe name space • A critical piece of tHe Internet infrastructure 4 2 1/22/18 IP Addresses vs Domain Names The Internet DNS www.apnic.net202.112.0.46 2001:0400:: 2001:0C00:8888::My Computer www.apnic.net2001:0400:: 5 Old Solution: hosts.txt • A centrally-maintained file, distributed to all Hosts on tHe Internet • Issues witH Having just one file – Becomes Huge after some time – Needs frequent copying to ALL Hosts – Consistency // hosts.txt – Always out-of-date SERVER1 128.4.13.9 WEBMAIL 4.98.133.7 – Name uniqueness FTPHOST 200.10.194.33 – Single point of administration THis feature still exists: [Unix] /etc/Hosts [Windows] c:\windows\Hosts 6 3 1/22/18 DNS Features • Global distribution – SHares tHe load and administration • Loose CoHerency – GeograpHically distributed, but still coHerent • Scalability – can add DNS servers witHout affecting tHe entire DNS • Reliability • Dynamicity – Modify and update data dynamically 7 DNS Features • DNS is a client-server application • Requests and responses are normally sent in UDP packets, port 53 • Occasionally uses TCP, port 53 – for very large requests, e.g.
    [Show full text]
  • Analysis and Performance Optimization of E-Mail Server
    Analysis and Performance Optimization of E-mail Server Disserta¸c~aoapresentada ao Instituto Polit´ecnicode Bragan¸capara cumprimento dos requisitos necess´arios `aobten¸c~aodo grau de Mestre em Sistemas de Informa¸c~ao,sob a supervis~aode Prof. Dr. Rui Pedro Lopes. Eduardo Manuel Mendes Costa Outubro 2010 Preface The e-mail service is increasingly important for organizations and their employees. As such, it requires constant monitoring to solve any performance issues and to maintain an adequate level of service. To cope with the increase of traffic as well as the dimension of organizations, several architectures have been evolving, such as cluster or cloud computing, promising new paradigms of service delivery, which can possibility solve many current problems such as scalability, increased storage and processing capacity, greater rationalization of resources, cost reduction, and increase in performance. However, it is necessary to check whether they are suitable to receive e-mail servers, and as such the purpose of this dissertation will concentrate on evaluating the performance of e-mail servers, in different hosting architectures. Beyond computing platforms, was also analze different server applications. They will be tested to determine which combinations of computer platforms and applications obtained better performances for the SMTP, POP3 and IMAP services. The tests are performed by measuring the number of sessions per ammount of time, in several test scenarios. This dissertation should be of interest for all system administrators of public and private organizations that are considering implementing enterprise wide e-mail services. i Acknowledgments This work would not be complete without thanking all who helped me directly or indirectly to complete it.
    [Show full text]
  • Linux E-Mail Set Up, Maintain, and Secure a Small Office E-Mail Server
    Linux E-mail Set up, maintain, and secure a small office e-mail server Ian Haycox Alistair McDonald Magnus Bäck Ralf Hildebrandt Patrick Ben Koetter David Rusenko Carl Taylor BIRMINGHAM - MUMBAI This material is copyright and is licensed for the sole use by Jillian Fraser on 20th November 2009 111 Sutter Street, Suite 1800, San Francisco, , 94104 Linux E-mail Set up, maintain, and secure a small office e-mail server Copyright © 2009 Packt Publishing All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information. First published: June 2005 Second edition: November 2009 Production Reference: 1051109 Published by Packt Publishing Ltd. 32 Lincoln Road Olton Birmingham, B27 6PA, UK. ISBN 978-1-847198-64-8 www.packtpub.com
    [Show full text]
  • Domain Name Systems-Based Electronic Mail Security
    DRAFT NIST CYBERSECURITY PRACTICE GUIDE DOMAIN NAME SYSTEMS-BASED ELECTRONIC MAIL SECURITY Scott Rose William C. Barker Santos Jha Chinedum Irrechukwu Karen Waltermire NIST SPECIAL PUBLICATION 1800-6 (INCLUDING PARTS A, B, C) ADDITIONAL CONTENT: https://nccoe.nist.gov/projects/building_blocks/ DRAFT NIST Special Publication 1800-6 NIST Cybersecurity Practice Guide DOMAIN NAME SYSTEMS- BASED ELECTRONIC MAIL SECURITY 1800-6A Scott Rose Executive Summary Information Technology Laboratory National Institute of Standards and Technology 1800-6B Approach, Architecture, and William C. Barker Security Characteristics Dakota Consulting For CIOs, CSOs, and Security Managers Silver Spring, MD 1800-6C Santos Jha How-To Guides Chinedum Irrechukwu For Security Engineers The MITRE Corporation McLean, VA Karen Waltermire National Cybersecurity Center of Excellence National Institute of Standards and Technology November 2016 U.S. Department of Commerce Penny Pritzker, Secretary National Institute of Standards and Technology Willie May, Under Secretary of Commerce for Standards and Technology and Director DRAFT DISCLAIMER Certain commercial entities, equipment, products, or materials may be identified in this document in order to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by NIST or NCCoE, nor is it intended to imply that the entities, equipment, products, or materials are necessarily the best available for the purpose. National Institute of Standards and Technology Special Publication 1800-6 Natl Inst. Stand. Technol. Spec. Publ. 1800-6, 221 pages (November 2016) CODEN: NSPUE2 Organizations are encouraged to review all draft publications during public comment periods and provide feedback. All publications from NIST’s National Cybersecurity Center of Excellence are available at http://nccoe.nist.gov.
    [Show full text]
  • BIND 9 Administrator Reference Manual
    BIND 9 Administrator Reference Manual BIND 9.11.23 (Extended Support Version) Copyright (C) 2000-2020 Internet Systems Consortium, Inc. ("ISC") This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/. Internet Systems Consortium, Inc. PO Box 360 Newmarket, NH 03857 USA https://www.isc.org/ Contents 1 Introduction 1 1.1 Scope of Document . .1 1.2 Organization of This Document . .1 1.3 Conventions Used in This Document . .1 1.4 The Domain Name System (DNS) . .2 DNS Fundamentals . .2 Domains and Domain Names . .2 Zones . .3 Authoritative Name Servers . .3 The Primary Server . .3 Secondary Servers . .4 Stealth Servers . .4 Caching Name Servers . .4 Forwarding . .5 Name Servers in Multiple Roles . .5 2 BIND Resource Requirements7 2.1 Hardware requirements . .7 2.2 CPU Requirements . .7 2.3 Memory Requirements . .7 2.4 Name Server-Intensive Environment Issues . .7 2.5 Supported Operating Systems . .8 iii BIND 9.11.23 CONTENTS CONTENTS 3 Name Server Configuration9 3.1 Sample Configurations . .9 A Caching-only Name Server . .9 An Authoritative-only Name Server . .9 3.2 Load Balancing . 10 3.3 Name Server Operations . 11 Tools for Use With the Name Server Daemon . 11 Diagnostic Tools . 11 Administrative Tools . 12 Signals . 13 4 Advanced DNS Features 15 4.1 Notify . 15 4.2 Dynamic Update . 15 The Journal File . 16 4.3 Incremental Zone Transfers (IXFR) . 16 4.4 Split DNS .
    [Show full text]
  • The Qmail Handbook by Dave Sill ISBN:1893115402 Apress 2002 (492 Pages)
    < Free Open Study > The qmail Handbook by Dave Sill ISBN:1893115402 Apress 2002 (492 pages) This guide begins with a discussion of qmail s history, architecture and features, and then goes into a thorough investigation of the installation and configuration process. Table of Contents The qmail Handbook Introduction Ch apt - Introducing qmail er 1 Ch apt - Installing qmail er 2 Ch apt - Configuring qmail: The Basics er 3 Ch apt - Using qmail er 4 Ch apt - Managing qmail er 5 Ch apt - Troubleshooting qmail er 6 Ch apt - Configuring qmail: Advanced Options er 7 Ch apt - Controlling Junk Mail er 8 Ch apt - Managing Mailing Lists er 9 Ch apt - Serving Mailboxes er 10 Ch apt - Hosting Virtual Domain and Users er 11 Ch apt - Understanding Advanced Topics er 12 Ap pe ndi - How qmail Works x A Ap pe ndi - Related Packages x B Ap pe ndi - How Internet Mail Works x C Ap pe ndi - qmail Features x D Ap pe - Error Messages ndi x E Ap pe - Gotchas ndi x F Index List of Figures List of Tables List of Listings < Free Open Study > < Free Open Study > Back Cover • Provides thorough instruction for installing, configuring, and optimizing qmail • Includes coverage of secure networking, troubleshooting issues, and mailing list administration • Covers what system administrators want to know by concentrating on qmail issues relevant to daily operation • Includes instructions on how to filter spam before it reaches the client The qmail Handbook will guide system and mail administrators of all skill levels through installing, configuring, and maintaining the qmail server.
    [Show full text]
  • BIND 9 Administrator Reference Manual
    BIND 9 Administrator Reference Manual BIND 9.11.31 (Extended Support Version) Copyright (C) 2000-2021 Internet Systems Consortium, Inc. ("ISC") This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/. Internet Systems Consortium, Inc. PO Box 360 Newmarket, NH 03857 USA https://www.isc.org/ Contents 1 Introduction 1 1.1 Scope of Document . .1 1.2 Organization of This Document . .1 1.3 Conventions Used in This Document . .1 1.4 The Domain Name System (DNS) . .2 DNS Fundamentals . .2 Domains and Domain Names . .2 Zones . .3 Authoritative Name Servers . .3 The Primary Server . .3 Secondary Servers . .4 Stealth Servers . .4 Caching Name Servers . .4 Forwarding . .5 Name Servers in Multiple Roles . .5 2 BIND Resource Requirements7 2.1 Hardware requirements . .7 2.2 CPU Requirements . .7 2.3 Memory Requirements . .7 2.4 Name Server-Intensive Environment Issues . .7 2.5 Supported Operating Systems . .8 iii BIND 9.11.31 CONTENTS CONTENTS 3 Name Server Configuration9 3.1 Sample Configurations . .9 A Caching-only Name Server . .9 An Authoritative-only Name Server . .9 3.2 Load Balancing . 10 3.3 Name Server Operations . 11 Tools for Use With the Name Server Daemon . 11 Diagnostic Tools . 11 Administrative Tools . 12 Signals . 13 4 Advanced DNS Features 15 4.1 Notify . 15 4.2 Dynamic Update . 15 The Journal File . 16 4.3 Incremental Zone Transfers (IXFR) . 16 4.4 Split DNS .
    [Show full text]
  • Wazuh Ruleset
    [email protected] https://wazuh.com Wazuh Ruleset Rule Description Source Updated by Wazuh apache Apache is the world's most used web server software. Out of the box ✔ AppArmor is a Linux kernel security module that allows the system administrator to restrict programs's capabilities with per -program apparmor Out of the box ✔ profiles. arpwatch ARPWatch is a computer software tool for monitoring Address Resolution Protocol traffic on a computer network. Out of the box ✔ asterisk Asterisk is a software implementation of a telephone private branch exchange (PBX). Out of the box ✔ attack_rules.xml Signatures of different attacks detected by Wazuh Out of the box ✔ cimserver Compaq Insight Manager Server Out of the box ✔ cisco-ios Cisco IOS is a software used on most Cisco Systems routers and current Cisco network switches. Out of the box ✔ Clam AntiVirus (ClamAV) is a free and open-source, cross-platform antivirus software tool-kit able to detect many types of malicious clam_av software. Out of the box ✔ courier IMAP/POP3 server Out of the box ✔ dovecot Dovecot is an open-source IMAP and POP3 server for Linux/UNIX-like systems, written primarily with security in mind. Out of the box ✔ Dropbear is a software package that provides a Secure Shell-compatible server and client. It is designed as a replacement for standard dropbear OpenSSH for environments with low memory and processor resources, such as embedded systems. Out of the box ✔ FirewallD provides a dynamically managed firewall with support for network/firewall zones to define the trust level of networ k firewalld connections or interfaces.
    [Show full text]
  • Make QMAIL with Vpopmail Vchkpw, Courier-Authlib and Courier-Imap Auth Work Without Mysql on Debian Linux Qmailrocks Thibs Install
    Walking in Light with Christ - Faith, Computing, Diary Articles & tips and tricks on GNU/Linux, FreeBSD, Windows, mobile phone articles, religious related texts http://www.pc-freak.net/blog Make QMAIL with vpopmail vchkpw, courier-authlib and courier-imap auth work without MySQL on Debian Linux qmailrocks Thibs install Author : admin Recently installed a new QMAIL, following mostly Thibs Qmailrocks install guide. I didn't followed literally Thibs good guide, cause in his guide in few of the sections like Install Vpopmail he recommends using MySQL as a Backend to store Vpopmail email data and passwords; I prefer storing all vpopmail data on the file system as I believe it is much better especially for tiny QMAIL mail servers with less than 500 mail box accounts. In this little article I will explain, how I made Vpopmail courier-authlib and courier-imap play nice together without storing data in SQL backend. 1. Compile vpopmail with file system data storage support So here is how I managed to make vpopmail + courier-authlib + courier-imap, work well together: First its necessery to compile Vpopmailin store all its users data and mail data on file system. For this in Thibs Vpopmail Intsall step compiled Vpopmail without support for MySQL, e.g. instead of using his pointed compile time ./configure, arguments I used: # cd /downloads/vpopmail-5.4.33 # ./configure \ --enable-qmaildir=/var/qmail/ \ --enable-qmail-newu=/var/qmail/bin/qmail-newu \ --enable-qmail-inject=/var/qmail/bin/qmail-inject \ --enable-qmail-newmrh=/var/qmail/bin/qmail-newmrh \ --enable-tcprules-prog=/usr/bin/tcprules \ --enable-tcpserver-file=/etc/tcp.smtp \ --enable-clear-passwd \ 1 / 7 Walking in Light with Christ - Faith, Computing, Diary Articles & tips and tricks on GNU/Linux, FreeBSD, Windows, mobile phone articles, religious related texts http://www.pc-freak.net/blog --enable-many-domains \ --enable-qmail-ext \ --enable-logging=y \ --enable-auth-logging \ --enable-libdir=/usr/lib/ \ --disable-roaming-users \ --disable-passwd \ --enable-domainquotas \ --enable-roaming-users ...
    [Show full text]
  • Qmail Quickstarter: Install, Set up and Run Your Own Email Server
    Qmail Quickstarter Install, Set Up, and Run your own Email Server A fast-paced and easy-to-follow, step-by-step guide that gets you up and running quickly Kyle Wheeler BIRMINGHAM - MUMBAI Qmail Quickstarter Install, Set Up, and Run your own Email Server Copyright © 2007 Packt Publishing All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, Packt Publishing, nor its dealers or distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information. First published: June 2007 Production Reference: 1040607 Published by Packt Publishing Ltd. 32 Lincoln Road Olton Birmingham, B27 6PA, UK. ISBN 978-1-847191-15-1 www.packtpub.com Cover Image by Vinayak Chittar ([email protected]) [ FM- ] Credits Author Editorial Manager Kyle Wheeler Dipali Chittar Reviewer Project Coordinator Russell Nelson Abhijeet Deobhakta Development Editor Indexer Nanda Padmanabhan Bhushan Pangaonkar Assistant Development Editor Proofreader Rashmi Phadnis Chris Smith Technical Editor Production Coordinator Saurabh Singh Manjiri Nadkarni Code Testing Cover Designer Ankur Shah Manjiri Nadkarni Project Manager Patricia Weir [ FM- ] About the Author Kyle Wheeler is a PhD candidate at the University of Notre Dame in the Computer Science and Engineering Department.
    [Show full text]
  • Installer Et Utiliser Opendnssec
    Installer et utiliser OpenDNSSEC. Laurent Archambault <[email protected]> Installer et utiliser OpenDNSSEC. par Laurent Archambault Copyright © 2009 Laurent Archambault. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitled "GNU Free Documentation License". http://www.gnu.org/licenses/ fdl.html Table des matières Contexte ....................................................................................................................... iv 1. Installer les composants. ................................................................................................. 1 Les composants via une distribution Gnu/Linux. ............................................................. 1 Les autres composants. ........................................................................................... 1 dnsruby ................................................................................................... 1 ldns ........................................................................................................ 1 Botan ...................................................................................................... 1 Les composants « OpenDNSSEC ». ............................................................................ 2 OpenDNSSEC. ....................................................................................................
    [Show full text]
  • Opendnssec.Training.2012.03.Pdf
    OpenDNSSEC training Opening 2 March 2012 Creative Commons Attribution-ShareAlike 3.0 Unported License 1 Agenda Time: Day 1: 10:00 – 17:00, Day 2: 09:00 – 16:00 • Introduction to DNSSEC and the OpenDNSSEC application • Prerequisites for running OpenDNSSEC and description of the lab environment • Hardware Security Modules • SoftHSM installation and initialization • Configuration files for ODS, conf.xml , kasp.xml and zonelist.xml • Running OpenDNSSEC • Testing • Integration • Monitoring • Recovery planning • Operational practices 2 March 2012 Creative Commons Attribution-ShareAlike 3.0 Unported License 2 Introduction • Who am I? 2 March 2012 Creative Commons Attribution-ShareAlike 3.0 Unported License 3 Introduction • Who are you? • Any experience with DNSSEC? • What are your expectations? 2 March 2012 Creative Commons Attribution-ShareAlike 3.0 Unported License 4 Goals • Understanding of DNSSEC • OpenDNSSEC • Install • Configure • Sign zones • Integrate with your environment • Basic troubleshooting 2 March 2012 Creative Commons Attribution-ShareAlike 3.0 Unported License 5 Lab environment • Amazon Elastic Compute Cloud (EC2) • One teacher server running odslab.se • Two servers per group • Resolver – resolverX.odslab.se • Name server – nsX.odslab.se • One domain per group • groupX.odslab.se 2 March 2012 Creative Commons Attribution-ShareAlike 3.0 Unported License 6 The lab • Handouts with lab instructions • Most of the labs are introduced by a presentation • Group numbers and login credentials are handed out by the teacher 2 March 2012 Creative Commons Attribution-ShareAlike 3.0 Unported License 7 OpenDNSSEC training Uploading the DS RR 2 March 2012 Creative Commons Attribution-ShareAlike 3.0 Unported License 8 Head start • We need to create a chain-of-trust to our test domain, odslab.se.
    [Show full text]