Summer 2010 ESCC/Internet2 Joint Techs

close
Use Internet2 SiteID

Already have an Internet2 SiteID?
Sign in here.

Internet2 SiteID

Troubleshooting DNSSEC Visually

Time 07/14/10 08:40AM-09:00AM

We do not host flash-based video files on our servers anymore. Please contact Web Support for further details about netcast videos.

Session Abstract

As DNSSEC adoption grows, more and more DNS administrators are signing their zones because of mandate, technical interest, or actual security need. However, the pervasiveness of DNSSEC misconfigurations in signed zones has shown that deployment is non-trivial. As increasing organizations begin deploying validating resolvers the misconfigurations will result in resolution failure. DNSSEC troubleshooting tools exist, but have historically been catered towards seasoned users and have not been comprehensive enough to identify issues among hierarchical and lateral dependencies. While they often confirm the problem, it is not easy to pinpoint the source. DNSViz was created to help administrators see the "entire picture" graphically from name queried to trust anchor. I will discuss as part of the presentation some of the common problems encountered with DNSSEC deployment, some techniques to help troubleshoot, and how DNSViz automates this process.

Speakers

Speaker Casey Deccio Sandia National Laboratories

Presentation Media

media item thumbnail Troubleshooting DNSSEC Visually (pdf)

Speaker Kevin G. Chege KENET

Speaker Casey Deccio Sandia National Laboratories

Secondary tracks Security Performance / Measurement Campus Networking

Session Media

media item thumbnail Troubleshooting DNSSEC Visually Netcast Archive As DNSSEC adoption grows, more and more DNS administrators are signing their zones because of mandate, technical interest, or actual security need. However, the pervasiveness of DNSSEC misconfigurations in signed zones has shown that deployment is non-trivial. As increasing organizations begin deploying validating resolvers the misconfigurations will result in resolution failure. DNSSEC troubleshooting tools exist, but have historically been catered towards seasoned users and have not been comprehensive enough to identify issues among hierarchical and lateral dependencies. While they often confirm the problem, it is not easy to pinpoint the source. DNSViz was created to help administrators see the "entire picture" graphically from name queried to trust anchor. I will discuss as part of the presentation some of the common problems encountered with DNSSEC deployment, some techniques to help troubleshoot, and how DNSViz automates this process. media item thumbnail Troubleshooting DNSSEC Visually Netcast Archive As DNSSEC adoption grows, more and more DNS administrators are signing their zones because of mandate, technical interest, or actual security need. However, the pervasiveness of DNSSEC misconfigurations in signed zones has shown that deployment is non-trivial. As increasing organizations begin deploying validating resolvers the misconfigurations will result in resolution failure. DNSSEC troubleshooting tools exist, but have historically been catered towards seasoned users and have not been comprehensive enough to identify issues among hierarchical and lateral dependencies. While they often confirm the problem, it is not easy to pinpoint the source. DNSViz was created to help administrators see the "entire picture" graphically from name queried to trust anchor. I will discuss as part of the presentation some of the common problems encountered with DNSSEC deployment, some techniques to help troubleshoot, and how DNSViz automates this process.

gold Sponsors