SlideShare a Scribd company logo

BIND 9 - making a modern DNS server

Jisc
Jisc

A presentation by Ondřej Surý, director of DNS engineering, Internet Systems Consortium for Networkshop47.

Technology
1 of 21
Download to read offline
BIND Making a modern DNS Server Ondřej Surý @ ISC
BIND 9 - The History • First released in y2k • Written from scratch • Design by Contract • Rather crash than overwrite memory • First DNSSEC implementation Photo by Mr Cup / Fabien Barral on Unsplash
BIND 9.11 ESV • Released in 2016 • Extended Support Version • Under Mozilla Public License • New Features: • Catalog Zones • Addzone/Delzone Provisioning • DNSSEC Key Manager • Negative Trust Anchors • DNSTAP • DNS Cookies • Minimal responses to ANY Photo by Nathan Dumlao on Unsplash
BIND 9.12 • Released in 2018 • NSEC Aggressive Use • Serve Stale (TTL Stretching) • Response Policy Zones Updates: • Support 64 RPZ zones by default • Refactored for performance and reliability • Response Policy Interface • Major Refactoring in Query-Response Processing • Speedup factor: 1.25-6 • CDS/CDNSKEY tools • ED25519 Support • Obsoleted by BIND 9.14 Photo by Fachry Zella Devandra on Unsplash
BIND 9.14 • Released in March 2019 • New release schedule • Refactoring and Modernization • New features: • QNAME Minimization • Mirror Zones • Plugins for Query-Response Processing Photo by Drew Hays on Unsplash
Modernization • On *NIX, BIND requires: • C99 Support in Compiler • POSIX Threads • Advanced Sockets API for IPv6 • Standard Atomic <stdatomic.h> • Support for lot of old systems dropped Photo by Samuel Zeller on Unsplash
Crypto Refactoring • PKCS#11 now used only for public-key cryptography • OpenSSL is mandatory • Performance Improvements • Task Manager is now multithreaded • Socket Code has multiple event loops Photo by Alex Jones on Unsplash
Performance Improvements • Extra 100k or more QPS Improvement • Due to Refactoring • Task Manager is now multithreaded • Socket Code has multiple event loops Photo by Alex Jones on Unsplash
Performance Responses Per Second
QNAME Minimization • Defined in RFC7816 • Improves DNS Privacy • Protects DNS transactions • Resolver sends only the minimal info needed to resolve the query • Enabled by default in a relaxed mode in BIND 9.14 Photo by Josh Shaw on Unsplash
QNAME Minimization Normal DNS Traffic
QNAME Minimization Minimized DNS
Root Zone Local Copy • Defined in RFC7706 • Reduced traffic to the Root • Transfer (XFR) RZ from well- known sources • DNSSEC Validated • Root Zone used only internally Photo by 7 SeTh on Unsplash
BIND 9.15 Plans • Performance • Management • Security & Privacy • Operations Photo by Daniel McCullough on Unsplash
Performance • Improve BIND performance, so you don’t have to care • Network stack rewrite / reengineering • Improve both UDP and TCP performance • Using libuv • Full-featured event loop backed by epoll, kqueue, IOCP, event ports • Asynchronous TCP and UDP sockets • And more… • Thread pools • Signal handling • High resolution clock • Using external library allows us to focus on DNS
Management • Metrics, statistics, … • Too many? • Too few? • What’s missing? • What’s extra? • Update Catalog Zones Photo by Kyle Glenn on Unsplash
DNS over TLS • Defined in RFC 7858 & RFC 8310 • Running on port 853 • Add as a module to new networking stack • Support in clients: • CLI Tools: dig, delv, … • Forwarder • Support in server: • Stub to BIND Resolver Photo by Rae Tian on Unsplash
DNS over HTTPS • RFC 8484 • Mixed traffic with HTTP • Add counterweight to “DNS Silos” • Support in clients • Support in server via proxy: • Add support for “proxy” protocol (acl, RPZ, …) • Proxy module for popular webservers (nginx, apache2) as cross-vendor project Photo by Pawel Nolbert on Unsplash
DNSSEC Made Easy • Go from “DNSSEC in 6 minutes” to simple “Yes” • Keep the existing tools (dnssec-signzone, …) • Pick reasonable defaults • Elliptic Curve keys • Automate everything • Key creation • Key rotation • Child-to-parent (both sides) • Periodic signing • Add support for: • Offline KSKs • Combined Signing Keys (CSK) Photo by John Salvino on Unsplash
Release Schedule Predictable (Time-Based) Releases
Questions? Photo by Evan Dennis on Unsplash

Recommended

LAN, WAN, SAN upgrades: hyperconverged vs traditional vs cloud
LAN, WAN, SAN upgrades: hyperconverged vs traditional vs cloudLAN, WAN, SAN upgrades: hyperconverged vs traditional vs cloud
LAN, WAN, SAN upgrades: hyperconverged vs traditional vs cloudJisc
 
Experiments in 100G networking for data-intensive research
Experiments in 100G networking for data-intensive researchExperiments in 100G networking for data-intensive research
Experiments in 100G networking for data-intensive researchJisc
 
Evolution of network automation at Imperial College London
Evolution of network automation at Imperial College LondonEvolution of network automation at Imperial College London
Evolution of network automation at Imperial College LondonJisc
 
Distribution, redundancy and high availability using OpenSIPS
Distribution, redundancy and high availability using OpenSIPSDistribution, redundancy and high availability using OpenSIPS
Distribution, redundancy and high availability using OpenSIPSDigium
 
Astricon 2012 - Redundancy and High Availability
Astricon 2012 - Redundancy and High AvailabilityAstricon 2012 - Redundancy and High Availability
Astricon 2012 - Redundancy and High Availabilityalipey
 
DPACC Acceleration Progress and Demonstration
DPACC Acceleration Progress and DemonstrationDPACC Acceleration Progress and Demonstration
DPACC Acceleration Progress and DemonstrationOPNFV
 
Clemson: Solving the HPC Data Deluge
Clemson: Solving the HPC Data DelugeClemson: Solving the HPC Data Deluge
Clemson: Solving the HPC Data Delugeinside-BigData.com
 
Running a Local Copy of the DNS Root Zone
Running a Local Copy of the DNS Root ZoneRunning a Local Copy of the DNS Root Zone
Running a Local Copy of the DNS Root ZoneAPNIC
 

Recommended

LAN, WAN, SAN upgrades: hyperconverged vs traditional vs cloud
LAN, WAN, SAN upgrades: hyperconverged vs traditional vs cloudLAN, WAN, SAN upgrades: hyperconverged vs traditional vs cloud
LAN, WAN, SAN upgrades: hyperconverged vs traditional vs cloudJisc
 
Experiments in 100G networking for data-intensive research
Experiments in 100G networking for data-intensive researchExperiments in 100G networking for data-intensive research
Experiments in 100G networking for data-intensive researchJisc
 
Evolution of network automation at Imperial College London
Evolution of network automation at Imperial College LondonEvolution of network automation at Imperial College London
Evolution of network automation at Imperial College LondonJisc
 
Distribution, redundancy and high availability using OpenSIPS
Distribution, redundancy and high availability using OpenSIPSDistribution, redundancy and high availability using OpenSIPS
Distribution, redundancy and high availability using OpenSIPSDigium
 
Astricon 2012 - Redundancy and High Availability
Astricon 2012 - Redundancy and High AvailabilityAstricon 2012 - Redundancy and High Availability
Astricon 2012 - Redundancy and High Availabilityalipey
 
DPACC Acceleration Progress and Demonstration
DPACC Acceleration Progress and DemonstrationDPACC Acceleration Progress and Demonstration
DPACC Acceleration Progress and DemonstrationOPNFV
 
Clemson: Solving the HPC Data Deluge
Clemson: Solving the HPC Data DelugeClemson: Solving the HPC Data Deluge
Clemson: Solving the HPC Data Delugeinside-BigData.com
 
Running a Local Copy of the DNS Root Zone
Running a Local Copy of the DNS Root ZoneRunning a Local Copy of the DNS Root Zone
Running a Local Copy of the DNS Root ZoneAPNIC
 
Cumulus Linux 2.5 Overview
Cumulus Linux 2.5 OverviewCumulus Linux 2.5 Overview
Cumulus Linux 2.5 OverviewCumulus Networks
 
Advanced Traffic Engineering (TE++)
Advanced Traffic Engineering (TE++)Advanced Traffic Engineering (TE++)
Advanced Traffic Engineering (TE++)Pravin Bhandarkar
 
OpenNebulaConf 2016 - Network automation with VR by Karsten Nielsen, Unity Te...
OpenNebulaConf 2016 - Network automation with VR by Karsten Nielsen, Unity Te...OpenNebulaConf 2016 - Network automation with VR by Karsten Nielsen, Unity Te...
OpenNebulaConf 2016 - Network automation with VR by Karsten Nielsen, Unity Te...OpenNebula Project
 
Dreamhost deploying dreamcompute at scale
Dreamhost deploying dreamcompute at scaleDreamhost deploying dreamcompute at scale
Dreamhost deploying dreamcompute at scaleCumulus Networks
 
Can the Open vSwitch (OVS) bottleneck be resolved? - Erez Cohen - OpenStack D...
Can the Open vSwitch (OVS) bottleneck be resolved? - Erez Cohen - OpenStack D...Can the Open vSwitch (OVS) bottleneck be resolved? - Erez Cohen - OpenStack D...
Can the Open vSwitch (OVS) bottleneck be resolved? - Erez Cohen - OpenStack D...Cloud Native Day Tel Aviv
 
TLD Anycast DNS servers to ISPs
TLD Anycast DNS servers to ISPsTLD Anycast DNS servers to ISPs
TLD Anycast DNS servers to ISPsAPNIC
 
Manage your switches like servers
Manage your switches like serversManage your switches like servers
Manage your switches like serversCumulus Networks
 
Scylla Summit 2018: Scylla Feature Talks - Scylla Streaming and Repair Updates
Scylla Summit 2018: Scylla Feature Talks - Scylla Streaming and Repair UpdatesScylla Summit 2018: Scylla Feature Talks - Scylla Streaming and Repair Updates
Scylla Summit 2018: Scylla Feature Talks - Scylla Streaming and Repair UpdatesScyllaDB
 
Redis Day Keynote Salvatore Sanfillipo Redis Labs
Redis Day Keynote Salvatore Sanfillipo Redis LabsRedis Day Keynote Salvatore Sanfillipo Redis Labs
Redis Day Keynote Salvatore Sanfillipo Redis LabsRedis Labs
 
Deploying IPv6 on OpenStack
Deploying IPv6 on OpenStackDeploying IPv6 on OpenStack
Deploying IPv6 on OpenStackVietnam Open Infrastructure User Group
 
Nginx performance 2015 09 23
Nginx performance 2015 09 23Nginx performance 2015 09 23
Nginx performance 2015 09 23Bruce Tolley
 
Successes and Challenges of IPv6 Transition at APNIC
Successes and Challenges of IPv6 Transition at APNICSuccesses and Challenges of IPv6 Transition at APNIC
Successes and Challenges of IPv6 Transition at APNICAPNIC
 
Accelerate Service Function Chaining Vertical Solution with DPDK
Accelerate Service Function Chaining Vertical Solution with DPDKAccelerate Service Function Chaining Vertical Solution with DPDK
Accelerate Service Function Chaining Vertical Solution with DPDKOPNFV
 
Redhat summit b tolleyv7
Redhat summit b tolleyv7Redhat summit b tolleyv7
Redhat summit b tolleyv7Bruce Tolley
 
Ceph Day Melabourne - Community Update
Ceph Day Melabourne - Community UpdateCeph Day Melabourne - Community Update
Ceph Day Melabourne - Community UpdateCeph Community
 
Minimum Viable FIB
Minimum Viable FIBMinimum Viable FIB
Minimum Viable FIBAPNIC
 
Accelerating Nginx Web Server Performance
Accelerating Nginx Web Server PerformanceAccelerating Nginx Web Server Performance
Accelerating Nginx Web Server PerformanceBruce Tolley
 
OVS v OVS-DPDK
OVS v OVS-DPDKOVS v OVS-DPDK
OVS v OVS-DPDKMd Safiyat Reza
 
Hadoop Meetup Jan 2019 - Dynamometer and a Case Study in NameNode GC
Hadoop Meetup Jan 2019 - Dynamometer and a Case Study in NameNode GCHadoop Meetup Jan 2019 - Dynamometer and a Case Study in NameNode GC
Hadoop Meetup Jan 2019 - Dynamometer and a Case Study in NameNode GCErik Krogen
 
Hadoop Meetup Jan 2019 - HDFS Scalability and Consistent Reads from Standby Node
Hadoop Meetup Jan 2019 - HDFS Scalability and Consistent Reads from Standby NodeHadoop Meetup Jan 2019 - HDFS Scalability and Consistent Reads from Standby Node
Hadoop Meetup Jan 2019 - HDFS Scalability and Consistent Reads from Standby NodeErik Krogen
 
Rolling the Root Zone DNSSEC Key Signing Key
Rolling the Root Zone DNSSEC Key Signing KeyRolling the Root Zone DNSSEC Key Signing Key
Rolling the Root Zone DNSSEC Key Signing KeyAPNIC
 
Signing DNSSEC answers on the fly at the edge: challenges and solutions
Signing DNSSEC answers on the fly at the edge: challenges and solutionsSigning DNSSEC answers on the fly at the edge: challenges and solutions
Signing DNSSEC answers on the fly at the edge: challenges and solutionsAPNIC
 

More Related Content

What's hot

Cumulus Linux 2.5 Overview
Cumulus Linux 2.5 OverviewCumulus Linux 2.5 Overview
Cumulus Linux 2.5 OverviewCumulus Networks
 
Advanced Traffic Engineering (TE++)
Advanced Traffic Engineering (TE++)Advanced Traffic Engineering (TE++)
Advanced Traffic Engineering (TE++)Pravin Bhandarkar
 
OpenNebulaConf 2016 - Network automation with VR by Karsten Nielsen, Unity Te...
OpenNebulaConf 2016 - Network automation with VR by Karsten Nielsen, Unity Te...OpenNebulaConf 2016 - Network automation with VR by Karsten Nielsen, Unity Te...
OpenNebulaConf 2016 - Network automation with VR by Karsten Nielsen, Unity Te...OpenNebula Project
 
Dreamhost deploying dreamcompute at scale
Dreamhost deploying dreamcompute at scaleDreamhost deploying dreamcompute at scale
Dreamhost deploying dreamcompute at scaleCumulus Networks
 
Can the Open vSwitch (OVS) bottleneck be resolved? - Erez Cohen - OpenStack D...
Can the Open vSwitch (OVS) bottleneck be resolved? - Erez Cohen - OpenStack D...Can the Open vSwitch (OVS) bottleneck be resolved? - Erez Cohen - OpenStack D...
Can the Open vSwitch (OVS) bottleneck be resolved? - Erez Cohen - OpenStack D...Cloud Native Day Tel Aviv
 
TLD Anycast DNS servers to ISPs
TLD Anycast DNS servers to ISPsTLD Anycast DNS servers to ISPs
TLD Anycast DNS servers to ISPsAPNIC
 
Manage your switches like servers
Manage your switches like serversManage your switches like servers
Manage your switches like serversCumulus Networks
 
Scylla Summit 2018: Scylla Feature Talks - Scylla Streaming and Repair Updates
Scylla Summit 2018: Scylla Feature Talks - Scylla Streaming and Repair UpdatesScylla Summit 2018: Scylla Feature Talks - Scylla Streaming and Repair Updates
Scylla Summit 2018: Scylla Feature Talks - Scylla Streaming and Repair UpdatesScyllaDB
 
Redis Day Keynote Salvatore Sanfillipo Redis Labs
Redis Day Keynote Salvatore Sanfillipo Redis LabsRedis Day Keynote Salvatore Sanfillipo Redis Labs
Redis Day Keynote Salvatore Sanfillipo Redis LabsRedis Labs
 
Nginx performance 2015 09 23
Nginx performance 2015 09 23Nginx performance 2015 09 23
Nginx performance 2015 09 23Bruce Tolley
 
Successes and Challenges of IPv6 Transition at APNIC
Successes and Challenges of IPv6 Transition at APNICSuccesses and Challenges of IPv6 Transition at APNIC
Successes and Challenges of IPv6 Transition at APNICAPNIC
 
Accelerate Service Function Chaining Vertical Solution with DPDK
Accelerate Service Function Chaining Vertical Solution with DPDKAccelerate Service Function Chaining Vertical Solution with DPDK
Accelerate Service Function Chaining Vertical Solution with DPDKOPNFV
 
Redhat summit b tolleyv7
Redhat summit b tolleyv7Redhat summit b tolleyv7
Redhat summit b tolleyv7Bruce Tolley
 
Ceph Day Melabourne - Community Update
Ceph Day Melabourne - Community UpdateCeph Day Melabourne - Community Update
Ceph Day Melabourne - Community UpdateCeph Community
 
Minimum Viable FIB
Minimum Viable FIBMinimum Viable FIB
Minimum Viable FIBAPNIC
 
Accelerating Nginx Web Server Performance
Accelerating Nginx Web Server PerformanceAccelerating Nginx Web Server Performance
Accelerating Nginx Web Server PerformanceBruce Tolley
 
Hadoop Meetup Jan 2019 - Dynamometer and a Case Study in NameNode GC
Hadoop Meetup Jan 2019 - Dynamometer and a Case Study in NameNode GCHadoop Meetup Jan 2019 - Dynamometer and a Case Study in NameNode GC
Hadoop Meetup Jan 2019 - Dynamometer and a Case Study in NameNode GCErik Krogen
 
Hadoop Meetup Jan 2019 - HDFS Scalability and Consistent Reads from Standby Node
Hadoop Meetup Jan 2019 - HDFS Scalability and Consistent Reads from Standby NodeHadoop Meetup Jan 2019 - HDFS Scalability and Consistent Reads from Standby Node
Hadoop Meetup Jan 2019 - HDFS Scalability and Consistent Reads from Standby NodeErik Krogen
 

What's hot (20)

Cumulus Linux 2.5 Overview
Cumulus Linux 2.5 OverviewCumulus Linux 2.5 Overview
Cumulus Linux 2.5 Overview
 
Advanced Traffic Engineering (TE++)
Advanced Traffic Engineering (TE++)Advanced Traffic Engineering (TE++)
Advanced Traffic Engineering (TE++)
 
OpenNebulaConf 2016 - Network automation with VR by Karsten Nielsen, Unity Te...
OpenNebulaConf 2016 - Network automation with VR by Karsten Nielsen, Unity Te...OpenNebulaConf 2016 - Network automation with VR by Karsten Nielsen, Unity Te...
OpenNebulaConf 2016 - Network automation with VR by Karsten Nielsen, Unity Te...
 
Dreamhost deploying dreamcompute at scale
Dreamhost deploying dreamcompute at scaleDreamhost deploying dreamcompute at scale
Dreamhost deploying dreamcompute at scale
 
Can the Open vSwitch (OVS) bottleneck be resolved? - Erez Cohen - OpenStack D...
Can the Open vSwitch (OVS) bottleneck be resolved? - Erez Cohen - OpenStack D...Can the Open vSwitch (OVS) bottleneck be resolved? - Erez Cohen - OpenStack D...
Can the Open vSwitch (OVS) bottleneck be resolved? - Erez Cohen - OpenStack D...
 
TLD Anycast DNS servers to ISPs
TLD Anycast DNS servers to ISPsTLD Anycast DNS servers to ISPs
TLD Anycast DNS servers to ISPs
 
Manage your switches like servers
Manage your switches like serversManage your switches like servers
Manage your switches like servers
 
Scylla Summit 2018: Scylla Feature Talks - Scylla Streaming and Repair Updates
Scylla Summit 2018: Scylla Feature Talks - Scylla Streaming and Repair UpdatesScylla Summit 2018: Scylla Feature Talks - Scylla Streaming and Repair Updates
Scylla Summit 2018: Scylla Feature Talks - Scylla Streaming and Repair Updates
 
Redis Day Keynote Salvatore Sanfillipo Redis Labs
Redis Day Keynote Salvatore Sanfillipo Redis LabsRedis Day Keynote Salvatore Sanfillipo Redis Labs
Redis Day Keynote Salvatore Sanfillipo Redis Labs
 
Deploying IPv6 on OpenStack
Deploying IPv6 on OpenStackDeploying IPv6 on OpenStack
Deploying IPv6 on OpenStack
 
Nginx performance 2015 09 23
Nginx performance 2015 09 23Nginx performance 2015 09 23
Nginx performance 2015 09 23
 
Successes and Challenges of IPv6 Transition at APNIC
Successes and Challenges of IPv6 Transition at APNICSuccesses and Challenges of IPv6 Transition at APNIC
Successes and Challenges of IPv6 Transition at APNIC
 
Accelerate Service Function Chaining Vertical Solution with DPDK
Accelerate Service Function Chaining Vertical Solution with DPDKAccelerate Service Function Chaining Vertical Solution with DPDK
Accelerate Service Function Chaining Vertical Solution with DPDK
 
Redhat summit b tolleyv7
Redhat summit b tolleyv7Redhat summit b tolleyv7
Redhat summit b tolleyv7
 
Ceph Day Melabourne - Community Update
Ceph Day Melabourne - Community UpdateCeph Day Melabourne - Community Update
Ceph Day Melabourne - Community Update
 
Minimum Viable FIB
Minimum Viable FIBMinimum Viable FIB
Minimum Viable FIB
 
Accelerating Nginx Web Server Performance
Accelerating Nginx Web Server PerformanceAccelerating Nginx Web Server Performance
Accelerating Nginx Web Server Performance
 
OVS v OVS-DPDK
OVS v OVS-DPDKOVS v OVS-DPDK
OVS v OVS-DPDK
 
Hadoop Meetup Jan 2019 - Dynamometer and a Case Study in NameNode GC
Hadoop Meetup Jan 2019 - Dynamometer and a Case Study in NameNode GCHadoop Meetup Jan 2019 - Dynamometer and a Case Study in NameNode GC
Hadoop Meetup Jan 2019 - Dynamometer and a Case Study in NameNode GC
 
Hadoop Meetup Jan 2019 - HDFS Scalability and Consistent Reads from Standby Node
Hadoop Meetup Jan 2019 - HDFS Scalability and Consistent Reads from Standby NodeHadoop Meetup Jan 2019 - HDFS Scalability and Consistent Reads from Standby Node
Hadoop Meetup Jan 2019 - HDFS Scalability and Consistent Reads from Standby Node
 

Similar to BIND 9 - making a modern DNS server

Rolling the Root Zone DNSSEC Key Signing Key
Rolling the Root Zone DNSSEC Key Signing KeyRolling the Root Zone DNSSEC Key Signing Key
Rolling the Root Zone DNSSEC Key Signing KeyAPNIC
 
Signing DNSSEC answers on the fly at the edge: challenges and solutions
Signing DNSSEC answers on the fly at the edge: challenges and solutionsSigning DNSSEC answers on the fly at the edge: challenges and solutions
Signing DNSSEC answers on the fly at the edge: challenges and solutionsAPNIC
 
DNSSEC/DANE/TLS Testing in Go6Lab
DNSSEC/DANE/TLS Testing in Go6LabDNSSEC/DANE/TLS Testing in Go6Lab
DNSSEC/DANE/TLS Testing in Go6LabAPNIC
 
Encrypted DNS - DNS over TLS / DNS over HTTPS
Encrypted DNS - DNS over TLS / DNS over HTTPSEncrypted DNS - DNS over TLS / DNS over HTTPS
Encrypted DNS - DNS over TLS / DNS over HTTPSAlex Mayrhofer
 
Dnscluster @ DevOps Krakow 2013
Dnscluster @ DevOps Krakow 2013Dnscluster @ DevOps Krakow 2013
Dnscluster @ DevOps Krakow 2013Slawomir Skowron
 
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open SourceTLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open SourceNGINX, Inc.
 
Using Oracle Multitenant to efficiently manage development and test databases
Using Oracle Multitenant to efficiently manage development and test databasesUsing Oracle Multitenant to efficiently manage development and test databases
Using Oracle Multitenant to efficiently manage development and test databasesMarc Fielding
 
GWAVACon 2013: Novell Open Enterprise Server - Roadmap and Future
GWAVACon 2013: Novell Open Enterprise Server - Roadmap and FutureGWAVACon 2013: Novell Open Enterprise Server - Roadmap and Future
GWAVACon 2013: Novell Open Enterprise Server - Roadmap and FutureGWAVA
 
Nagios XI Best Practices
Nagios XI Best PracticesNagios XI Best Practices
Nagios XI Best PracticesNagios
 
What You Missed: OpenStack Summit Austin
What You Missed: OpenStack Summit AustinWhat You Missed: OpenStack Summit Austin
What You Missed: OpenStack Summit AustinNetApp
 
Sergey Dzyuban "To Build My Own Cloud with Blackjack…"
Sergey Dzyuban "To Build My Own Cloud with Blackjack…"Sergey Dzyuban "To Build My Own Cloud with Blackjack…"
Sergey Dzyuban "To Build My Own Cloud with Blackjack…"Fwdays
 
Resilient Kafka: How DNS Traffic Management and Client Wrappers Ensure Availa...
Resilient Kafka: How DNS Traffic Management and Client Wrappers Ensure Availa...Resilient Kafka: How DNS Traffic Management and Client Wrappers Ensure Availa...
Resilient Kafka: How DNS Traffic Management and Client Wrappers Ensure Availa...Vanessa Vuibert
 
Intelligent DNS Scale
Intelligent DNS ScaleIntelligent DNS Scale
Intelligent DNS ScalePeter Silva
 
Oracle database connection with the .net developers
Oracle database connection with the .net developersOracle database connection with the .net developers
Oracle database connection with the .net developersveerendramb3
 
Resilient Kafka: How DNS Traffic Management and Client Wrappers Ensure Availa...
Resilient Kafka: How DNS Traffic Management and Client Wrappers Ensure Availa...Resilient Kafka: How DNS Traffic Management and Client Wrappers Ensure Availa...
Resilient Kafka: How DNS Traffic Management and Client Wrappers Ensure Availa...HostedbyConfluent
 
Resilient Kafka: How DNS Traffic Management and Client Wrappers Ensure Availa...
Resilient Kafka: How DNS Traffic Management and Client Wrappers Ensure Availa...Resilient Kafka: How DNS Traffic Management and Client Wrappers Ensure Availa...
Resilient Kafka: How DNS Traffic Management and Client Wrappers Ensure Availa...VanessaVuibert1
 

Similar to BIND 9 - making a modern DNS server (20)

Rolling the Root Zone DNSSEC Key Signing Key
Rolling the Root Zone DNSSEC Key Signing KeyRolling the Root Zone DNSSEC Key Signing Key
Rolling the Root Zone DNSSEC Key Signing Key
 
Signing DNSSEC answers on the fly at the edge: challenges and solutions
Signing DNSSEC answers on the fly at the edge: challenges and solutionsSigning DNSSEC answers on the fly at the edge: challenges and solutions
Signing DNSSEC answers on the fly at the edge: challenges and solutions
 
DNSSEC/DANE/TLS Testing in Go6Lab
DNSSEC/DANE/TLS Testing in Go6LabDNSSEC/DANE/TLS Testing in Go6Lab
DNSSEC/DANE/TLS Testing in Go6Lab
 
Encrypted DNS - DNS over TLS / DNS over HTTPS
Encrypted DNS - DNS over TLS / DNS over HTTPSEncrypted DNS - DNS over TLS / DNS over HTTPS
Encrypted DNS - DNS over TLS / DNS over HTTPS
 
Dnscluster @ DevOps Krakow 2013
Dnscluster @ DevOps Krakow 2013Dnscluster @ DevOps Krakow 2013
Dnscluster @ DevOps Krakow 2013
 
ION Islamabad - DANE/DNSSEC/TLS Testing in the go6lab
ION Islamabad - DANE/DNSSEC/TLS Testing in the go6labION Islamabad - DANE/DNSSEC/TLS Testing in the go6lab
ION Islamabad - DANE/DNSSEC/TLS Testing in the go6lab
 
8 technical-dns-workshop-day4
8 technical-dns-workshop-day48 technical-dns-workshop-day4
8 technical-dns-workshop-day4
 
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open SourceTLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
 
Using Oracle Multitenant to efficiently manage development and test databases
Using Oracle Multitenant to efficiently manage development and test databasesUsing Oracle Multitenant to efficiently manage development and test databases
Using Oracle Multitenant to efficiently manage development and test databases
 
GWAVACon 2013: Novell Open Enterprise Server - Roadmap and Future
GWAVACon 2013: Novell Open Enterprise Server - Roadmap and FutureGWAVACon 2013: Novell Open Enterprise Server - Roadmap and Future
GWAVACon 2013: Novell Open Enterprise Server - Roadmap and Future
 
Nagios XI Best Practices
Nagios XI Best PracticesNagios XI Best Practices
Nagios XI Best Practices
 
What You Missed: OpenStack Summit Austin
What You Missed: OpenStack Summit AustinWhat You Missed: OpenStack Summit Austin
What You Missed: OpenStack Summit Austin
 
ION Sri Lanka - DNSSEC at LK Domain Registry
ION Sri Lanka - DNSSEC at LK Domain RegistryION Sri Lanka - DNSSEC at LK Domain Registry
ION Sri Lanka - DNSSEC at LK Domain Registry
 
Sergey Dzyuban "To Build My Own Cloud with Blackjack…"
Sergey Dzyuban "To Build My Own Cloud with Blackjack…"Sergey Dzyuban "To Build My Own Cloud with Blackjack…"
Sergey Dzyuban "To Build My Own Cloud with Blackjack…"
 
Resilient Kafka: How DNS Traffic Management and Client Wrappers Ensure Availa...
Resilient Kafka: How DNS Traffic Management and Client Wrappers Ensure Availa...Resilient Kafka: How DNS Traffic Management and Client Wrappers Ensure Availa...
Resilient Kafka: How DNS Traffic Management and Client Wrappers Ensure Availa...
 
Status of Embedded Linux
Status of Embedded LinuxStatus of Embedded Linux
Status of Embedded Linux
 
Intelligent DNS Scale
Intelligent DNS ScaleIntelligent DNS Scale
Intelligent DNS Scale
 
Oracle database connection with the .net developers
Oracle database connection with the .net developersOracle database connection with the .net developers
Oracle database connection with the .net developers
 
Resilient Kafka: How DNS Traffic Management and Client Wrappers Ensure Availa...
Resilient Kafka: How DNS Traffic Management and Client Wrappers Ensure Availa...Resilient Kafka: How DNS Traffic Management and Client Wrappers Ensure Availa...
Resilient Kafka: How DNS Traffic Management and Client Wrappers Ensure Availa...
 
Resilient Kafka: How DNS Traffic Management and Client Wrappers Ensure Availa...
Resilient Kafka: How DNS Traffic Management and Client Wrappers Ensure Availa...Resilient Kafka: How DNS Traffic Management and Client Wrappers Ensure Availa...
Resilient Kafka: How DNS Traffic Management and Client Wrappers Ensure Availa...
 

More from Jisc

Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxJisc
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jisc
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxJisc
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Jisc
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...Jisc
 
Digital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxDigital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxJisc
 
Open Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxOpen Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxJisc
 
Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...Jisc
 
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...Jisc
 
Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc
 
Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc
 
Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc
 
JISC Presentation.pptx
JISC Presentation.pptxJISC Presentation.pptx
JISC Presentation.pptxJisc
 
Community-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxCommunity-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxJisc
 
The Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptxThe Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptxJisc
 
Are we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptxAre we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptxJisc
 
JiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptxJiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptxJisc
 
UWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptxUWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptxJisc
 
An introduction to Cyber Essentials
An introduction to Cyber EssentialsAn introduction to Cyber Essentials
An introduction to Cyber EssentialsJisc
 

More from Jisc (20)

Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...
 
Digital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxDigital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptx
 
Open Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxOpen Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptx
 
Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...
 
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
 
Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023
 
Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023
 
Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023
 
JISC Presentation.pptx
JISC Presentation.pptxJISC Presentation.pptx
JISC Presentation.pptx
 
Community-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxCommunity-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptx
 
The Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptxThe Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptx
 
Are we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptxAre we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptx
 
JiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptxJiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptx
 
UWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptxUWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptx
 
An introduction to Cyber Essentials
An introduction to Cyber EssentialsAn introduction to Cyber Essentials
An introduction to Cyber Essentials
 

Recently uploaded

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 

Recently uploaded (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 

BIND 9 - making a modern DNS server

  • 1. BIND Making a modern DNS Server Ondřej Surý @ ISC
  • 2. BIND 9 - The History • First released in y2k • Written from scratch • Design by Contract • Rather crash than overwrite memory • First DNSSEC implementation Photo by Mr Cup / Fabien Barral on Unsplash
  • 3. BIND 9.11 ESV • Released in 2016 • Extended Support Version • Under Mozilla Public License • New Features: • Catalog Zones • Addzone/Delzone Provisioning • DNSSEC Key Manager • Negative Trust Anchors • DNSTAP • DNS Cookies • Minimal responses to ANY Photo by Nathan Dumlao on Unsplash
  • 4. BIND 9.12 • Released in 2018 • NSEC Aggressive Use • Serve Stale (TTL Stretching) • Response Policy Zones Updates: • Support 64 RPZ zones by default • Refactored for performance and reliability • Response Policy Interface • Major Refactoring in Query-Response Processing • Speedup factor: 1.25-6 • CDS/CDNSKEY tools • ED25519 Support • Obsoleted by BIND 9.14 Photo by Fachry Zella Devandra on Unsplash
  • 5. BIND 9.14 • Released in March 2019 • New release schedule • Refactoring and Modernization • New features: • QNAME Minimization • Mirror Zones • Plugins for Query-Response Processing Photo by Drew Hays on Unsplash
  • 6. Modernization • On *NIX, BIND requires: • C99 Support in Compiler • POSIX Threads • Advanced Sockets API for IPv6 • Standard Atomic <stdatomic.h> • Support for lot of old systems dropped Photo by Samuel Zeller on Unsplash
  • 7. Crypto Refactoring • PKCS#11 now used only for public-key cryptography • OpenSSL is mandatory • Performance Improvements • Task Manager is now multithreaded • Socket Code has multiple event loops Photo by Alex Jones on Unsplash
  • 8. Performance Improvements • Extra 100k or more QPS Improvement • Due to Refactoring • Task Manager is now multithreaded • Socket Code has multiple event loops Photo by Alex Jones on Unsplash
  • 10. QNAME Minimization • Defined in RFC7816 • Improves DNS Privacy • Protects DNS transactions • Resolver sends only the minimal info needed to resolve the query • Enabled by default in a relaxed mode in BIND 9.14 Photo by Josh Shaw on Unsplash
  • 13. Root Zone Local Copy • Defined in RFC7706 • Reduced traffic to the Root • Transfer (XFR) RZ from well- known sources • DNSSEC Validated • Root Zone used only internally Photo by 7 SeTh on Unsplash
  • 14. BIND 9.15 Plans • Performance • Management • Security & Privacy • Operations Photo by Daniel McCullough on Unsplash
  • 15. Performance • Improve BIND performance, so you don’t have to care • Network stack rewrite / reengineering • Improve both UDP and TCP performance • Using libuv • Full-featured event loop backed by epoll, kqueue, IOCP, event ports • Asynchronous TCP and UDP sockets • And more… • Thread pools • Signal handling • High resolution clock • Using external library allows us to focus on DNS
  • 16. Management • Metrics, statistics, … • Too many? • Too few? • What’s missing? • What’s extra? • Update Catalog Zones Photo by Kyle Glenn on Unsplash
  • 17. DNS over TLS • Defined in RFC 7858 & RFC 8310 • Running on port 853 • Add as a module to new networking stack • Support in clients: • CLI Tools: dig, delv, … • Forwarder • Support in server: • Stub to BIND Resolver Photo by Rae Tian on Unsplash
  • 18. DNS over HTTPS • RFC 8484 • Mixed traffic with HTTP • Add counterweight to “DNS Silos” • Support in clients • Support in server via proxy: • Add support for “proxy” protocol (acl, RPZ, …) • Proxy module for popular webservers (nginx, apache2) as cross-vendor project Photo by Pawel Nolbert on Unsplash
  • 19. DNSSEC Made Easy • Go from “DNSSEC in 6 minutes” to simple “Yes” • Keep the existing tools (dnssec-signzone, …) • Pick reasonable defaults • Elliptic Curve keys • Automate everything • Key creation • Key rotation • Child-to-parent (both sides) • Periodic signing • Add support for: • Offline KSKs • Combined Signing Keys (CSK) Photo by John Salvino on Unsplash
  • 21. Questions? Photo by Evan Dennis on Unsplash