SlideShare a Scribd company logo

Namespaces for Local Networks

Men and Mice
Men and Mice

Men & Mice Webinar Trilogy - Part 1, Rethinking Name Resolution in Local Networks

Technology
1 of 57
Namespaces for Local Networks Name Resolution Webinar Trilogy Part 1
A little change … HSTS forced for all 
 ".dev" top level domains
… major problem (for some) Current Chrome Browser Future Chrome Browser
What has happen? • Google changed the code of the next Chrome browser to enforce proper TLS- encryption on all ".dev" domains • The TLD ".dev" is owned by Google 4https://www.iana.org/domains/root/db/dev.html
What is the problem? 5
HSTS? • HSTS is short for "HTTP Strict Transport Security" • RFC 6797 
 https://tools.ietf.org/html/rfc6797 • HSTS declares that web-browser connections towards this domain always needs to be secured by TLS (HTTPS) 6
HSTS? • HSTS is usually set in the website configuration and send via a HTTP header to the browser • The browser caches the value for "max-age" time 7 https://securityheaders.io/ HSTS Header
Google, Chrome and "dev" • Google owns both the Chrome-Browser and the "dev" TLD • For Google it makes sense to ship the Chrome-Browser with preloaded HSTS for their own domains • besides "dev", this includes today the "foo" and "google" TLDs 8
"dev" TLD is not the only problem • Administrators and Developers use domain names in their local networks that are not owned by them: • .corp • .lan • .company • .media • .webdev • .server • .infra • .box • … • All this names risk name collisions with new TLDs 9
Choices for a local only namespace • Using a seemingly unused DNS TLD in a internal network is a bad idea • The name can become in use later and create name collisions • Choices for a local only namespace: • Subdomain of a delegated domain • A reserved Top-Level-Domain/Second-Level-Domain • Name-Resolution other than DNS (mDNS, LLMNR, PNRP …) 10
Option: 
 Subdomain of a delegated domain
Subdomain of a delegated domain • Using a sub-domain of a delegated (owned) domain in the Internet is the most safe solution • If it is delegated to you , you already own all subdomains and sub-subdomains of that name • The locally used name should not be reachable from the public Internet 12
Subdomain of a delegated domain 13 Internet "." ".com" "example.com" DNS-Resolver Delegation Delegation Query Query Query "lan.example.com"
Subdomain of a delegated domain 14 Internet "." ".com" "example.com" DNS-Resolver Delegation Delegation NXDOMAIN NXDOMAIN Query "lan.example.com"
Subdomain of a delegated domain 15 Internal Network Internet "." ".com" "example.com" "lan.example.com" "hr.lan.example.com" DNS-Resolver hr.lan.example.com
Subdomain of a delegated domain 16 Internal Network Internet "." ".com" "example.com" "lan.example.com" "hr.lan.example.com" DNS-Resolver Query Query
Option: 
 domain reserved
 for local use
Reserved Domain Names • In 1999, the IETF reserved a number of top level domain to not be used in the Internet • RFC 2606 "Reserved Top Level DNS Names" 
 https://tools.ietf.org/html/rfc2606 • Updated in RFC 6761 "Special-Use Domain Names"
 https://tools.ietf.org/html/rfc6761 • ".test", ".invalid", ".example" and ".localhost" • For an internal development system, ".test" would be a good choice 18
Reserved Domain Names 19 Internal Network Internet "." ".com" "example.com" "webdev.test" "beta.test" DNS-Resolver www1.webdev.test
Reserved Domain Names 20 Internal Network Internet "." ".com" "example.com" DNS-Resolver Query Query "webdev.test" "beta.test"
The "home.arpa." domain • The Domain "home.arpa." is used in the new Homenet Control Protocol (HNCP) • HNCP is a new IETF protocol to automatically configure home networks with multiple subnets (lan, wireless, guest- networks etc) • The domain "home.arpa." is only defined for local networks and will never be used in the Internet • Internet Draft "Special Use Domain 'home.arpa.'"
 https://tools.ietf.org/html/draft-ietf-homenet-dot 21
Reserved Domain Names 22 Internal Network Internet "." ".com" "example.com" DNS-Resolver with 
 "home.arpa" local zone www-dev.home.arpa
Reserved Domain Names 23 Internal Network Internet "." ".com" "example.com" Query 
 "www-dev.home.arpa." DNS-Resolver with 
 "home.arpa" local zone
Reserved Domain Names 24 Internal Network Internet "." ".com" "example.com" DNS-Resolver with 
 "home.arpa" local zone Answer 
 "www-dev.home.arpa."
More options • We will discuss solutions outside DNS in the upcoming two webinars • Link-Local-Multicast-Name-Resolution (LLMNR) for Windows and Linux • Peer-Name-Resolution-Protocol (PNRP) for Windows • Multicast DNS (mDNS) for macOS, iOS, Windows and Linux 25
Local Zone with Unbound
Unbound with local zone • Unbound is a fast and lean DNS resolver • Available for Unix, Linux, macOS and Windows
 Homepage: https://unbound.net • Unbound main purpose is to resolve names in the Internet for local clients • Unbound has limited authoritative functions (it can serve zone data) • This setup is recommended for smaller networks (less than 100 DNS clients) 27
Unbound with local zone • Benefits of using Unbound for local zones: • Simple setup • Only one type of software needed • Fast response times 28
Unbound with local zone • Downsides of using Unbound for local zones: • No DNSSEC security for the local zones (but DNSSEC validation for all DNSSEC secured Internet zones) • No automatic provisioning of multiple DNS resolver via zone-transfer 29
Unbound with local zone 30 Internal Network Internet "." ".com" "example.com"DNS-Resolver with 
 "home.arpa" local zone www-dev.home.arpa
Unbound with local zone 31 Internal Network Internet "." ".com" "example.com"DNS-Resolver with 
 "home.arpa" local zone Query 
 "www-dev.home.arpa."
Unbound with local zone 32 Internal Network Internet "." ".com" "example.com"DNS-Resolver with 
 "home.arpa" local zone Answer 
 "www-dev.home.arpa."
Unbound with local zone 33 Internal Network Internet "." ".com" "example.com"DNS-Resolver with 
 "home.arpa" local zone www.example.com
Unbound with local zone 34 Internal Network Internet "." ".com" "example.com"DNS-Resolver with 
 "home.arpa" local zone Query 
 "www.example.com."
Unbound with local zone 35 Internal Network Internet "." ".com" "example.com"DNS-Resolver with 
 "home.arpa" local zone Query 
 "www.example.com." Query 
 "www.example.com." Query 
 "www.example.com."
Unbound with local zone 36 Internal Network Internet "." ".com" "example.com"DNS-Resolver with 
 "home.arpa" local zone Answer 
 "www.example.com." Answer 
 "www.example.com."
Unbound local-zone example 37 # local-zone example for Unbound # Installation in Unbound configuration directory # for Debian e.g. into /etc/unbound/unbound.conf.d/ server: unblock-lan-zones: yes insecure-lan-zones: yes local-zone: "mynet.home.arpa." static # Zonen-Metadata local-data: "mynet.home.arpa. 3600 IN SOA resolver01.mynet.home.arpa. hostmaster 1 2h 15m 500h 1h" local-data: "mynet.home.arpa. 3600 IN NS resolver01.mynet.home.arpa." # IPv6-Addresses local-data: "resolver01.mynet.home.arpa. 3600 IN AAAA 2001:db8:10:dd::53" local-data: "www.mynet.home.arpa. 3600 IN AAAA 2001:db8:10:ff::80" local-data: "nas.mynet.home.arpa. 3600 IN AAAA 2001:db8:10:ff::222" local-data: "raspi.mynet.home.arpa. 3600 IN AAAA 2001:db8:10:ff::123" # IPv4-Addresses local-data: "resolver01.mynet.home.arpa. 3600 IN A 192.168.1.53" local-data: "www.mynet.home.arpa. 3600 IN A 192.168.1.80" local-data: "nas.mynet.home.arpa. 3600 IN A 192.168.1.222" local-data: "raspi.mynet.home.arpa. 3600 IN A 192.168.1.123"
Local Zone with 
 BIND 9
Local zone setup with BIND 9 • For larger networks, we recommend to host the local zones on authoritative DNS server separate from the resolvers • On the next slides we show an example design based on BIND 9, but the same design can be implemented with other DNS servers as well (Windows DNS, PowerDNS, Knot, NSD+Unbound etc) 39
Local zone setup with BIND 9 • Benefits of a local authoritative DNS Server setup • Higher resiliency • Automatic load-balancing and failover between servers • DNSSEC signing and validation possible for the local zones • Zones are kept in sync with regular zone transfer • Better monitoring and logging possible 40
Local authoritative DNS server 41 Internal Network Internet "." ".com" "example.com" DNS-Authoritative Server with 
 "home.arpa" zone Datacenter2 Datacenter1
Local authoritative DNS server 42 Internal Network Internet "." ".com" "example.com" DNS-Resolver with 
 "home.arpa" stub-zone Datacenter2 Datacenter1
Local authoritative DNS server 43 Internal Network Internet "." ".com" "example.com" Datacenter2 Datacenter1 www.example.com
Local authoritative DNS server 44 Internal Network Internet "." ".com" "example.com" Datacenter2 Datacenter1 Query 
 "www.example.com."
Local authoritative DNS server 45 Internal Network Internet "." ".com" "example.com" Datacenter2 Datacenter1 Query 
 "www.example.com." Query 
 "www.example.com." Query 
 "www.example.com." Query 
 "www.example.com."
Local authoritative DNS server 46 Internal Network Internet "." ".com" "example.com" Datacenter2 Datacenter1 Answer 
 "www.example.com." Answer
 "www.example.com"
Local authoritative DNS server 47 Internal Network Internet "." ".com" "example.com" Datacenter2 Datacenter1 www-dev.home.arpa
Local authoritative DNS server 48 Internal Network Internet "." ".com" "example.com" Datacenter2 Datacenter1 Query 
 "www-dev.home.arpa." Query 
 "www-dev.home.arpa."
Local authoritative DNS server 49 Internal Network Internet "." ".com" "example.com" Datacenter2 Datacenter1 Answer 
 "www-dev.home.arpa." Answer
 "www-dev.home.arpa"
BIND 9 configuration on the authoritative server 50 options { recursion no; directory "/var/named"; }; zone "home.arpa." { type master; file "home.arpa"; inline-signing yes; auto-dnssec maintain; };
BIND 9 master zone on the authoritative server 51 $TTL 3600 ; Zonen-Metadata mynet.home.arpa. SOA resolver01.mynet.home.arpa. hostmaster 1 2h 15m 500h 1h mynet.home.arpa. NS resolver01.mynet.home.arpa. ; IPv6-Addresses resolver01.mynet.home.arpa. AAAA 2001:db8:10:dd::53 www.mynet.home.arpa. AAAA 2001:db8:10:ff::80 nas.mynet.home.arpa. AAAA 2001:db8:10:ff::222 raspi.mynet.home.arpa. AAAA 2001:db8:10:ff::123 ; IPv4-Addresses resolver01.mynet.home.arpa. A 192.168.1.53 www.mynet.home.arpa. A 192.168.1.80 nas.mynet.home.arpa. A 192.168.1.222 raspi.mynet.home.arpa. A 192.168.1.123
BIND 9 configuration on the resolver server 52 options { allow-recursion { clients; }; directory "/var/named"; }; managed-keys {
 "home.arpa." initial-key 257 3 8 "AwEAAagA…"; }; zone "home.arpa." { type stub; file "home.arpa"; masters { 192.0.2.153; 192.0.2.253; }; };
Next
Men & Mice Training • DNS & DANE Training, 3 days
 19.03 - 21.03.18
 Linuxhotel Essen, Germany 54 http://linuxhotel.de/
Next Webinar • Name Resolution Webinar Trilogy Part 2 – Local Name Resolution in Windows Networks • Tuesday, 7th of November, 2017 • Microsoft operating systems have a long history of local name resolution solutions, from NetBIOS over WINS to the LLMNR and PNRP protocols today. • In this webinar, due to take place on 7th November, 2017, we will take a look at PNRP and LLMNR in Windows 10 and Windows Server 2016 and how these protocols can be used to have server-less name resolution without a centralized DNS infrastructure. We also look deeper into the interoperability of these new protocols with older Windows versions, such as Windows 7 or Windows 8. • Join us for a 45 minutes webinar with a Q&A session at the end, on Tuesday, November 7th, 2017 at 4:00 PM CET/ 3:00 PM GMT/ 10:00 AM EDT / 7:00 AM PDT. 55
Next Webinar • Name Resolution Webinar Trilogy Part 3 – Local Name Resolution in Linux, FreeBSD and macOS/iOS • Wednesday, 29th of November, 2017 • Multicast DNS (mDNS) was pioneered in Apple’s MacOS X system, and is now available on all systems from Cupertino. • The focus of this webinar will be to take a deeper look into this local name- resolution system and the implementations for other Unix systems like Linux and FreeBSD. Linux’s new über-Daemon “systemd” supports both mDNS and the Windows LLMNR (Link-Local-Multicast-Name-Resolution). We will also show how well a Systemd-Linux behaves in heterogenous networks running both Windows and macOS. • Join us for a 45 minutes webinar with a Q&A session at the end, on Wednesday, November 29th, 2017 at 4:00 PM CET/ 3:00 PM GMT/ 10:00 AM EDT / 7:00 AM PDT. 56
Fini - Q & A

Recommended

Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOSPart 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOSMen and Mice
 
Part 2 - Local Name Resolution in Windows Networks
Part 2 - Local Name Resolution in Windows NetworksPart 2 - Local Name Resolution in Windows Networks
Part 2 - Local Name Resolution in Windows NetworksMen and Mice
 
DNSSEC signing Tutorial
DNSSEC signing Tutorial DNSSEC signing Tutorial
DNSSEC signing Tutorial Men and Mice
 
Yeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the rootYeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the rootMen and Mice
 
DNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing SolutionsDNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing SolutionsMen and Mice
 
The DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rollsThe DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rollsMen and Mice
 
The CAA-Record for increased encryption security
The CAA-Record for increased encryption securityThe CAA-Record for increased encryption security
The CAA-Record for increased encryption securityMen and Mice
 
BIND 9 logging best practices
BIND 9 logging best practicesBIND 9 logging best practices
BIND 9 logging best practicesMen and Mice
 

Recommended

Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOSPart 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOSMen and Mice
 
Part 2 - Local Name Resolution in Windows Networks
Part 2 - Local Name Resolution in Windows NetworksPart 2 - Local Name Resolution in Windows Networks
Part 2 - Local Name Resolution in Windows NetworksMen and Mice
 
DNSSEC signing Tutorial
DNSSEC signing Tutorial DNSSEC signing Tutorial
DNSSEC signing Tutorial Men and Mice
 
Yeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the rootYeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the rootMen and Mice
 
DNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing SolutionsDNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing SolutionsMen and Mice
 
The DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rollsThe DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rollsMen and Mice
 
The CAA-Record for increased encryption security
The CAA-Record for increased encryption securityThe CAA-Record for increased encryption security
The CAA-Record for increased encryption securityMen and Mice
 
BIND 9 logging best practices
BIND 9 logging best practicesBIND 9 logging best practices
BIND 9 logging best practicesMen and Mice
 
What is new in BIND 9.11?
What is new in BIND 9.11?What is new in BIND 9.11?
What is new in BIND 9.11?Men and Mice
 
DNSTap Webinar
DNSTap WebinarDNSTap Webinar
DNSTap WebinarMen and Mice
 
Windows Server 2016 Webinar
Windows Server 2016 WebinarWindows Server 2016 Webinar
Windows Server 2016 WebinarMen and Mice
 
How to send DNS over anything encrypted
How to send DNS over anything encryptedHow to send DNS over anything encrypted
How to send DNS over anything encryptedMen and Mice
 
Encrypted DNS - DNS over TLS / DNS over HTTPS
Encrypted DNS - DNS over TLS / DNS over HTTPSEncrypted DNS - DNS over TLS / DNS over HTTPS
Encrypted DNS - DNS over TLS / DNS over HTTPSAlex Mayrhofer
 
Kea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCKea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCMen and Mice
 
Keeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runitKeeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runitMen and Mice
 
DoH, DoT and ESNI
DoH, DoT and ESNIDoH, DoT and ESNI
DoH, DoT and ESNIJisc
 
Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...
Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...
Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...APNIC
 
RIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinarRIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinarMen and Mice
 
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]APNIC
 
DNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAIL
DNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAILDNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAIL
DNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAILUtah Networxs Consultoria e Treinamento
 
Windows 2012 and DNSSEC
Windows 2012 and DNSSECWindows 2012 and DNSSEC
Windows 2012 and DNSSECMen and Mice
 
Dnssec
DnssecDnssec
Dnssecguest3131f85
 
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]APNIC
 
SMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANESMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANEMen and Mice
 
DNSSEC Tutorial; USENIX LISA 2013
DNSSEC Tutorial; USENIX LISA 2013DNSSEC Tutorial; USENIX LISA 2013
DNSSEC Tutorial; USENIX LISA 2013Shumon Huque
 
DNS/DNSSEC by Nurul Islam
DNS/DNSSEC by Nurul IslamDNS/DNSSEC by Nurul Islam
DNS/DNSSEC by Nurul IslamMyNOG
 
Get your instance by name integration of nova, neutron and designate
Get your instance by name integration of nova, neutron and designateGet your instance by name integration of nova, neutron and designate
Get your instance by name integration of nova, neutron and designateMiguel Lavalle
 
Designate - Operators Deep Dive
Designate - Operators Deep DiveDesignate - Operators Deep Dive
Designate - Operators Deep DiveGraham Hayes
 
Healthcare Analytics Careers: New Roles for the Brave, New World of Value-bas...
Healthcare Analytics Careers: New Roles for the Brave, New World of Value-bas...Healthcare Analytics Careers: New Roles for the Brave, New World of Value-bas...
Healthcare Analytics Careers: New Roles for the Brave, New World of Value-bas...Health Catalyst
 
When Healthcare Data Analysts Fulfill the Data Detective Role
When Healthcare Data Analysts Fulfill the Data Detective RoleWhen Healthcare Data Analysts Fulfill the Data Detective Role
When Healthcare Data Analysts Fulfill the Data Detective RoleHealth Catalyst
 

More Related Content

What's hot

What is new in BIND 9.11?
What is new in BIND 9.11?What is new in BIND 9.11?
What is new in BIND 9.11?Men and Mice
 
Windows Server 2016 Webinar
Windows Server 2016 WebinarWindows Server 2016 Webinar
Windows Server 2016 WebinarMen and Mice
 
How to send DNS over anything encrypted
How to send DNS over anything encryptedHow to send DNS over anything encrypted
How to send DNS over anything encryptedMen and Mice
 
Encrypted DNS - DNS over TLS / DNS over HTTPS
Encrypted DNS - DNS over TLS / DNS over HTTPSEncrypted DNS - DNS over TLS / DNS over HTTPS
Encrypted DNS - DNS over TLS / DNS over HTTPSAlex Mayrhofer
 
Kea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCKea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCMen and Mice
 
Keeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runitKeeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runitMen and Mice
 
DoH, DoT and ESNI
DoH, DoT and ESNIDoH, DoT and ESNI
DoH, DoT and ESNIJisc
 
Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...
Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...
Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...APNIC
 
RIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinarRIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinarMen and Mice
 
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]APNIC
 
Windows 2012 and DNSSEC
Windows 2012 and DNSSECWindows 2012 and DNSSEC
Windows 2012 and DNSSECMen and Mice
 
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]APNIC
 
SMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANESMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANEMen and Mice
 
DNSSEC Tutorial; USENIX LISA 2013
DNSSEC Tutorial; USENIX LISA 2013DNSSEC Tutorial; USENIX LISA 2013
DNSSEC Tutorial; USENIX LISA 2013Shumon Huque
 
DNS/DNSSEC by Nurul Islam
DNS/DNSSEC by Nurul IslamDNS/DNSSEC by Nurul Islam
DNS/DNSSEC by Nurul IslamMyNOG
 
Get your instance by name integration of nova, neutron and designate
Get your instance by name integration of nova, neutron and designateGet your instance by name integration of nova, neutron and designate
Get your instance by name integration of nova, neutron and designateMiguel Lavalle
 
Designate - Operators Deep Dive
Designate - Operators Deep DiveDesignate - Operators Deep Dive
Designate - Operators Deep DiveGraham Hayes
 

What's hot (20)

What is new in BIND 9.11?
What is new in BIND 9.11?What is new in BIND 9.11?
What is new in BIND 9.11?
 
DNSTap Webinar
DNSTap WebinarDNSTap Webinar
DNSTap Webinar
 
Windows Server 2016 Webinar
Windows Server 2016 WebinarWindows Server 2016 Webinar
Windows Server 2016 Webinar
 
How to send DNS over anything encrypted
How to send DNS over anything encryptedHow to send DNS over anything encrypted
How to send DNS over anything encrypted
 
Encrypted DNS - DNS over TLS / DNS over HTTPS
Encrypted DNS - DNS over TLS / DNS over HTTPSEncrypted DNS - DNS over TLS / DNS over HTTPS
Encrypted DNS - DNS over TLS / DNS over HTTPS
 
Kea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCKea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISC
 
Keeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runitKeeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runit
 
DoH, DoT and ESNI
DoH, DoT and ESNIDoH, DoT and ESNI
DoH, DoT and ESNI
 
Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...
Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...
Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...
 
RIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinarRIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinar
 
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
 
DNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAIL
DNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAILDNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAIL
DNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAIL
 
Windows 2012 and DNSSEC
Windows 2012 and DNSSECWindows 2012 and DNSSEC
Windows 2012 and DNSSEC
 
Dnssec
DnssecDnssec
Dnssec
 
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
 
SMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANESMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANE
 
DNSSEC Tutorial; USENIX LISA 2013
DNSSEC Tutorial; USENIX LISA 2013DNSSEC Tutorial; USENIX LISA 2013
DNSSEC Tutorial; USENIX LISA 2013
 
DNS/DNSSEC by Nurul Islam
DNS/DNSSEC by Nurul IslamDNS/DNSSEC by Nurul Islam
DNS/DNSSEC by Nurul Islam
 
Get your instance by name integration of nova, neutron and designate
Get your instance by name integration of nova, neutron and designateGet your instance by name integration of nova, neutron and designate
Get your instance by name integration of nova, neutron and designate
 
Designate - Operators Deep Dive
Designate - Operators Deep DiveDesignate - Operators Deep Dive
Designate - Operators Deep Dive
 

Viewers also liked

Healthcare Analytics Careers: New Roles for the Brave, New World of Value-bas...
Healthcare Analytics Careers: New Roles for the Brave, New World of Value-bas...Healthcare Analytics Careers: New Roles for the Brave, New World of Value-bas...
Healthcare Analytics Careers: New Roles for the Brave, New World of Value-bas...Health Catalyst
 
When Healthcare Data Analysts Fulfill the Data Detective Role
When Healthcare Data Analysts Fulfill the Data Detective RoleWhen Healthcare Data Analysts Fulfill the Data Detective Role
When Healthcare Data Analysts Fulfill the Data Detective RoleHealth Catalyst
 
How to Tap the Power of Storytelling with Facebook Live
How to Tap the Power of Storytelling with Facebook LiveHow to Tap the Power of Storytelling with Facebook Live
How to Tap the Power of Storytelling with Facebook LiveBuzzSumo
 
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...Cisco Canada
 
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurity
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurityComodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurity
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurityCheapSSLsecurity
 
Cyber crime & security
Cyber crime & securityCyber crime & security
Cyber crime & securityAvani Patel
 
Dns Hardening Linux Os
Dns Hardening Linux OsDns Hardening Linux Os
Dns Hardening Linux Osecarrow
 
(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...
(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...
(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...CiNPA Security SIG
 
Role of DNS in Botnet Command and Control
Role of DNS in Botnet Command and ControlRole of DNS in Botnet Command and Control
Role of DNS in Botnet Command and ControlOpenDNS
 
Symantec (ISTR) Internet Security Threat Report Volume 22
Symantec (ISTR) Internet Security Threat Report Volume 22Symantec (ISTR) Internet Security Threat Report Volume 22
Symantec (ISTR) Internet Security Threat Report Volume 22CheapSSLsecurity
 
Cisco Connect Toronto 2017 - Anatomy-of-attack
Cisco Connect Toronto 2017 - Anatomy-of-attackCisco Connect Toronto 2017 - Anatomy-of-attack
Cisco Connect Toronto 2017 - Anatomy-of-attackCisco Canada
 
Microsoft Cyber Security IT-Camp
Microsoft Cyber Security IT-CampMicrosoft Cyber Security IT-Camp
Microsoft Cyber Security IT-CampAlexander Benoit
 
The Changing Role of Healthcare Data Analysts
The Changing Role of Healthcare Data AnalystsThe Changing Role of Healthcare Data Analysts
The Changing Role of Healthcare Data AnalystsHealth Catalyst
 
DerbyCon 7.0 Legacy: Regular Expressions (Regex) Overview
DerbyCon 7.0 Legacy: Regular Expressions (Regex) OverviewDerbyCon 7.0 Legacy: Regular Expressions (Regex) Overview
DerbyCon 7.0 Legacy: Regular Expressions (Regex) OverviewCiNPA Security SIG
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafeCheapSSLsecurity
 
OISF: Regular Expressions (Regex) Overview
OISF: Regular Expressions (Regex) OverviewOISF: Regular Expressions (Regex) Overview
OISF: Regular Expressions (Regex) OverviewCiNPA Security SIG
 
Scripting and automation with the Men & Mice Suite
Scripting and automation with the Men & Mice SuiteScripting and automation with the Men & Mice Suite
Scripting and automation with the Men & Mice SuiteMen and Mice
 
Umbrella Webcast: Redefining Security for the Nomadic Worker
Umbrella Webcast: Redefining Security for the Nomadic WorkerUmbrella Webcast: Redefining Security for the Nomadic Worker
Umbrella Webcast: Redefining Security for the Nomadic WorkerOpenDNS
 

Viewers also liked (20)

Healthcare Analytics Careers: New Roles for the Brave, New World of Value-bas...
Healthcare Analytics Careers: New Roles for the Brave, New World of Value-bas...Healthcare Analytics Careers: New Roles for the Brave, New World of Value-bas...
Healthcare Analytics Careers: New Roles for the Brave, New World of Value-bas...
 
When Healthcare Data Analysts Fulfill the Data Detective Role
When Healthcare Data Analysts Fulfill the Data Detective RoleWhen Healthcare Data Analysts Fulfill the Data Detective Role
When Healthcare Data Analysts Fulfill the Data Detective Role
 
How to Tap the Power of Storytelling with Facebook Live
How to Tap the Power of Storytelling with Facebook LiveHow to Tap the Power of Storytelling with Facebook Live
How to Tap the Power of Storytelling with Facebook Live
 
Tcp udp
Tcp udpTcp udp
Tcp udp
 
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...
 
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurity
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurityComodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurity
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurity
 
Cyber crime & security
Cyber crime & securityCyber crime & security
Cyber crime & security
 
Dns Hardening Linux Os
Dns Hardening Linux OsDns Hardening Linux Os
Dns Hardening Linux Os
 
(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...
(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...
(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...
 
Role of DNS in Botnet Command and Control
Role of DNS in Botnet Command and ControlRole of DNS in Botnet Command and Control
Role of DNS in Botnet Command and Control
 
Symantec (ISTR) Internet Security Threat Report Volume 22
Symantec (ISTR) Internet Security Threat Report Volume 22Symantec (ISTR) Internet Security Threat Report Volume 22
Symantec (ISTR) Internet Security Threat Report Volume 22
 
Cyber Security # Lec 2
Cyber Security # Lec 2Cyber Security # Lec 2
Cyber Security # Lec 2
 
Cisco Connect Toronto 2017 - Anatomy-of-attack
Cisco Connect Toronto 2017 - Anatomy-of-attackCisco Connect Toronto 2017 - Anatomy-of-attack
Cisco Connect Toronto 2017 - Anatomy-of-attack
 
Microsoft Cyber Security IT-Camp
Microsoft Cyber Security IT-CampMicrosoft Cyber Security IT-Camp
Microsoft Cyber Security IT-Camp
 
The Changing Role of Healthcare Data Analysts
The Changing Role of Healthcare Data AnalystsThe Changing Role of Healthcare Data Analysts
The Changing Role of Healthcare Data Analysts
 
DerbyCon 7.0 Legacy: Regular Expressions (Regex) Overview
DerbyCon 7.0 Legacy: Regular Expressions (Regex) OverviewDerbyCon 7.0 Legacy: Regular Expressions (Regex) Overview
DerbyCon 7.0 Legacy: Regular Expressions (Regex) Overview
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You Safe
 
OISF: Regular Expressions (Regex) Overview
OISF: Regular Expressions (Regex) OverviewOISF: Regular Expressions (Regex) Overview
OISF: Regular Expressions (Regex) Overview
 
Scripting and automation with the Men & Mice Suite
Scripting and automation with the Men & Mice SuiteScripting and automation with the Men & Mice Suite
Scripting and automation with the Men & Mice Suite
 
Umbrella Webcast: Redefining Security for the Nomadic Worker
Umbrella Webcast: Redefining Security for the Nomadic WorkerUmbrella Webcast: Redefining Security for the Nomadic Worker
Umbrella Webcast: Redefining Security for the Nomadic Worker
 

Similar to Namespaces for Local Networks

AWS User Group - Perth - April 2021 - DNS
AWS User Group - Perth - April 2021 - DNSAWS User Group - Perth - April 2021 - DNS
AWS User Group - Perth - April 2021 - DNSJames Bromberger
 
bdNOG 7 - Re-engineering the DNS - one resolver at a time
bdNOG 7 - Re-engineering the DNS - one resolver at a timebdNOG 7 - Re-engineering the DNS - one resolver at a time
bdNOG 7 - Re-engineering the DNS - one resolver at a timeAPNIC
 
The latest news in the DNS resolution: DNSSEC
The latest news in the DNS resolution: DNSSECThe latest news in the DNS resolution: DNSSEC
The latest news in the DNS resolution: DNSSECWhalebone, s.r.o.
 
Whalebone-UKNOF44security992_new_impl.pptx
Whalebone-UKNOF44security992_new_impl.pptxWhalebone-UKNOF44security992_new_impl.pptx
Whalebone-UKNOF44security992_new_impl.pptxAns Sembiring
 
HKNOG 5.0 - NSEC caching
HKNOG 5.0 - NSEC cachingHKNOG 5.0 - NSEC caching
HKNOG 5.0 - NSEC cachingAPNIC
 
Advanced DNS/DHCP for Novell eDirectory Environments
Advanced DNS/DHCP for Novell eDirectory EnvironmentsAdvanced DNS/DHCP for Novell eDirectory Environments
Advanced DNS/DHCP for Novell eDirectory EnvironmentsNovell
 
Pmw2 k3ni 1-2b
Pmw2 k3ni 1-2bPmw2 k3ni 1-2b
Pmw2 k3ni 1-2bhariclant1
 
Azure DNS Privé
Azure DNS PrivéAzure DNS Privé
Azure DNS PrivéAZUG FR
 
Die ultimative Anleitung für HCL Nomad Web Administratoren
Die ultimative Anleitung für HCL Nomad Web AdministratorenDie ultimative Anleitung für HCL Nomad Web Administratoren
Die ultimative Anleitung für HCL Nomad Web Administratorenpanagenda
 
Running a Local Copy of the DNS Root Zone
Running a Local Copy of the DNS Root ZoneRunning a Local Copy of the DNS Root Zone
Running a Local Copy of the DNS Root ZoneAPNIC
 
Running Neutron at Scale - Gal Sagie & Eran Gampel - OpenStack Day Israel 2016
Running Neutron at Scale - Gal Sagie & Eran Gampel - OpenStack Day Israel 2016Running Neutron at Scale - Gal Sagie & Eran Gampel - OpenStack Day Israel 2016
Running Neutron at Scale - Gal Sagie & Eran Gampel - OpenStack Day Israel 2016Cloud Native Day Tel Aviv
 
Chapter 10 Domain Name Systems_MWSA.pptx
Chapter 10 Domain Name Systems_MWSA.pptxChapter 10 Domain Name Systems_MWSA.pptx
Chapter 10 Domain Name Systems_MWSA.pptxmanju772238
 
Question 1 Refer to the graphic above to answer the following .docx
Question 1 Refer to the graphic above to answer the following .docxQuestion 1 Refer to the graphic above to answer the following .docx
Question 1 Refer to the graphic above to answer the following .docxIRESH3
 
Signing DNSSEC answers on the fly at the edge: challenges and solutions
Signing DNSSEC answers on the fly at the edge: challenges and solutionsSigning DNSSEC answers on the fly at the edge: challenges and solutions
Signing DNSSEC answers on the fly at the edge: challenges and solutionsAPNIC
 

Similar to Namespaces for Local Networks (20)

Hands-on DNSSEC Deployment
Hands-on DNSSEC DeploymentHands-on DNSSEC Deployment
Hands-on DNSSEC Deployment
 
AWS User Group - Perth - April 2021 - DNS
AWS User Group - Perth - April 2021 - DNSAWS User Group - Perth - April 2021 - DNS
AWS User Group - Perth - April 2021 - DNS
 
Re-Engineering the DNS – One Resolver at a Time
Re-Engineering the DNS – One Resolver at a Time Re-Engineering the DNS – One Resolver at a Time
Re-Engineering the DNS – One Resolver at a Time
 
bdNOG 7 - Re-engineering the DNS - one resolver at a time
bdNOG 7 - Re-engineering the DNS - one resolver at a timebdNOG 7 - Re-engineering the DNS - one resolver at a time
bdNOG 7 - Re-engineering the DNS - one resolver at a time
 
The latest news in the DNS resolution: DNSSEC
The latest news in the DNS resolution: DNSSECThe latest news in the DNS resolution: DNSSEC
The latest news in the DNS resolution: DNSSEC
 
ION Islamabad - Deploying DNSSEC
ION Islamabad - Deploying DNSSECION Islamabad - Deploying DNSSEC
ION Islamabad - Deploying DNSSEC
 
Whalebone-UKNOF44security992_new_impl.pptx
Whalebone-UKNOF44security992_new_impl.pptxWhalebone-UKNOF44security992_new_impl.pptx
Whalebone-UKNOF44security992_new_impl.pptx
 
Quad9 and DNS Privacy
Quad9 and DNS PrivacyQuad9 and DNS Privacy
Quad9 and DNS Privacy
 
HKNOG 5.0 - NSEC caching
HKNOG 5.0 - NSEC cachingHKNOG 5.0 - NSEC caching
HKNOG 5.0 - NSEC caching
 
Advanced DNS/DHCP for Novell eDirectory Environments
Advanced DNS/DHCP for Novell eDirectory EnvironmentsAdvanced DNS/DHCP for Novell eDirectory Environments
Advanced DNS/DHCP for Novell eDirectory Environments
 
Pmw2 k3ni 1-2b
Pmw2 k3ni 1-2bPmw2 k3ni 1-2b
Pmw2 k3ni 1-2b
 
Azure DNS Privé
Azure DNS PrivéAzure DNS Privé
Azure DNS Privé
 
Grey H@t - DNS Cache Poisoning
Grey H@t - DNS Cache PoisoningGrey H@t - DNS Cache Poisoning
Grey H@t - DNS Cache Poisoning
 
Die ultimative Anleitung für HCL Nomad Web Administratoren
Die ultimative Anleitung für HCL Nomad Web AdministratorenDie ultimative Anleitung für HCL Nomad Web Administratoren
Die ultimative Anleitung für HCL Nomad Web Administratoren
 
Running a Local Copy of the DNS Root Zone
Running a Local Copy of the DNS Root ZoneRunning a Local Copy of the DNS Root Zone
Running a Local Copy of the DNS Root Zone
 
Running Neutron at Scale - Gal Sagie & Eran Gampel - OpenStack Day Israel 2016
Running Neutron at Scale - Gal Sagie & Eran Gampel - OpenStack Day Israel 2016Running Neutron at Scale - Gal Sagie & Eran Gampel - OpenStack Day Israel 2016
Running Neutron at Scale - Gal Sagie & Eran Gampel - OpenStack Day Israel 2016
 
8 technical-dns-workshop-day4
8 technical-dns-workshop-day48 technical-dns-workshop-day4
8 technical-dns-workshop-day4
 
Chapter 10 Domain Name Systems_MWSA.pptx
Chapter 10 Domain Name Systems_MWSA.pptxChapter 10 Domain Name Systems_MWSA.pptx
Chapter 10 Domain Name Systems_MWSA.pptx
 
Question 1 Refer to the graphic above to answer the following .docx
Question 1 Refer to the graphic above to answer the following .docxQuestion 1 Refer to the graphic above to answer the following .docx
Question 1 Refer to the graphic above to answer the following .docx
 
Signing DNSSEC answers on the fly at the edge: challenges and solutions
Signing DNSSEC answers on the fly at the edge: challenges and solutionsSigning DNSSEC answers on the fly at the edge: challenges and solutions
Signing DNSSEC answers on the fly at the edge: challenges and solutions
 

More from Men and Mice

Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network StrategiesCisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network StrategiesMen and Mice
 
Fighting Abuse with DNS
Fighting Abuse with DNSFighting Abuse with DNS
Fighting Abuse with DNSMen and Mice
 
PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2Men and Mice
 
IETF 93 Review Webinar
IETF 93 Review WebinarIETF 93 Review Webinar
IETF 93 Review WebinarMen and Mice
 
RIPE 70 Report Webinar
RIPE 70 Report WebinarRIPE 70 Report Webinar
RIPE 70 Report WebinarMen and Mice
 
DNSSEC best practices Webinar
DNSSEC best practices WebinarDNSSEC best practices Webinar
DNSSEC best practices WebinarMen and Mice
 
The KNOT DNS Server
The KNOT DNS ServerThe KNOT DNS Server
The KNOT DNS ServerMen and Mice
 
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)Men and Mice
 
DNSSEC and DANE – E-Mail security reloaded
DNSSEC and DANE – E-Mail security reloadedDNSSEC and DANE – E-Mail security reloaded
DNSSEC and DANE – E-Mail security reloadedMen and Mice
 
IETF 90 Report – DNS, DHCP, IPv6 and DANE
IETF 90 Report – DNS, DHCP, IPv6 and DANEIETF 90 Report – DNS, DHCP, IPv6 and DANE
IETF 90 Report – DNS, DHCP, IPv6 and DANEMen and Mice
 

More from Men and Mice (13)

Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network StrategiesCisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
 
Fighting Abuse with DNS
Fighting Abuse with DNSFighting Abuse with DNS
Fighting Abuse with DNS
 
PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2
 
PowerDNS Webinar
PowerDNS Webinar PowerDNS Webinar
PowerDNS Webinar
 
IETF 93 Review Webinar
IETF 93 Review WebinarIETF 93 Review Webinar
IETF 93 Review Webinar
 
RIPE 70 Report Webinar
RIPE 70 Report WebinarRIPE 70 Report Webinar
RIPE 70 Report Webinar
 
DNSSEC best practices Webinar
DNSSEC best practices WebinarDNSSEC best practices Webinar
DNSSEC best practices Webinar
 
IETF 92 Webinar
IETF 92 WebinarIETF 92 Webinar
IETF 92 Webinar
 
The KNOT DNS Server
The KNOT DNS ServerThe KNOT DNS Server
The KNOT DNS Server
 
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
 
DNSSEC and DANE – E-Mail security reloaded
DNSSEC and DANE – E-Mail security reloadedDNSSEC and DANE – E-Mail security reloaded
DNSSEC and DANE – E-Mail security reloaded
 
IETF 90 Report – DNS, DHCP, IPv6 and DANE
IETF 90 Report – DNS, DHCP, IPv6 and DANEIETF 90 Report – DNS, DHCP, IPv6 and DANE
IETF 90 Report – DNS, DHCP, IPv6 and DANE
 
RIPE 68 Webinar
RIPE 68 WebinarRIPE 68 Webinar
RIPE 68 Webinar
 

Recently uploaded

Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 

Recently uploaded (20)

DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 

Namespaces for Local Networks

  • 1. Namespaces for Local Networks Name Resolution Webinar Trilogy Part 1
  • 2. A little change … HSTS forced for all 
 ".dev" top level domains
  • 3. … major problem (for some) Current Chrome Browser Future Chrome Browser
  • 4. What has happen? • Google changed the code of the next Chrome browser to enforce proper TLS- encryption on all ".dev" domains • The TLD ".dev" is owned by Google 4https://www.iana.org/domains/root/db/dev.html
  • 5. What is the problem? 5
  • 6. HSTS? • HSTS is short for "HTTP Strict Transport Security" • RFC 6797 
 https://tools.ietf.org/html/rfc6797 • HSTS declares that web-browser connections towards this domain always needs to be secured by TLS (HTTPS) 6
  • 7. HSTS? • HSTS is usually set in the website configuration and send via a HTTP header to the browser • The browser caches the value for "max-age" time 7 https://securityheaders.io/ HSTS Header
  • 8. Google, Chrome and "dev" • Google owns both the Chrome-Browser and the "dev" TLD • For Google it makes sense to ship the Chrome-Browser with preloaded HSTS for their own domains • besides "dev", this includes today the "foo" and "google" TLDs 8
  • 9. "dev" TLD is not the only problem • Administrators and Developers use domain names in their local networks that are not owned by them: • .corp • .lan • .company • .media • .webdev • .server • .infra • .box • … • All this names risk name collisions with new TLDs 9
  • 10. Choices for a local only namespace • Using a seemingly unused DNS TLD in a internal network is a bad idea • The name can become in use later and create name collisions • Choices for a local only namespace: • Subdomain of a delegated domain • A reserved Top-Level-Domain/Second-Level-Domain • Name-Resolution other than DNS (mDNS, LLMNR, PNRP …) 10
  • 11. Option: 
 Subdomain of a delegated domain
  • 12. Subdomain of a delegated domain • Using a sub-domain of a delegated (owned) domain in the Internet is the most safe solution • If it is delegated to you , you already own all subdomains and sub-subdomains of that name • The locally used name should not be reachable from the public Internet 12
  • 13. Subdomain of a delegated domain 13 Internet "." ".com" "example.com" DNS-Resolver Delegation Delegation Query Query Query "lan.example.com"
  • 14. Subdomain of a delegated domain 14 Internet "." ".com" "example.com" DNS-Resolver Delegation Delegation NXDOMAIN NXDOMAIN Query "lan.example.com"
  • 15. Subdomain of a delegated domain 15 Internal Network Internet "." ".com" "example.com" "lan.example.com" "hr.lan.example.com" DNS-Resolver hr.lan.example.com
  • 16. Subdomain of a delegated domain 16 Internal Network Internet "." ".com" "example.com" "lan.example.com" "hr.lan.example.com" DNS-Resolver Query Query
  • 18. Reserved Domain Names • In 1999, the IETF reserved a number of top level domain to not be used in the Internet • RFC 2606 "Reserved Top Level DNS Names" 
 https://tools.ietf.org/html/rfc2606 • Updated in RFC 6761 "Special-Use Domain Names"
 https://tools.ietf.org/html/rfc6761 • ".test", ".invalid", ".example" and ".localhost" • For an internal development system, ".test" would be a good choice 18
  • 19. Reserved Domain Names 19 Internal Network Internet "." ".com" "example.com" "webdev.test" "beta.test" DNS-Resolver www1.webdev.test
  • 20. Reserved Domain Names 20 Internal Network Internet "." ".com" "example.com" DNS-Resolver Query Query "webdev.test" "beta.test"
  • 21. The "home.arpa." domain • The Domain "home.arpa." is used in the new Homenet Control Protocol (HNCP) • HNCP is a new IETF protocol to automatically configure home networks with multiple subnets (lan, wireless, guest- networks etc) • The domain "home.arpa." is only defined for local networks and will never be used in the Internet • Internet Draft "Special Use Domain 'home.arpa.'"
 https://tools.ietf.org/html/draft-ietf-homenet-dot 21
  • 22. Reserved Domain Names 22 Internal Network Internet "." ".com" "example.com" DNS-Resolver with 
 "home.arpa" local zone www-dev.home.arpa
  • 23. Reserved Domain Names 23 Internal Network Internet "." ".com" "example.com" Query 
 "www-dev.home.arpa." DNS-Resolver with 
 "home.arpa" local zone
  • 24. Reserved Domain Names 24 Internal Network Internet "." ".com" "example.com" DNS-Resolver with 
 "home.arpa" local zone Answer 
 "www-dev.home.arpa."
  • 25. More options • We will discuss solutions outside DNS in the upcoming two webinars • Link-Local-Multicast-Name-Resolution (LLMNR) for Windows and Linux • Peer-Name-Resolution-Protocol (PNRP) for Windows • Multicast DNS (mDNS) for macOS, iOS, Windows and Linux 25
  • 27. Unbound with local zone • Unbound is a fast and lean DNS resolver • Available for Unix, Linux, macOS and Windows
 Homepage: https://unbound.net • Unbound main purpose is to resolve names in the Internet for local clients • Unbound has limited authoritative functions (it can serve zone data) • This setup is recommended for smaller networks (less than 100 DNS clients) 27
  • 28. Unbound with local zone • Benefits of using Unbound for local zones: • Simple setup • Only one type of software needed • Fast response times 28
  • 29. Unbound with local zone • Downsides of using Unbound for local zones: • No DNSSEC security for the local zones (but DNSSEC validation for all DNSSEC secured Internet zones) • No automatic provisioning of multiple DNS resolver via zone-transfer 29
  • 30. Unbound with local zone 30 Internal Network Internet "." ".com" "example.com"DNS-Resolver with 
 "home.arpa" local zone www-dev.home.arpa
  • 31. Unbound with local zone 31 Internal Network Internet "." ".com" "example.com"DNS-Resolver with 
 "home.arpa" local zone Query 
 "www-dev.home.arpa."
  • 32. Unbound with local zone 32 Internal Network Internet "." ".com" "example.com"DNS-Resolver with 
 "home.arpa" local zone Answer 
 "www-dev.home.arpa."
  • 33. Unbound with local zone 33 Internal Network Internet "." ".com" "example.com"DNS-Resolver with 
 "home.arpa" local zone www.example.com
  • 34. Unbound with local zone 34 Internal Network Internet "." ".com" "example.com"DNS-Resolver with 
 "home.arpa" local zone Query 
 "www.example.com."
  • 35. Unbound with local zone 35 Internal Network Internet "." ".com" "example.com"DNS-Resolver with 
 "home.arpa" local zone Query 
 "www.example.com." Query 
 "www.example.com." Query 
 "www.example.com."
  • 36. Unbound with local zone 36 Internal Network Internet "." ".com" "example.com"DNS-Resolver with 
 "home.arpa" local zone Answer 
 "www.example.com." Answer 
 "www.example.com."
  • 37. Unbound local-zone example 37 # local-zone example for Unbound # Installation in Unbound configuration directory # for Debian e.g. into /etc/unbound/unbound.conf.d/ server: unblock-lan-zones: yes insecure-lan-zones: yes local-zone: "mynet.home.arpa." static # Zonen-Metadata local-data: "mynet.home.arpa. 3600 IN SOA resolver01.mynet.home.arpa. hostmaster 1 2h 15m 500h 1h" local-data: "mynet.home.arpa. 3600 IN NS resolver01.mynet.home.arpa." # IPv6-Addresses local-data: "resolver01.mynet.home.arpa. 3600 IN AAAA 2001:db8:10:dd::53" local-data: "www.mynet.home.arpa. 3600 IN AAAA 2001:db8:10:ff::80" local-data: "nas.mynet.home.arpa. 3600 IN AAAA 2001:db8:10:ff::222" local-data: "raspi.mynet.home.arpa. 3600 IN AAAA 2001:db8:10:ff::123" # IPv4-Addresses local-data: "resolver01.mynet.home.arpa. 3600 IN A 192.168.1.53" local-data: "www.mynet.home.arpa. 3600 IN A 192.168.1.80" local-data: "nas.mynet.home.arpa. 3600 IN A 192.168.1.222" local-data: "raspi.mynet.home.arpa. 3600 IN A 192.168.1.123"
  • 38. Local Zone with 
 BIND 9
  • 39. Local zone setup with BIND 9 • For larger networks, we recommend to host the local zones on authoritative DNS server separate from the resolvers • On the next slides we show an example design based on BIND 9, but the same design can be implemented with other DNS servers as well (Windows DNS, PowerDNS, Knot, NSD+Unbound etc) 39
  • 40. Local zone setup with BIND 9 • Benefits of a local authoritative DNS Server setup • Higher resiliency • Automatic load-balancing and failover between servers • DNSSEC signing and validation possible for the local zones • Zones are kept in sync with regular zone transfer • Better monitoring and logging possible 40
  • 41. Local authoritative DNS server 41 Internal Network Internet "." ".com" "example.com" DNS-Authoritative Server with 
 "home.arpa" zone Datacenter2 Datacenter1
  • 42. Local authoritative DNS server 42 Internal Network Internet "." ".com" "example.com" DNS-Resolver with 
 "home.arpa" stub-zone Datacenter2 Datacenter1
  • 43. Local authoritative DNS server 43 Internal Network Internet "." ".com" "example.com" Datacenter2 Datacenter1 www.example.com
  • 44. Local authoritative DNS server 44 Internal Network Internet "." ".com" "example.com" Datacenter2 Datacenter1 Query 
 "www.example.com."
  • 45. Local authoritative DNS server 45 Internal Network Internet "." ".com" "example.com" Datacenter2 Datacenter1 Query 
 "www.example.com." Query 
 "www.example.com." Query 
 "www.example.com." Query 
 "www.example.com."
  • 46. Local authoritative DNS server 46 Internal Network Internet "." ".com" "example.com" Datacenter2 Datacenter1 Answer 
 "www.example.com." Answer
 "www.example.com"
  • 47. Local authoritative DNS server 47 Internal Network Internet "." ".com" "example.com" Datacenter2 Datacenter1 www-dev.home.arpa
  • 48. Local authoritative DNS server 48 Internal Network Internet "." ".com" "example.com" Datacenter2 Datacenter1 Query 
 "www-dev.home.arpa." Query 
 "www-dev.home.arpa."
  • 49. Local authoritative DNS server 49 Internal Network Internet "." ".com" "example.com" Datacenter2 Datacenter1 Answer 
 "www-dev.home.arpa." Answer
 "www-dev.home.arpa"
  • 50. BIND 9 configuration on the authoritative server 50 options { recursion no; directory "/var/named"; }; zone "home.arpa." { type master; file "home.arpa"; inline-signing yes; auto-dnssec maintain; };
  • 51. BIND 9 master zone on the authoritative server 51 $TTL 3600 ; Zonen-Metadata mynet.home.arpa. SOA resolver01.mynet.home.arpa. hostmaster 1 2h 15m 500h 1h mynet.home.arpa. NS resolver01.mynet.home.arpa. ; IPv6-Addresses resolver01.mynet.home.arpa. AAAA 2001:db8:10:dd::53 www.mynet.home.arpa. AAAA 2001:db8:10:ff::80 nas.mynet.home.arpa. AAAA 2001:db8:10:ff::222 raspi.mynet.home.arpa. AAAA 2001:db8:10:ff::123 ; IPv4-Addresses resolver01.mynet.home.arpa. A 192.168.1.53 www.mynet.home.arpa. A 192.168.1.80 nas.mynet.home.arpa. A 192.168.1.222 raspi.mynet.home.arpa. A 192.168.1.123
  • 52. BIND 9 configuration on the resolver server 52 options { allow-recursion { clients; }; directory "/var/named"; }; managed-keys {
 "home.arpa." initial-key 257 3 8 "AwEAAagA…"; }; zone "home.arpa." { type stub; file "home.arpa"; masters { 192.0.2.153; 192.0.2.253; }; };
  • 53. Next
  • 54. Men & Mice Training • DNS & DANE Training, 3 days
 19.03 - 21.03.18
 Linuxhotel Essen, Germany 54 http://linuxhotel.de/
  • 55. Next Webinar • Name Resolution Webinar Trilogy Part 2 – Local Name Resolution in Windows Networks • Tuesday, 7th of November, 2017 • Microsoft operating systems have a long history of local name resolution solutions, from NetBIOS over WINS to the LLMNR and PNRP protocols today. • In this webinar, due to take place on 7th November, 2017, we will take a look at PNRP and LLMNR in Windows 10 and Windows Server 2016 and how these protocols can be used to have server-less name resolution without a centralized DNS infrastructure. We also look deeper into the interoperability of these new protocols with older Windows versions, such as Windows 7 or Windows 8. • Join us for a 45 minutes webinar with a Q&A session at the end, on Tuesday, November 7th, 2017 at 4:00 PM CET/ 3:00 PM GMT/ 10:00 AM EDT / 7:00 AM PDT. 55
  • 56. Next Webinar • Name Resolution Webinar Trilogy Part 3 – Local Name Resolution in Linux, FreeBSD and macOS/iOS • Wednesday, 29th of November, 2017 • Multicast DNS (mDNS) was pioneered in Apple’s MacOS X system, and is now available on all systems from Cupertino. • The focus of this webinar will be to take a deeper look into this local name- resolution system and the implementations for other Unix systems like Linux and FreeBSD. Linux’s new über-Daemon “systemd” supports both mDNS and the Windows LLMNR (Link-Local-Multicast-Name-Resolution). We will also show how well a Systemd-Linux behaves in heterogenous networks running both Windows and macOS. • Join us for a 45 minutes webinar with a Q&A session at the end, on Wednesday, November 29th, 2017 at 4:00 PM CET/ 3:00 PM GMT/ 10:00 AM EDT / 7:00 AM PDT. 56
  • 57. Fini - Q & A