This shows the results of the DNS team at the IETF 93 Hackathon in Prague on July 18-19, 2015. It includes links to the public repositories where code may be found.
DNS / DNSSEC / DANE / DPRIVE Results at IETF93 Hackathon
1. DNS
/
DNSSEC
/
DANE
/
DPRIVE
Results
at
IETF
93
Hackathon
18-‐19
July
2015
Prague,
Czech
Republic
2. Summary
–
What
We
Are
Working
On
Web
Server
Web
Browser
&
stub
resolver
hTps://example.com/
web
page
DNS
Resolver
+
ValidaZon
10.1.1.123
DNSKEY
RRSIGs
1
25
6
DNS
Svr
example.com
DNS
Svr
.com
DNS
Svr
root
3
10.1.1.123
4
example.com
NS
DS
.com
NS
DS
example.com?
INTEGRITY
–
DNSSEC
TRUST
IN
TLS
-‐
DANE
CONFIDENTIALITY
-‐
DPRIVE
3. DNS
at
#IETFHackathon
at
#IETF93
• Visual
interface
to
show
what
DNSSEC
algorithms
are
supported
by
a
DNS
resolver
• Tool
to
test
for
DNSSEC
roadblocks
– dra_-‐ie`-‐dnsop-‐dnssec-‐roadblock-‐avoidance
• Prototype
web
server
implementaLon
–
TLS
extension
to
deliver
DNSSEC
authenLcaLon
chain
to
client
– dra_-‐shore-‐tls-‐dnssec-‐chain-‐extension
• DNS
confidenLality/privacy
(DPRIVE)
– Fixed
opportunisZc
TLS
in
both
getdns
and
Unbound
to
be
strict
authenZcated
TLS
1. Added
funcZonality
to
getdns
API
to
authenZcate
TLS
server.
2. Patched
Unbound
server:
forward-‐secret
key
exchange;
enabled
sending
full
TLS
cerZficate
chain
in
handshake
• JSON
interface
to
IANA
registry
of
DNSSEC
algorithms
4. Public
releases
• Visual
interface
to
check
DNSSEC
algorithms
– hTps://github.com/ogud/DNSSEC_ALG_Check
– hTps://github.com/getdnsapi/IETF93HackathonNode
• Tool
to
test
for
DNSSEC
roadblock
avoidance
– hTps://www.ie`.org/registraZon/MeeZngWiki/wiki/
dnsresolvercapabiliZes
– hSps://getdnsapi.net/roadblock.php
– hTps://github.com/getdnsapi/IETF93HackathonPHP
• DNS
confidenZality/privacy
-‐
TLS
– Patches
going
into
next
release
of
getdns
API
– Patch
available
for
Unbound
• JSON
interface
to
IANA
registry
of
DNSSEC
algorithms
– hTps://github.com/danyork/dnssec-‐algs-‐json
5. Tool
to
test
DNSSEC
algorithm
support
• Implemented
in
Node.js
using
getdns
API
6. Tool
to
test
DNSSEC
Roadblocks
• Implemented
in
PHP
using
getdns
API
7. DNS
Hackers
• Sara
Dickinson
• Daniel
Kahn
Gillmor
(dkg)
• Ólafur
Guðmundsson
• Shumon
Huque
• Allison
Mankin
• Benno
Overeinder
• Wendy
Seltzer
• Willem
Toorop
• Gowri
Visweswaran
• Tim
Wicinski
• Dan
York