Internet Systems Consortium
Internet Systems Consortium
  • 86
  • 198 964
Introducing RSSAC and the DNS Root Server System (ICANN 81, 10 November 2024)
At the ICANN 81 meeting in Istanbul on 10 November 2024, ISC President Jeff Osborn gave an introduction to the Root Server System Advisory Committee (RSSAC) and the DNS Root Server System. One surprising take away is that the DNS Root Server System is actually not queried very often!
00:00 Introduction
01:32 The Root Server System Advisory Committee
08:27 Understanding the DNS Root Server System
09:20 Introducing the Domain Name System (DNS)
26:44 The Root Server System: What It Is and What It Isn't
34:53 Q&A
The slides are available offline here: www.isc.org/docs/JOsbornRSSACDNSrootserversystem112024.pdf.
Locally, there were translators translating simultaneously for some audience members, so Jeff is speaking slowly - you might want to speed up the playback if you are impatient.
The speaker:
Jeff Osborn is President of ISC and Chair of the Root Server System Advisory Committee (RSSAC). ISC operates one of the DNS Root Server systems.
---
Learn more at www.isc.org/f-root/
มุมมอง: 102

วีดีโอ

How to Install the Stork Demo package - video tutorial
มุมมอง 2072 หลายเดือนก่อน
Marcin Godzina, a member of the Stork QA team, demonstrates how to install the Stork Demo system. This is a package that creates a self-contained simulated DHCP system, complete with multiple Kea DHCP servers, a DHCP traffic generator, a Grafana installation for viewing charts of dhcp activity, and a Stork management server. Stork Administrative Reference Manual: stork.readthedocs.io/en/v1.18.0...
Kea Configuration With Stork, 13 December 2023
มุมมอง 4.5Kปีที่แล้ว
ISC senior engineer Marcin Siodelski demonstrates some of the new features in Stork that allow users to configure subnets and pools in Kea DHCP. You are welcome to post your questions about Kea DHCP on our helpful community mailing list at lists.isc.org/mailman/listinfo/kea-users. The Kea Administrative Reference Manual is online at kea.readthedocs.io/en/stable/. We also publish a knowledgebase...
Resolver ECS with BIND 9 - S Edition, 26 October 2023
มุมมอง 550ปีที่แล้ว
EDNS Client-Subnet Identifier is an Internet Draft for providing different responses based on the subnet the client is on. BIND 9 has an implementation of the resolver portion of ECS, so it can provide the client subnet identifier to authoritative servers that are equipped to customize responses. What options are available and what do they do? What are some considerations and potential pitfalls...
Reverse DNS and BIND, 19 October 2023
มุมมอง 460ปีที่แล้ว
A DNS lookup takes a name and returns an IP address; reverse DNS does the opposite, and provides a name when given the address. Greg Choules, ISC Support Engineer, explains what reverse DNS is and how to set it up in BIND. (The slides are available at www.isc.org/docs/ReverseDNSpresentation.pdf.) You are welcome to post your questions about BIND 9 DNS on our helpful community mailing list at li...
Robert Carolina speaking at RIPE86 on the revised EU Product Liability Directive, 23 May 2023
มุมมอง 121ปีที่แล้ว
The updates to the EU Product Liability Directive have very significant ramifications for software developers and publishers. Under the new regime, software will be subject to product liability laws, as other products have been for some time. Software bugs, and particularly unpatched vulnerabilities, could be judged to constitute negligence. This video is an edited version of a talk Rob Carolin...
Kea DHCP Template Classes, 7 June 2023
มุมมอง 1.2Kปีที่แล้ว
In this webinar, Carsten Strotmann explains how to use configuration templates to create dynamic classes in Kea DHCP. (The slides are available at: www.isc.org/docs/2023-Kea-Template-Classes.pdf.) You are welcome to post your questions about Kea DHCP on our helpful community mailing list at lists.isc.org/mailman/listinfo/kea-users. The Kea Administrative Reference Manual is online at kea.readth...
Migrating to Kea from ISC DHCP, 16 May 2023
มุมมอง 2.6Kปีที่แล้ว
In this webinar Carsten Strotmann discusses the process of migration, including planning, configuration, testing, and lease migration. (The slides are available at: www.isc.org/docs/2023-Kea-DHC-Migration.pdf.) You are welcome to post your questions about Kea DHCP on our helpful community mailing list at lists.isc.org/mailman/listinfo/kea-users. The Kea Administrative Reference Manual is online...
NetBox and Kea DHCP, 20 April 2023
มุมมอง 4.3Kปีที่แล้ว
Netbox (docs.netbox.dev) is an asset management system, which includes IPAM and DCIM functions. In an IT environment it serves as the source of truth. Other services can (should) use Netbox as its backend. We use Netbox as an example of how to integrate Kea DHCP into open source or commercial IPAM (IP Address Management) and DCIM (Datacenter Infrastructure Management). In this webinar we will e...
Configuring vendor options in Kea DHCP, 30 March 2023
มุมมอง 3Kปีที่แล้ว
Over time, the DHCP protocol has added multiple ways to deliver configuration parameters through vendor options (DHCPv4 options 60/43 and 124/125 as well as DHCPv6 options 16/17). In this webinar trainer and presenter Carsten Strotmann demystifies the use of vendor options in DHCP and explains how to translate vendor option configuration examples for ISC DHCP into a working Kea DHCP setup. (The...
Kea DHCP and Stork, 23 February 2023
มุมมอง 6Kปีที่แล้ว
Stork is a relatively new open source project providing a graphical interface for a network of Kea DHCP systems. Although initially it was limited to monitoring and dashboard functions, recent releases are adding some configuration controls. In this webinar we review the new features, and then provide a hands-on lab to give participants experience in installing Stork on a RedHat-compatible syst...
Memory Management in BIND 9, 15 December 2022
มุมมอง 7642 ปีที่แล้ว
Users frequently ask questions about BIND 9 memory usage and how to optimize memory usage and performance. This is an impossible question to answer, in the general case. The truth is, the answers are platform-specific. So, you need to know how to measure memory usage on *your* platform, and how to adjust BIND memory usage if you need to. (The slides are available at: www.isc.org/docs/2022-webin...
Aliasing in the DNS and HTTPS/SCVB RRs, 22 November 2022
มุมมอง 9052 ปีที่แล้ว
It would be very handy to be able to establish an alias for an apex record in the DNS. Unfortunately, this is not a standardized feature of the DNS, although some operators have created proprietary features with this effect. The new HTTPS and Service-binding (SCVB) resource records on the brink of standardization in the IETF are supposed to 'solve' this long-standing interoperability problem. C...
Using DNS Wildcards, 10 November 2022
มุมมอง 2K2 ปีที่แล้ว
A “wildcard” is a DNS resource record whose owner’s name starts with an asterisk. It sounds like a very simple hack to save time when creating a lot of similar names, but there may be cases where a wildcard is not what you think it is. Test your knowledge with a tricky quiz about how various queries would be answered, given the zone contents (of course, with wildcard entries). Our presenter, Ca...
Optimizing Kea Performance, 27 April 2022
มุมมอง 7262 ปีที่แล้ว
This talk, by Tomek Mrugalski, the original author of Kea and an industry expert in the DHCP and DHCPv6 protocols, explains how to maximize the number of leases per second your Kea DHCP server can provide. Test result show the impact of settings such as queue size and enabling multi-threading on throughput. Tomek uses his knowledge of the software to explain how to use various features such as ...
Governing the "Ungovernable" - DNS Root Server System Governance, 15 March 2022
มุมมอง 3152 ปีที่แล้ว
Governing the "Ungovernable" - DNS Root Server System Governance, 15 March 2022
BIND Advance Security Notifications (ASNs) Process, 2 March 2022
มุมมอง 3532 ปีที่แล้ว
BIND Advance Security Notifications (ASNs) Process, 2 March 2022
DNS Fragmentation: Real-World Measurements, Impact, and Mitigations, 15 December 2021
มุมมอง 3172 ปีที่แล้ว
DNS Fragmentation: Real-World Measurements, Impact, and Mitigations, 15 December 2021
Instrumenting BIND 9 on Linux with BCC/eBPF, 16 November 2021
มุมมอง 6443 ปีที่แล้ว
Instrumenting BIND 9 on Linux with BCC/eBPF, 16 November 2021
Securing BIND 9 with AppArmor/Firejail/SecompBPF, 20 October 2021
มุมมอง 6043 ปีที่แล้ว
Securing BIND 9 with AppArmor/Firejail/SecompBPF, 20 October 2021
Securing BIND 9 with SELinux (RHEL), 21 September 2021
มุมมอง 7993 ปีที่แล้ว
Securing BIND 9 with SELinux (RHEL), 21 September 2021
Stork dashboard for Kea DHCP: Host reservations and lease query
มุมมอง 3.3K3 ปีที่แล้ว
Stork dashboard for Kea DHCP: Host reservations and lease query
Practical BIND 9 Management - Session 5 of 5. Advanced topics in Dynamic Zones, 16 June 2021
มุมมอง 7703 ปีที่แล้ว
Practical BIND 9 Management - Session 5 of 5. Advanced topics in Dynamic Zones, 16 June 2021
Practical BIND 9 Management - Session 4 of 5. Dynamic Zone Files, 19 May 2021
มุมมอง 1.4K3 ปีที่แล้ว
Practical BIND 9 Management - Session 4 of 5. Dynamic Zone Files, 19 May 2021
Practical BIND 9 Management - Session 3 of 5. Load-balancing with dnsdist, 21 April 2021
มุมมอง 1.9K3 ปีที่แล้ว
Practical BIND 9 Management - Session 3 of 5. Load-balancing with dnsdist, 21 April 2021
Practical BIND 9 Management - Session 2 of 5. Long-Term Stats Monitoring & Log Analysis, 17 Mar 2021
มุมมอง 1.9K3 ปีที่แล้ว
Practical BIND 9 Management - Session 2 of 5. Long-Term Stats Monitoring & Log Analysis, 17 Mar 2021
Practical BIND 9 Management - Session 1 of 5. Setting up, managing and using logs, 17 February 2021
มุมมอง 4.1K3 ปีที่แล้ว
Practical BIND 9 Management - Session 1 of 5. Setting up, managing and using logs, 17 February 2021
ISC 2020 Retrospective.
มุมมอง 1183 ปีที่แล้ว
ISC 2020 Retrospective.
Using the Kea DHCP Server - Session 6 of 6. Migrating to Kea from ISC DHCP, 3 December 2020
มุมมอง 1.9K4 ปีที่แล้ว
Using the Kea DHCP Server - Session 6 of 6. Migrating to Kea from ISC DHCP, 3 December 2020
Using the Kea DHCP Server - Session 5 of 6. Monitoring and Logging, 18 November 2020
มุมมอง 4.4K4 ปีที่แล้ว
Using the Kea DHCP Server - Session 5 of 6. Monitoring and Logging, 18 November 2020

ความคิดเห็น

  • @KinShip-v1f
    @KinShip-v1f 20 วันที่ผ่านมา

    09-K4-C-TiER 2~207~01 UB Trust Account daily Receipt 5/17/2022 Alexis TieBoyd You are using him to assault me and agenda him to kill me and he prison for life cause we are throw away people to your design

  • @ZoomRush.Brazil
    @ZoomRush.Brazil หลายเดือนก่อน

    How to validate the keys?

  • @EschinTenebrous
    @EschinTenebrous 2 หลายเดือนก่อน

    <3 Great video :)

  • @osamahamouda5152
    @osamahamouda5152 2 หลายเดือนก่อน

    Excellent and great explanation Thanks a lot

  • @shennayake
    @shennayake 2 หลายเดือนก่อน

    Good stuff to learn DNSSEC. Very useful

  • @soulimanemammar2909
    @soulimanemammar2909 7 หลายเดือนก่อน

    In one hand all these configurations need kea premium and this is not I what I was expecting from an open source project!! In the other hand I'm too old to remember (or dig the documentation) for all the options and syntax quirks just to configure a few subnets and reservations. I wasted my time with is project

    • @TerAnYu
      @TerAnYu 4 หลายเดือนก่อน

      Have you found an alternative?

    • @soulimanemammar2909
      @soulimanemammar2909 4 หลายเดือนก่อน

      @@TerAnYu Yes and No. For instance pfSense comes with a DHCP server with a nice GUI that's easy to use for simple scenarios

    • @ISCdotorg
      @ISCdotorg 4 หลายเดือนก่อน

      @@soulimanemammar2909 pfSense does have a nice GUI! I believe they include our older ISC DHCP server (as well as DNSMASQ) in their product. We need some revenue source to support the DHCP server developers at ISC, so we charge for the extensions that make it easier to configure. Stork is a GUI we are developing using those extensions, but you can use the open source Kea dhcp server and configure it via CLI, for free.

    • @pprocacci
      @pprocacci หลายเดือนก่อน

      @@ISCdotorg No, you don't need revenue sources to support developers. Open source is exactly how it sounds, that is, developers GIVING their free time to make something better and something they enjoy doing. Companies charging for something that should be free and open is laughable.

  • @nicolasbeauchesne2426
    @nicolasbeauchesne2426 9 หลายเดือนก่อน

    Hello I want to know if you recommend to intall KEA with docker

  • @dragonball41876
    @dragonball41876 10 หลายเดือนก่อน

    Very good!

  • @SofiaFeijoo-s2r
    @SofiaFeijoo-s2r ปีที่แล้ว

    thanks! i was having a hard time reading the rfc directly.

  • @LIKKLEbitCsale
    @LIKKLEbitCsale ปีที่แล้ว

    im in one of those countries!

    • @alaminbijoy1027
      @alaminbijoy1027 10 หลายเดือนก่อน

      congratulations 😂

  • @MauriceBurrows-o8s
    @MauriceBurrows-o8s ปีที่แล้ว

    Very nice ... is you slide deck available for download ?

    • @ISCdotorg
      @ISCdotorg 4 หลายเดือนก่อน

      Slides are posted at: www.isc.org/docs/2023-Kea-and-NetBox.pdf.

  • @AnkitBarthwalIN
    @AnkitBarthwalIN ปีที่แล้ว

    Thanks for the tutorial, it helped alot!

  • @leekorean81
    @leekorean81 ปีที่แล้ว

    Very helpful!! Thanks

  • @rustyabdou7860
    @rustyabdou7860 ปีที่แล้ว

    How to run kea dhcp in a specific network namecpace ?

    • @planetm68k82
      @planetm68k82 9 หลายเดือนก่อน

      You create a network namespace (using "ip" or a container runtime such as "docker" or "podman") and execute the Kea DHCP processes inside that network namespace. Kea DHCP is not special in regards to network namespaces from other processes

  • @arvymajid4424
    @arvymajid4424 ปีที่แล้ว

    Promo'SM 😇

  • @robertcooper8533
    @robertcooper8533 ปีที่แล้ว

    Thank you for posting this as I was unable to make the webinar

    • @ISCdotorg
      @ISCdotorg ปีที่แล้ว

      Thank you for watching!

  • @kbabioch
    @kbabioch ปีที่แล้ว

    Great content. Thank you. I guess I'm one of the crazy ones interested in these topics, since this doesn't have a whole lot of views... Since some aspects have changed with recent versions of BIND 9.17/9.18, an update would be appreciated. Also I'm interested in details regarding split horizon DNS setups:-).

    • @mariusstubs7199
      @mariusstubs7199 ปีที่แล้ว

      True, but anyway it's a very helpful refresher

    • @ISCdotorg
      @ISCdotorg ปีที่แล้ว

      Glad it was helpful! The split horizon set up is indeed complicated. If you look at our web site (www.isc.org/presentations/) we have had other recent talks on DNSSEC that are up to date.

  • @thebamplayer
    @thebamplayer ปีที่แล้ว

    It's also interesting to know that for a .de Domain you have to provide a KSK Key to the parent zone and they will calculate the DS record for you.

  • @stokitko
    @stokitko 2 ปีที่แล้ว

    Is any dns server that has an API to upload the DS record? Maybe PowerDNS has something for this

  • @kellysmith7357
    @kellysmith7357 2 ปีที่แล้ว

    It was mentioned early on that there were some more general DNS classes facilitated by these two. Are they referring to the videos on this channel or are they available elsewhere? Also very cool, thanks to ISC!

    • @ISCdotorg
      @ISCdotorg ปีที่แล้ว

      We recommend our webinars for general DNS information, and sometimes ISC staff present live at various conferences. Men&Mice has worked with ISC to develop their own suite of training classes, at www.menandmice.com/training. Thanks for watching!

  • @rickyeng56
    @rickyeng56 2 ปีที่แล้ว

    Instead of using number 257, what's the reason the RFC don't use KSK?

    • @AlanClegg
      @AlanClegg ปีที่แล้ว

      Because that field is actually a set of flag bits and not "just" the KSK/ZSK marker. Sorry for the delayed response. 🙂 A friend of mine just reminded me about these. (I'm the author/presenter)

  • @rickyeng56
    @rickyeng56 2 ปีที่แล้ว

    Finally! Thank you!

  • @eien7228
    @eien7228 2 ปีที่แล้ว

    i have a question, where did the watcher could see our dns queries, is there any specific place or it can be anywhere, and how

  • @genkiferal7178
    @genkiferal7178 2 ปีที่แล้ว

    i learned something. thanks!

    • @ISCdotorg
      @ISCdotorg 2 ปีที่แล้ว

      Glad to hear it!

  • @christothegreat1
    @christothegreat1 2 ปีที่แล้ว

    Aren't Trust Anchors deprecated and removed from DNSSEC for some time now??

    • @ISCdotorg
      @ISCdotorg ปีที่แล้ว

      No. You need trust anchors for DNSSEC - the DLV or DNSSEC Look-aside Validator registry was deprecated. That might be what you are thinking of. It was a place to locate a trust anchor if your parent couldn't do that, kind of like a foster-parent.

  • @mazhet6572
    @mazhet6572 2 ปีที่แล้ว

    Very clear

  • @manuelstausberg8923
    @manuelstausberg8923 2 ปีที่แล้ว

    This series, and especially this video, are great for understanding DNSSEC. Thanks a lot!

    • @ISCdotorg
      @ISCdotorg 2 ปีที่แล้ว

      You are welcome!

    • @quanle2093
      @quanle2093 ปีที่แล้ว

      @@ISCdotorg 0:33

  • @DoNotEatPoo
    @DoNotEatPoo 2 ปีที่แล้ว

    I completed this entire series. Fantastic content.

  • @muddasirkhan805
    @muddasirkhan805 2 ปีที่แล้ว

    Is there a fundamental to advanced course with this level of detail? I loved this, thanks!

    • @ISCdotorg
      @ISCdotorg 2 ปีที่แล้ว

      Not that I know of

  • @eneagjergo7865
    @eneagjergo7865 2 ปีที่แล้ว

    Thank you for your video. I just had one question regarding configuration of KEA over TLS. Is it necessary to have public IP and DNS or does it work also with reserved IP-s to add as SAN in a certificate in order that TLS Handshake for 2 KEA peers in HA mode to work?

  • @rachidouqa
    @rachidouqa 3 ปีที่แล้ว

    Thank you , you really helped me a lot

  • @nelsoncherubimdeandrade2081
    @nelsoncherubimdeandrade2081 3 ปีที่แล้ว

    Congratulations on the content. Didactics and ease in approaching the topic. Nelson - Brazil

    • @AlanClegg
      @AlanClegg ปีที่แล้ว

      Thank you!

  • @mustafabulentkilimci7643
    @mustafabulentkilimci7643 3 ปีที่แล้ว

    thank you very much friend.

  • @nadeshiko331
    @nadeshiko331 3 ปีที่แล้ว

    i just noticed the part of isc ipv6 address is b00b and cafe :)) instead of trying to understand the content i notice this stuff sorry.

  • @mustafabulentkilimci7643
    @mustafabulentkilimci7643 3 ปีที่แล้ว

    thank you very usefull video training

    • @ISCdotorg
      @ISCdotorg 2 ปีที่แล้ว

      You are welcome

  • @musluy
    @musluy 3 ปีที่แล้ว

    Good article and clear explanation.

  • @zhongwen26
    @zhongwen26 3 ปีที่แล้ว

    仍然没有过时

  • @GurkoKurdo
    @GurkoKurdo 3 ปีที่แล้ว

    cant even test this without cdn useless for people keen on learning

  • @allantinker6838
    @allantinker6838 3 ปีที่แล้ว

    "Host database not available, cannot add host." Works like a charm..

  • @varun46v123
    @varun46v123 3 ปีที่แล้ว

    Great Session

  • @marindonu4473
    @marindonu4473 3 ปีที่แล้ว

    Great useful info. Thank you!

  • @christiangoth4652
    @christiangoth4652 3 ปีที่แล้ว

    Very good video! Just one question: how can an enterprise still enforce filtering with DoT if the DNS-request is encrypted (14:10)?

    • @ISCdotorg
      @ISCdotorg 3 ปีที่แล้ว

      It should work, if you are using RPZ. The Resolver still sees the replies it is sending so it can filter them. If you are filtering elsewhere in the network, then, yeah, this could be a problem.

  • @techevangelist8373
    @techevangelist8373 3 ปีที่แล้ว

    Can DNSSEC provide privacy? It only provides integrity and authentication is my understanding. Is that correct?

    • @ISCdotorg
      @ISCdotorg 2 ปีที่แล้ว

      yes, you are correct. DNSSEC is not relevant for privacy. For privacy there are options to use encrypted transport, or to limit the queries sent to systems that don't 'need' to know the whole query (query minimization).

  • @techevangelist8373
    @techevangelist8373 3 ปีที่แล้ว

    Great session. Kaminsky left this world...

  • @dealscart
    @dealscart 3 ปีที่แล้ว

    Excellent.. thanks

    • @ISCdotorg
      @ISCdotorg 3 ปีที่แล้ว

      Glad you liked it!

  • @MrArsalan1988
    @MrArsalan1988 3 ปีที่แล้ว

    very informative

    • @ISCdotorg
      @ISCdotorg 3 ปีที่แล้ว

      Glad you think so!

  • @DanielGolinski
    @DanielGolinski 3 ปีที่แล้ว

    Thank you thank you thank you for making this public! Kinda scary how this only has 700 views, no one cares about security!

  • @PetritK10
    @PetritK10 3 ปีที่แล้ว

    Thank you very much

    • @ISCdotorg
      @ISCdotorg 3 ปีที่แล้ว

      You are welcome

  • @zam4ever
    @zam4ever 4 ปีที่แล้ว

    Looking forward for part 5 and 6.

  • @miamoto5040
    @miamoto5040 4 ปีที่แล้ว

    Best explanation of DNSSEC so far

    • @ISCdotorg
      @ISCdotorg 3 ปีที่แล้ว

      Thank you!