Step 1: starting situation

Written by Roland van Rijswijk in category: Architecture, Procedures, Technical

The diagram above shows the starting situation on the source signer. The starting situation shown is a typical snapshot of the state of a signer that uses the “ZSK pre-publication” rollover strategy in which a ZSK is pre-published before it is made active and in which old signatures are gradually rolled to the new key […]

No Comments

Signer migration: our goals and assumptions

Written by Roland van Rijswijk in category: Architecture, Procedures, Technical

Introduction As mentioned in the previous post, we will be publishing a series of articles on signer migration. In this article, we will address the goals we set ourselves for the signer migration as well as outline the assumptions we made. We’ll end the article with a brief explanation of the diagrams we will be […]

1 Comments

Signer migration: a step-by-step guide (introduction)

Written by Roland van Rijswijk in category: Architecture, Procedures, Technical

One of our goals with this blog has been to share what we have learned from our DNSSEC deployment with our constituency and the wider Internet community. Last month we performed a complicated operation on our DNSSEC signer deployment: we migrated from the existing signer setup to a completely independently running new signer. We had […]

No Comments

Considerations about Time To Live

Written by Rick van Rein in category: Architecture, Timing, Users

OpenDNSSEC is much more dependent on proper timing than plain DNS, mainly because of the regular rollover of keys. Because of this, a lot of care must go into the design of timing, and especially the TTL parts of DNS records.

No Comments

Master/slave replication with OpenDNSSEC

Written by Rick van Rein in category: Architecture, Resilience

In a previous article we discussed the idea of a high-availability Hardware Security Module (or HSM) service. To make the entire DNSSEC signing service act in high-availability mode there is one more part to replicate, namely the OpenDNSSEC signer machines. These manage the procedures and are aware of the DNS and timing intricacies of DNSSEC. […]

1 Comments

How many keys #2

Written by Roland van Rijswijk in category: Architecture, Crypto, Technical

For a paper I’m writing on state-of-the-art cryptography and applications of cryptography I’ve drawn a picture of the complete trust chain required to validate the answer to a query for www.surfdnssec.org (which is in one of our test domains and is a CNAME pointing to this blog). It really drives home how complex DNSSEC can […]

1 Comments

HSM backup considerations

Written by Rick van Rein in category: Architecture, Resilience, Technical, Timing

When you start to support DNSSEC, you are suddenly supposed to manage the keys used to sign the domain. This is a typical task for a security officer. Typical concerns are to conceal the private keys from outside-world prying eyes, and to avoid losing keys as long as the outside world needs them to trust […]

No Comments

The power of idempotence

Written by Rick van Rein in category: Architecture, Resilience

If any design principle has been leading our architectural work around resilience for DNSSEC, it has been idempotence. It is one of those algebraic concepts that really helps to beat sense into a complex set of choices. Idempotence means that doing the same thing twice is no different from doing it once. Painting orange on […]

No Comments

Access control (#2: the signer)

Written by Roland van Rijswijk in category: Architecture, Policy, Procedures, Security

In a previous post we addressed access control on the network level. This post will focus on access control in various ways on the signer machine. User access control The most basic – but nevertheless important – way of controlling access is by determining which users need access to the signer machine and the potentially […]

No Comments

Access control (#1: Network level)

Written by Roland van Rijswijk in category: Architecture, Policy, Security

Introduction A big part of the security of our infrastructure is determined by the access control we enforce on all the components that form the DNSSEC signer infrastructure. Access control is important on several levels: Network level Access to machines and user privileges on these machines Access to sensitive data on the signer HSM roles […]

No Comments