Thu 24 Jul 2014  

DNSSEC via a New Stub Resolver


Many developers don’t realize how much they rely on the DNS and how important some of the modern improvements to the DNS are to building reliable and secure applications. We first take a few minutes to explain how the DNS works from an application’s perspective and provide context by explaining the most essential uses of DNSSEC. The need for a more modern interface to the DNS (beyond the libc entry points) is obvious, however so far there isn’t a commonly accepted standard. We explore the origins of the independently commissioned specification documented as the getDNS API and then dig into the most important features of the specification. The balance of the talk covers the Open Source implementation of that specification whose first public release is scheduled for February 25, 2014. The core team is comprised of developers at Verisign and NLNet Labs and is spread from Alaska to the mid-Atlantic US to the Netherlands. Our team has leveraged some simple tools to make collaboration effective and we will share our techniques for managing geographic diversity. We spend some time to explore how we chose the BSD license for the project and how we are leveraging hackathons and other means of gaining feedback from developers outside the team as we build the implementation.

Other by these authors

  Living on the Edge
  Sun 04 Feb 2018
  DNS devroom @ FOSDEM'18
  Willem Toorop   end-2-endness
Greatly needed stub resolver capabilities for applications and systems with the getdns library
  KSK rollover impact on getdns
  Tue 12 Sep 2017
  Willem Toorop   Announcement   Zero config DNSSEC
How does the upcoming root KSK impact getdns
  Hands on getdns
  Thu 06 Jul 2017
  Sara Dickinson   Willem Toorop
Tutorial at the JCSA17 in Paris
  How to get a trustworthy DNS Privacy enabling recursive resolver
  Sun 26 Feb 2017
  Willem Toorop   Benno Overeinder   Melinda Shore   DNS Privacy
Analysis of authentication mechanisms for DNS Privacy enabling recursive resolvers, presented at the NDSS2017
  How to do a simple query
  Mon 16 Jan 2017
  Willem Toorop   JSON Pointers
Demo of doing an address lookup with getdns both synchronous and asynchronous
  Wed 19 Oct 2016
  Willem Toorop   Stubby
Introducting Stubby at the NANOG68 in Dallas
  IETF96 Hackathon results
  Sun 17 Jul 2016
  Hackathon @ IETF96
  Allison Mankin   Hackathon
Overview of the DNS hackathon projects at the IETF96
  DNSSEC for Legacy Applications
  Thu 19 Nov 2015
  Willem Toorop
Presentation about an experimental nsswitch getdns component.
  IETF94 Hackathon results
  Sun 01 Nov 2015
  Hackathon @ IETF94
  Allison Mankin   Hackathon
Won "Best Internet Security Improvement" price at the IETF 94 Hackathon
  getdns - A new stub resolver
  Sun 13 Sep 2015
  vBSDcon 2015
  Willem Toorop
Very complete overview presentation at te vBSDcon 2015 in Reston
  IETF93 Hackathon results
  Sun 19 Jul 2015
  Hackathon @ IETF93
  Allison Mankin   Hackathon
Won "Best in Show" price at the IETF 93 Hackathon
  getdns API implementation
  Thu 14 May 2015
  OS-WG @ RIPE70
  Willem Toorop
Presentation in the Open Source Working Group at RIPE70 in Amsterdam
  getdns API
  Thu 26 Mar 2015
  Bits-n-Bites @ IETF92
  Sara Dickinson   Gowri Visweswaran   Willem Toorop
Poster presentation at the Bits-n-Bites of the IETF92
  getdns API implementation
  Wed 25 Jun 2014
  Willem Toorop
Presentation at the DNSSEC Workshop at ICANN50 in London
  getdns API implementation
  Wed 14 May 2014
  OS-WG @ RIPE68
  Willem Toorop
Lightning talk at the Open Source Working Group at RIPE 68 in Warsaw
  getdns API implementation
  Sun 11 May 2014
  DNS-OARC 2014 Spring-WS
  Willem Toorop
Presentation at the DNS-OARC Spring Workshop in Warsaw