INSTALLATION OF BLOGGING PLATFORM & Configuration of DNSSEC Enabled Name Server Katja Andreeva, Marco Johns
SERVER (KAMMIO.KUTOMO.NET)
SERVER (KAMMIO.KUTOMO.NET) Virtual Private Server (VPS) from Linode.com Ubuntu 10.04 LTS (Long Time Support) 512 MB RAM, 16 GB HDD
REQUIREMENTS
REQUIREMENTS Linux based software
REQUIREMENTS Linux based software Multiple users
REQUIREMENTS Linux based software Multiple users Multiple weblogs
REQUIREMENTS Linux based software Multiple users Multiple weblogs Extendability (plug-ins)
MOVABLE TYPE
MOVABLE TYPE movabletype.org
MOVABLE TYPE movabletype.org Open-source weblog publishing system (GNU)
MOVABLE TYPE movabletype.org Open-source weblog publishing system (GNU) Perl + Apache + MySQL (PostgreSQL, SQLite via plug-ins)
MOVABLE TYPE movabletype.org Open-source weblog publishing system (GNU) Perl + Apache + MySQL (PostgreSQL, SQLite via plug-ins) Multiple weblogs
MOVABLE TYPE movabletype.org Open-source weblog publishing system (GNU) Perl + Apache + MySQL (PostgreSQL, SQLite via plug-ins) Multiple weblogs Standalone content pages
MOVABLE TYPE movabletype.org Open-source weblog publishing system (GNU) Perl + Apache + MySQL (PostgreSQL, SQLite via plug-ins) Multiple weblogs Standalone content pages User roles
PRE-REQUIREMENTS
PRE-REQUIREMENTS Installation of required services Apache Web Server Perl MySQL
PRE-REQUIREMENTS Installation of required services Apache Web Server Perl MySQL
INSTALLING MOVABLE TYPE Followed Detailed Step-by-Step Installation Guide at movabletype.org http://tiny.cc/movableinstall
DEMO
DNSSEC ENABLED NAME SERVER
DNSSEC ENABLED NAME SERVER BIND 9.7.0 (Ubuntu)
DNSSEC ENABLED NAME SERVER BIND 9.7.0 (Ubuntu) Recursive DNS (caching)
DNSSEC ENABLED NAME SERVER BIND 9.7.0 (Ubuntu) Recursive DNS (caching) DNSSEC validation
WHAT S DNSSEC?
WHAT S DNSSEC? Adds security to internet name resolving
WHAT S DNSSEC? Adds security to internet name resolving Origin authentication
WHAT S DNSSEC? Adds security to internet name resolving Origin authentication Data integrity
WHAT S DNSSEC? Adds security to internet name resolving Origin authentication Data integrity Authenticated denial of existence
WHAT S DNSSEC?
WHAT S DNSSEC? Every DNS query is signed
WHAT S DNSSEC? Every DNS query is signed If signature is valid, response is from trusted name server
WHAT S DNSSEC? Every DNS query is signed If signature is valid, response is from trusted name server Prevents DNS spoofing / hijacking
WHAT S DNSSEC? Every DNS query is signed If signature is valid, response is from trusted name server Prevents DNS spoofing / hijacking Signatures can be validated from the DNS root servers.
WHAT S DNSSEC? Every DNS query is signed If signature is valid, response is from trusted name server Prevents DNS spoofing / hijacking Signatures can be validated from the DNS root servers. Resolvers are configured with a root trust anchor key
OBTAINING ROOT TRUST ANCHOR By asking from root using dig
OBTAINING ROOT TRUST ANCHOR By asking from root using dig
VERIFYING ROOT TRUST ANCHOR
VERIFYING ROOT TRUST ANCHOR Verify key using dsfromkey
VERIFYING ROOT TRUST ANCHOR Verify key using dsfromkey
VERIFYING ROOT TRUST ANCHOR Verify key using dsfromkey Compare signatures (http://data.iana.org/root-anchors/)
VERIFYING ROOT TRUST ANCHOR Verify key using dsfromkey Compare signatures (http://data.iana.org/root-anchors/)
BIND CONFIGURATION named.conf:
BIND CONFIGURATION named.conf:
BIND CONFIGURATION named.conf.options:
BIND CONFIGURATION named.conf.options:
BIND CONFIGURATION named.conf.options:
DEMO
THANK YOU