BEGIN:VCALENDAR VERSION:2.0 PRODID:-//Pentabarf//Schedule 0.3//EN CALSCALE:GREGORIAN METHOD:PUBLISH X-WR-CALDESC;VALUE=TEXT:DNS devroom X-WR-CALNAME;VALUE=TEXT:DNS devroom X-WR-TIMEZONE;VALUE=TEXT:Europe/Brussels BEGIN:VEVENT METHOD:PUBLISH UID:8213@FOSDEM19@fosdem.org TZID:Europe-Brussels DTSTART:20190203T093500 DTEND:20190203T100500 SUMMARY:Using getdns for local DNSSEC validation DESCRIPTION:
The most common setup is where a recursive DNS resolver does the DNSSECvalidation. The nice thing about this approach in that existing applicationsdo not require modifications.
However, an application cannot easily tell if the resolver is doing DNSSECvalidation, and the path between the application and the resolver isunprotected.
The solution to this, is for applications to do local DNSSEC validation.This can be done using the getdns library. The getdns library provides otheradvantages as well, such as a modern interface to DNS resolution, supportfor event libraries (such as libevent).
In this presentation I will describe getdns and show two examples of how itcan be used in practice.
CLASS:PUBLIC STATUS:CONFIRMED CATEGORIES:DNS URL:https:/fosdem.org/2019/schedule/2019/schedule/event/dns_getdns_local_validation/ LOCATION:K.4.601 ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Philip Homburg":invalid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:7522@FOSDEM19@fosdem.org TZID:Europe-Brussels DTSTART:20190203T101000 DTEND:20190203T104000 SUMMARY:How and why (not) to use the 127.0.0.53 nameserver, systemd-resolved and resolvctl DESCRIPTION:Resolved is a local, caching, DNS nameserver resolver and is used by default on Ubuntu. This talk's goals is to de-mystify how it works and what it does by default on Ubuntu, and how one can further configure it to either not get in the way, or do even more cool things. We will discuss how it can be used (nss, dbus, over the network, command-line, text-configs) and how to configure it (config files, command line, resolvconf, dbus, networkd, network-manager). We will cover advanced use cases for per-interface nameservers, true split-dns configuration, and optional features such as DNSSEC MDNS Zeroconf. Last we will discuss bugs, DNS violations and diss captive portals.
CLASS:PUBLIC STATUS:CONFIRMED CATEGORIES:DNS URL:https:/fosdem.org/2019/schedule/2019/schedule/event/dns_systemd_resolved/ LOCATION:K.4.601 ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Dimitri John Ledkov":invalid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:8062@FOSDEM19@fosdem.org TZID:Europe-Brussels DTSTART:20190203T104500 DTEND:20190203T111500 SUMMARY:Stories from BIND9 refactoring DESCRIPTION:Bind9 code is 21 years old - it was written in times without all the modern buzz-words like test-driven development, QA and code quality. Having working on refactoring the code I want to guide the audience through the process of refactoring one particular function - query_find, showing the mistakes made on the way, cul-de-sacs entered, hours and days lost, for others to learn on my mistakes.
CLASS:PUBLIC STATUS:CONFIRMED CATEGORIES:DNS URL:https:/fosdem.org/2019/schedule/2019/schedule/event/dns_bind9_refactoring/ LOCATION:K.4.601 ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Witold Kręcicki":invalid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:8558@FOSDEM19@fosdem.org TZID:Europe-Brussels DTSTART:20190203T112000 DTEND:20190203T115000 SUMMARY:DNS and the Internet's architecture: the DoH dilemma DESCRIPTION:Mozilla's announced deployment model for DNS-over-HTTPS made some properties of this protocol apparent to everyone, stirring a lot of discussion. Specifically, DoH could promote a collective switch from local resolvers to a few global public services, and make each application independent from the user's preferences in the operating system. This could provide more privacy and less censorship, or less privacy and more censorship, depending on how it is deployed and who gets to control the resolvers. What would be the advantages and disadvantages of a broad adoption of DoH by Web browsers, and its likely long-term effects?
CLASS:PUBLIC STATUS:CONFIRMED CATEGORIES:DNS URL:https:/fosdem.org/2019/schedule/2019/schedule/event/dns_over_https_dilemma/ LOCATION:K.4.601 ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Vittorio Bertola":invalid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:8412@FOSDEM19@fosdem.org TZID:Europe-Brussels DTSTART:20190203T115500 DTEND:20190203T122500 SUMMARY:DNS Privacy panel DESCRIPTION:Daniel Stenberg, Stéphane Bortzmeyer and Bert Hubert will discuss the changing DNS privacy landscape, including topics such as DoH, DoT. Moderated by Jan-Piet Mens.
CLASS:PUBLIC STATUS:CONFIRMED CATEGORIES:DNS URL:https:/fosdem.org/2019/schedule/2019/schedule/event/dns_privacy_panel/ LOCATION:K.4.601 ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Daniel Stenberg":invalid:nomail ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Stéphane Bortzmeyer":invalid:nomail ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Bert Hubert":invalid:nomail ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Jan-Piet Mens":invalid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:8505@FOSDEM19@fosdem.org TZID:Europe-Brussels DTSTART:20190203T123000 DTEND:20190203T125500 SUMMARY:ID4me: using the DNS as a directory for identities DESCRIPTION:The DNS was born as a directory for hosts, but shouldn't it also be a directory for people? As Internet-scale single sign-on and identity management platforms multiply, each enclosed in its own private namespace, there is a need to federate them and make them interoperable in an open and standard manner. We will discuss why the DNS is the best tool for that, compare it with trendy but less suitable alternatives (e.g. blockchains), and summarize the workings and the status of existing projects (ID4me).
CLASS:PUBLIC STATUS:CONFIRMED CATEGORIES:DNS URL:https:/fosdem.org/2019/schedule/2019/schedule/event/dns_id4me/ LOCATION:K.4.601 ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Vittorio Bertola":invalid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:8596@FOSDEM19@fosdem.org TZID:Europe-Brussels DTSTART:20190203T130000 DTEND:20190203T132000 SUMMARY:Flamethrower DESCRIPTION:Flamethrower is a new DNS performance and functional testing utility. Originally envisioned as an “improved dnsperf” and allowing simulation of realistic looking traffic patterns it has become a versatile tool for DNS server development and load testing. We will discuss motivations for its existence, its technical architecture, and use cases.
CLASS:PUBLIC STATUS:CONFIRMED CATEGORIES:DNS URL:https:/fosdem.org/2019/schedule/2019/schedule/event/dns_flamethrower/ LOCATION:K.4.601 ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Jan Včelák":invalid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:7650@FOSDEM19@fosdem.org TZID:Europe-Brussels DTSTART:20190203T132500 DTEND:20190203T135500 SUMMARY:Dynamic answer generation with Lua DESCRIPTION:This talk will focus on an in-zone way of generating dynamic answers to DNS queries using Lua. These LUA records look like TXT in the zone, but the authoritative server will run the code that is inside them to answer a query. This talk details the design, implementation and usecases of these records as implemented in the PowerDNS Authoritative Server 4.2 (unreleased as of talk submission).
CLASS:PUBLIC STATUS:CONFIRMED CATEGORIES:DNS URL:https:/fosdem.org/2019/schedule/2019/schedule/event/dns_powerdns_lua_record/ LOCATION:K.4.601 ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Pieter Lexis":invalid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:8523@FOSDEM19@fosdem.org TZID:Europe-Brussels DTSTART:20190203T140000 DTEND:20190203T143000 SUMMARY:Is a single DNS vendor enough? DESCRIPTION:Why is using a single DNS implementation not enough? Discussion about complexities of multi-vendor deployment, and why you should use multi-vendor setup anyway.
CLASS:PUBLIC STATUS:CONFIRMED CATEGORIES:DNS URL:https:/fosdem.org/2019/schedule/2019/schedule/event/dns_is_single_vendor_enough/ LOCATION:K.4.601 ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Petr Špaček":invalid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:8633@FOSDEM19@fosdem.org TZID:Europe-Brussels DTSTART:20190203T143500 DTEND:20190203T150500 SUMMARY:DNS as code with octodns DESCRIPTION:In this talk will be illustrate who to manage a DNS infrastructure with a git repository and pull requests, will be also show how to easy setup multiple zones backup with multiple DNS providers. All make possible with octodns and travis-ci.
CLASS:PUBLIC STATUS:CONFIRMED CATEGORIES:DNS URL:https:/fosdem.org/2019/schedule/2019/schedule/event/dns_octodns/ LOCATION:K.4.601 ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Matteo Valentini":invalid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:8500@FOSDEM19@fosdem.org TZID:Europe-Brussels DTSTART:20190203T151000 DTEND:20190203T154000 SUMMARY:DNSSEC security without maintenance DESCRIPTION:We will show how to use open-source DNS server "Knot DNS" to automatically sign and maintain DNS zones, and how to automate DNSSEC maintenance.
CLASS:PUBLIC STATUS:CONFIRMED CATEGORIES:DNS URL:https:/fosdem.org/2019/schedule/2019/schedule/event/dns_dnssec_security_without_maintenance/ LOCATION:K.4.601 ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Petr Špaček":invalid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:8568@FOSDEM19@fosdem.org TZID:Europe-Brussels DTSTART:20190203T154500 DTEND:20190203T160000 SUMMARY:Documenting Validator Requirements DESCRIPTION:Within the IETF there is an effort to document what is needed for a DNSSEC Validator to work. This talk is to "sell" this document to the developer community and to assess the desire to see the document published. An important question to discuss - how is this not another straw on the back of the camel.
CLASS:PUBLIC STATUS:CONFIRMED CATEGORIES:DNS URL:https:/fosdem.org/2019/schedule/2019/schedule/event/dns_documenting_validator_requirements/ LOCATION:K.4.601 ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Edward Lewis":invalid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:8605@FOSDEM19@fosdem.org TZID:Europe-Brussels DTSTART:20190203T160500 DTEND:20190203T162500 SUMMARY:Revoking the 2010 DNSKEY DESCRIPTION:The new root DNSKEY is in use since October 11th 2018. The old root DNSKEY is still present in the root zone, and will have the revoked bit set on January 11th, 2019. The intent is to monitor RFC8145 data from all the root-server operators.
CLASS:PUBLIC STATUS:CONFIRMED CATEGORIES:DNS URL:https:/fosdem.org/2019/schedule/2019/schedule/event/dns_ksk_2010_revoke_monitoring/ LOCATION:K.4.601 ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Roy Arends":invalid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:8565@FOSDEM19@fosdem.org TZID:Europe-Brussels DTSTART:20190203T163000 DTEND:20190203T170000 SUMMARY:Testing Over 1000 gTLDs for EDNS0 DESCRIPTION:In advance of open source DNS developers "DNS Flag Day", ISC's EDNS0 tester is applied across 1200+ zones. In preparing so many delegations across so many zones, a lot of interesting comments can be made regarding how zones, name servers and addresses are mixed, as well as the results of the original goal, testing EDNS0 protocol deployment.
CLASS:PUBLIC STATUS:CONFIRMED CATEGORIES:DNS URL:https:/fosdem.org/2019/schedule/2019/schedule/event/dns_testing_1000_gtld_edns0/ LOCATION:K.4.601 ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Edward Lewis":invalid:nomail END:VEVENT END:VCALENDAR