dnssec best practices webinar
Post on 23-Jul-2015
229 Views
Preview:
TRANSCRIPT
©!Men!&!Mice!!http://menandmice.com!
DNSSEC!Best!Practice
28!April!2015
1
©!Men!&!Mice!!http://menandmice.com!
What!is!DNSSECa!security!extension!to!authenticate!DNS!data!
DNS!data!is!cryptographically!signed!by!the!owner!of!the!DNS!zone!
the!recipient!of!the!data!can!validate!the!signature!to!ensure!that!
the!data!has!not!been!changed!since!signing!
that!the!data!comes!from!the!owner!of!the!private!key!for!the!domain!
A!recipient!of!DNS!data!can!be!a!DNS!resolver,!an!operating!system!stub-resolver!or!an!application
2
©!Men!&!Mice!!http://menandmice.com!3
plain DNS data
hash
finger-print
RRsig
encrypt!with!!private!key k
Zonefile
plain DNS data
RRsig
authoritative!server
resolving/validating!server
public key
plain DNS data
RRsig
decrypt!with!!public!key k
finger-print
hash
finger-printcompare
parent!zone
DS record
hash verify
DNSSEC!in!a!nutshell
©!Men!&!Mice!!http://menandmice.com!
DNSSEC!MYTH
4
©!Men!&!Mice!!http://menandmice.com!
DNSSEC!myth!busting!1
Myth:!DNSSEC!enables!DNS!reflection!attacks!
Fact:!DNSSEC!records!are!large!and!can!be!used!for!reflection!attacks!
Fact:!non-DNSSEC!records!can!also!be!large!and!used!for!reflection!attacks!(DKIM,!DMARC,!SPF,!SSHFP!…)!
DNS!reflection!attacks!are!an!generic!issue!in!the!DNS!protocol.!The!issue!is!largely!solved!by!response!rate!limiting!(RRL)!and!sane!default!configurations!(preventing!open!DNS!resolver)
5
©!Men!&!Mice!!http://menandmice.com!
DNSSEC!myth!busting!2Myth:!DNSSEC!cannot!be!trusted!
Fact:!the!US!government!has!some!influence!on!the!DNS!root!zone!(incl.!the!DNSSEC!keys)!
Fact:!changes!in!the!Internet!DNS!root-zone!are!highly!visible!and!cannot!be!done!in!secret!
Fact:!local!DNS!spoofing!of!ROOT-Zone!data!is!possible,!but!would!require!to!simulate!large!parts!of!the!public!Internet!
DNSSEC!users!can!configure!additional!trust-anchors!(on!ccTLD!or!2n-level-domain).!The!truly!paranoid!run!a!local!DNS-root!zone!signed!with!their!own!key(s):https://tools.ietf.org/html/draft-ietf-dnsop-root-loopback-01
6
©!Men!&!Mice!!http://menandmice.com!
DNSSEC!myth!busting!3
Myth:!DNSSEC!makes!DNS!slow!
Fact:!with!todays!CPUs!and!hardware,!DNSSEC!validation!is!cheap!
Fact:!DNSSEC!data!is!still!cached.!Once!validated,!the!data!will!be!stored!in!the!DNS!cache!for!the!TTL!lifetime!
watch!Video:!Geoff!Huston!–!what!if!everyone!did!DNSSEC?!(APNIC!38)
7
©!Men!&!Mice!!http://menandmice.com!
DNSSEC!parameter
8
©!Men!&!Mice!!http://menandmice.com!
Why!DNSSEC
•prevents!DNS!cache!poisoning!
•Man-in-the-middle!(MITM)!attacks!are!detected!
•detects!DNS!data!corruption/manipulation!on!authoritative!DNS!servers!
•to!bootstrap!trust!for!other!security!protocols!
SSH,!TLS,!PGP,!S/MIME,!DKIM,!email!transport!security!
new!security!protocols!require!DNSSEC!(e.g.!DANE)
9
©!Men!&!Mice!!http://menandmice.com!
DNSSEC!algorithms
MD5!!!!!!!!!!(deprecated,!not!implemented)!
SHA1!!!!!!!!!!(deprecated,!implemented)!
SHA256!!!!!!(recommended)!
SHA512!!!!!!(large!signatures!and!keys)!
DSA!!!!!!!!!!!!(slow!validation,!no!extra!security)!
ECC-GOST!(used!in!Russia)!
ECDSA!!!!!!!(small!signatures,!read!ECDSA!and!DNSSEC)
10
©!Men!&!Mice!!http://menandmice.com!
Key!sizes!(for!RSASHA256)
be!aware!of!DNS!packet!size!limits!(IPv6!fragmentation!issues)!
Recommendations:!
RFC!6781:!1024!bits!
BIND!9!default:!KSK!-!2048!bits,!ZSK!-!1024!bits!
mildly!paranoid:!KSK!-!2560!bits,!ZSK!-!1536!bits!
truly!paranoid:!KSK!-!4096!bits,!ZSK!-!2048!bits
11
©!Men!&!Mice!!http://menandmice.com!
impact!of!Key!sizes!(for!RSASHA256)
a!larger!key!increases!the!computing!resources!to!sign!a!zone!and!to!validate!the!signatures!
doubling!the!key!size!in!bits!increases!...!
...!the!time!needed!to!create!signatures!(signing)!by!a!factor!of!8!
...!the!time!needed!to!validate!signatures! by!a!factor!of!4!
but!every!extra!bit!in!a!key!doubles!the!amount!of!work!for!an!attacker!to!brute-force!crack!the!key!
12
©!Men!&!Mice!!http://menandmice.com!
Key!sizes!(BIND!9)
only!sign!the!DNSKEY!resource!record!set!(RRSet)!with!the!Key-Signing-Key!to!reduce!the!size!of!the!DNSKEY!answer:!options { […] dnssec-dnskey-kskonly yes; };
13
©!Men!&!Mice!!http://menandmice.com!
IPv6!and!Fragmentation!(1)
The!DNS!protocol!as!designed!in!1983!(RFC!1035ff)!had!a!limitation!of!512-Byte!DNS!payload!over!UDP!transport.!
The!512-Byte!limitation!has!since!been!lifted!with!the!EDNS0!extension,!RFC!2671!(Aug!1999)!and!RFC!6891!(April!2013).!
UDP!DNS!answers!>!1280!byte!can!cause!fragmentation!
IPv6!fragmentation!is!broken!in!the!Internet
14
©!Men!&!Mice!!http://menandmice.com!
IPv6!and!Fragmentation!(2)
Based!on!the!research!by!Roland!van!Rijswijk!(SURFnet)!the!recommendation!is:!!
•!at!least!50%!of!all!authoritative!DNS!servers!for!a!zone!should!limit!the!advertised!EDNS0!payload!to!1232!bytes!!
•!at!least!50%!of!all!in-zone!authoritative!DNS!server!for!a!zone!should!limit!the!advertised!EDNS0!payload!to!1232!!
•!authoritative!DNS!servers!for!the!zone!MUST!respond!to!queries!over!TCP!transport!protocol!!
15
©!Men!&!Mice!!http://menandmice.com!
DNSSEC!Key!Rollover
16
©!Men!&!Mice!!http://menandmice.com!
Key-Rollover!(1)
DNSSEC!keys!are!vulnerable!
can!be!broken!(unlikely!for!keys!>!1536!bits)!
can!be!stolen!(more!likely)!
changing!the!DNSSEC!key!material!in!a!signed!zone!is!called!"key-rollover"!
a!DNSSEC!key-rollover!requires!planning,!timing!and!careful!work!
17
©!Men!&!Mice!!http://menandmice.com!
Key-Rollover!(2)
the!DNSSEC!best-practice!documents!recommend!to!exercise!a!key-rollover!often!
to!gain!operational!experience!
today,!key-rollover!can!be!automated!(BIND!9,!Windows!2012,!OpenDNSSEC,!Knot!…)!
make!sure!that!the!DNS!administrators!gain!operational!experience!with!key!rollovers,!not!only!your!DNS!software!
18
©!Men!&!Mice!!http://menandmice.com!
Key-Rollover!(3)Rollover!times!varies!depending!on!security!requirements!and!key!sizes!
in!the!DNS!community,!there!are!different!schools!of!thought!on!rolling!a!KSK!
•It!should!be!done!frequently!and!regularly!(possibly!every!few!months)!so!that!a!key!rollover!remains!an!operational!routine!
•It!should!be!done!frequently!but!irregularly.!Frequently!meaning!!!!!!!every!few!months,!again!based!on!the!argument!that!a!rollover!is!a!practiced!and!common!operational!routine!
•It!should!only!be!done!when!it!is!known!or!strongly!suspected!that!the!key!can!be,!or!has!been,!compromised
19
©!Men!&!Mice!!http://menandmice.com!20
ZSKold
ZSKnew
create new ZSK
ZSKold
ZSKnew ZSKuse new ZSK for signing
zone transfer + TTL of DNSKEY-RRset
zone transfer + max TTL of zone
remove old ZSK
key active
key published
ZSK!Key!Rollover!(pre-publish)
©!Men!&!Mice!!http://menandmice.com!21
KSKoldcreate new KSK
KSKnew KSK
zone transfer + TTL of DNSKEY RR
remove old KSK
key active
key published
send new DS set to parent
KSKold
KSKnew
TTL of DS recordsset in parent
new DS record in parent
KSK!Key!Rollover!(double-sign)
©!Men!&!Mice!!http://menandmice.com!
NSEC!vs.!NSEC3
22
©!Men!&!Mice!!http://menandmice.com!
NSEC!vs.!NSEC3
DNSSEC!requires!"authenticated!denial!of!existence"!
a!way!to!prove!that!DNS!data!does!not!exist!
two!!options:!NSEC!and!NSEC3!
in!discussion:!NSEC5!
23
©!Men!&!Mice!!http://menandmice.com!
NSEC
NSEC!creates!a!linked!list!of!all!existing!names!and!record-types!for!domain-names!in!a!DNS!zone!
this!maps!the!"gaps",!the!names!and!records!that!do!not!exist!
in!negative!answers,!the!part!of!the!list!is!returned!that!proves!that!non-existence!of!the!data!requested!
24
©!Men!&!Mice!!http://menandmice.com!
NSEC!exampleexample.com. IN SOA ns1 hostmaster 100 3h 1h 41d 1hexample.com. IN NS ns1example.com. IN NS ns2example.com. IN MX 10 mail1example.com. IN MX 20 mail2ns1.example.com. IN A 192.0.2.10ns2.example.com. IN A 192.0.2.20mx1.example.com. IN A 192.0.2.25mx2.example.com. IN A 192.0.2.50www.example.com. IN A 192.0.2.80acc.example.com. IN A 192.0.2.77
25
©!Men!&!Mice!!http://menandmice.com!
NSEC!exampleexample.com. IN SOA ns1 hostmaster 100 3h 1h 41d 1hexample.com. IN NS ns1example.com. IN NS ns2example.com. IN MX 10 mail1example.com. IN MX 20 mail2example.com. IN NSEC acc.example.com. SOA NS MX NSECacc.example.com. IN A 192.0.2.77acc.example.com. IN NSEC mx1.example.com. A NSEC mx1.example.com. IN A 192.0.2.25mx1.example.com. IN NSEC mx2.example.com. A NSECmx2.example.com. IN A 192.0.2.50mx2.example.com. IN NSEC ns1.example.com. A NSECns1.example.com. IN A 192.0.2.10ns1.example.com. IN NSEC ns2.example.com. A NSECns2.example.com. IN A 192.0.2.20ns2.example.com. IN NSEC www.example.com. A NSECwww.example.com. IN A 192.0.2.80www.example.com. IN NSEC example.com. A NSEC
26
©!Men!&!Mice!!http://menandmice.com!
Facts!about!NSEC
NSEC!enables!"zone-walking"!
the!full!zone!content!can!be!listed!from!the!outside!
DNS!data!is!"public",!there!should!be!no!real!"secrets"!in!DNS!
but!sometimes,!having!the!full!zone!"in!the!open"!is!not!desirable!!
enter!NSEC3!…
27
©!Men!&!Mice!!http://menandmice.com!
NSEC3
NSEC3!inhibits!easy!zone!walking!by!using!a!linked-list!of!hashed!domain!names!
same!principle!than!NSEC,!but!with!SHA1!hashed!names!instead!of!plain!text!domain!names!
NSEC3!makes!zone-walking!harder!(but!not!impossible)
28
©!Men!&!Mice!!http://menandmice.com!
example!NSEC3-chain0QRAALUF61VMOMIK3RIQAN2NCR710TQG.example.com. 900 IN NSEC3 1 0 250 50F16BB95384A61F 240H3VFO0ALTPQC8ROU351HC6ECBJ2VD NS
240H3VFO0ALTPQC8ROU351HC6ECBJ2VD.example.com. 900 IN NSEC3 1 0 250 50F16BB95384A61F 5B9SF40PUQB0PG1BKB149GI90K2Q2B9E AAAA RRSIG
5B9SF40PUQB0PG1BKB149GI90K2Q2B9E.example.com. 900 IN NSEC3 1 0 250 50F16BB95384A61F 737JCML7GM5S19URLJ2SM567GAPNC2RK NS
737JCML7GM5S19URLJ2SM567GAPNC2RK.example.com. 900 IN NSEC3 1 0 250 50F16BB95384A61F 7EORHUNRJ8ANN410GCQ0J5TL5FC4T16H RRSIG TYPE65200
7EORHUNRJ8ANN410GCQ0J5TL5FC4T16H.example.com. 900 IN NSEC3 1 0 250 50F16BB95384A61F 9RFJ1DUL878M5HSFHIKSEFFUREGNGT2G NS
9RFJ1DUL878M5HSFHIKSEFFUREGNGT2G.example.com. 900 IN NSEC3 1 0 250 50F16BB95384A61F DG9O30TFDTK57CJT31SHCVIF3USVNM0R NS
DG9O30TFDTK57CJT31SHCVIF3USVNM0R.example.com. 900 IN NSEC3 1 0 250 50F16BB95384A61F H8Q9FUJ2BP35V6U66THCJ9QQITC08K78 A RRSIG
H8Q9FUJ2BP35V6U66THCJ9QQITC08K78.example.com. 900 IN NSEC3 1 0 250 50F16BB95384A61F IETT5ENPFJI144A1E4M2MMOS27N6HP4N A NS SOA MX RRSIG DNSKEY NSEC3PARAM TYPE65534
IETT5ENPFJI144A1E4M2MMOS27N6HP4N.example.com. 900 IN NSEC3 1 0 250 50F16BB95384A61F IJHIKA346TN2M40KGJ6BQAKP2T9DICGS TXT RRSIG
IJHIKA346TN2M40KGJ6BQAKP2T9DICGS.example.com. 900 IN NSEC3 1 0 250 50F16BB95384A61F 0QRAALUF61VMOMIK3RIQAN2NCR710TQG TXT RRSIG
29
©!Men!&!Mice!!http://menandmice.com!
NSEC3!Parameter
30
•Example!NSEC3PARAM!record:dnssec.example. 0 IN NSEC3PARAM 1 0 20 ABBACAFE !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
zone!origin Hash!algorithm!used Flags Iterations
Salt
©!Men!&!Mice!!http://menandmice.com!
NSEC3!Parameter
Flags:!Opt-Out!to!"skip"!delegations!for!non-DNSSEC!signed!zones!(insecure!zones)!
Salt:!prevents!rainbow!table!creation!
recommended!salt!sizes!are!32-64bit!(8-16!hex-chars)!
change!salt!every!ZSK!rollover!
Iterations:!adapt!difficulty!of!brute-force!breaking!to!advanced!in!CPU!technology!(bitcoin!mining!hardware)!
recommendation:!50-500!iterations!(see!RFC!5155!for!guidance)
31
©!Men!&!Mice!!http://menandmice.com!
NSEC!vs.!NSEC3•use!NSEC3!for!zones!where!the!changes!inside!the!zone!need!to!be!protected!for!some!time!
•NSEC3!negative!answers!require!the!authoritative!DNS!server!to!calculate!the!NSEC3!hashes!➜!more!CPU!load!
•use!NSEC3!for!zones!with!many!(possibly!insecure)!delegations!
•use!NSEC!for!everything!else!
•if!you!are!worried!about!DNS!zone!walking,!use!"minimal!coverage!NSEC/NSEC3"!(implemented!in!PowerDNS!as!"narrow"!mode)
32
©!Men!&!Mice!!http://menandmice.com!
DNSSEC!software
33
©!Men!&!Mice!!http://menandmice.com!
DNSSEC!authoritative!server
•BIND!9!
•good!coverage!of!the!protocol!
•decent!speed!
•dynamic!DNSSEC!signing!
•inline!DNSSEC!signing!
•almost!full!DNSSEC!key!rollover!automation!with!timing!events!stored!in!keys!
•response!rate!limiting
34
©!Men!&!Mice!!http://menandmice.com!
DNSSEC!authoritative!server
•PowerDNS!
•Database!backend!
•"remote"!(web-RPC)!backend!
•NSEC3!"narrow"!mode!
•response!rate!limiting!
•Lua!scripting
35
©!Men!&!Mice!!http://menandmice.com!
DNSSEC!authoritative!server
•Knot-DNS!
•DNSSEC!signing!automation!
•response!rate!limiting!
•scales!well!on!modern!multi-core!hardware
36
©!Men!&!Mice!!http://menandmice.com!
DNSSEC!authoritative!server
•NSD!4!
•simple!to!setup!
•fast!
•secure!
•response!rate!limiting
37
©!Men!&!Mice!!http://menandmice.com!
DNSSEC!authoritative!server
•Microsoft!DNS!(Windows!2012!and!later)!
•GUI!with!DNSSEC!wizard!
•full!DNSSEC!rollover!automation
38
©!Men!&!Mice!!http://menandmice.com!
DNSSEC!resolver
•NLnetLabs!Unbound!
•fast,!secure,!many!features!
•BIND!9!
•RPZ-Zones,!many!features!
•Windows!2012!
•GUI
39
©!Men!&!Mice!!http://menandmice.com!
DNSSEC!monitoring
40
©!Men!&!Mice!!http://menandmice.com!
DNSSEC!monitoring
once!a!DNSSEC!signed!zone!becomes!"bogus",!the!zone!disappears!for!all!validating!DNS!resolver!
currently,!around!15%!of!all!DNS!resolvers!do!DNSSEC!validation!
=!a!large!part!of!the!Internet!population!(millions!of!users)!
41
©!Men!&!Mice!!http://menandmice.com!
DNSSEC!monitoring
monitoring!a!DNSSEC!signed!zone!is!important!
•DS-Record!matching!the!KSK!
•Signature!on!the!DNSKEY-Set!!
•Signature!validity!
•Key-Rollover!
42
©!Men!&!Mice!!http://menandmice.com!
DNSSEC!monitoringNagios/Icinga!plugin!to!check!validity!of!one!or!more!DNSSEC!domains!
https://github.com/jpmens/nagval DNSSEC!key!rollover!monitor!and!checker!
https://github.com/bortzmeyer/key-checker OpenDNSSEC!monitor!
https://github.com/opendnssec/dnssec-monitor .SE!DNSSEC!monitor!
!!!!!!!!!https://github.com/dotse/dnssec-monitor
43
©!Men!&!Mice!!http://menandmice.com!
Online!DNSSEC!checkerDNSViz!-!http://dnsviz.net
44
©!Men!&!Mice!!http://menandmice.com!
Online!DNSSEC!checkerZonemaster!-!http://zonemaster.net
45
©!Men!&!Mice!!http://menandmice.com!
DNSSEC!books,!videos,!tutorials
46
©!Men!&!Mice!!http://menandmice.com!
DNSSEC!book
Michael!W.!Lucas!
DNSSEC!Mastery:securing!the!domain!name!system!with!BIND*!
https://www.michaelwlucas.com/nonfiction/dnssec-mastery
47
*Disclaimer:!the!presenter!was!a!technical!reviewer!on!this!book
©!Men!&!Mice!!http://menandmice.com!
DNSSEC!videos•ISOC!ION!Conferencehttp://www.internetsociety.org/deploy360/blog/category/dnssec/videos-dnssec/!
•Matt!Larson!DNSSEC!Intro!(englisch)https://www.youtube.com/watch?v=yzET8Px_JEE!
•DNSSEC!in!50!Minutes!(Michael!Lucas)https://www.youtube.com/watch?v=lY6HgZmAfqchttps://www.youtube.com/watch?v=Hm93GhenqXo!
•Peter!Losher!(ISC):!Closing!the!DNS!Security!Loop!with!DNSSEC https://www.youtube.com/watch?v=LRi9swVQ_5A!
•VUC!434!-!DNSSEC!with!Dan!York!(ISOC)https://www.youtube.com/watch?v=hLeTkip-Tf8!
•ICANN!51!-!DNSSEC!for!everybody http://la51.icann.org/en/schedule/mon-dnssec-everybody
48
©!Men!&!Mice!!http://menandmice.com!
DNSSEC!tutorials
•ISC!DNSSEC!Guidehttps://www.isc.org/downloads/bind/dnssec/http://users.isc.org/~jreed/dnssec-guide/dnssec-guide.html
•DNSSEC!tutorialhttp://www.huque.com/talks/2013-11-dnssec-tutorial-huque.pdf!
•DNSSEC!in!6!minutes https://kb.isc.org/article/AA-00820/0/DNSSEC-in-6-minutes.html
49
©!Men!&!Mice!!http://menandmice.com!
don't!miss!our!next!trainings/webinar
•Upcoming!DNS,!DNSSEC!and!IPv6!Training:!
•2015-06-29!>!2015-07-03!IPv6.!Amsterdam/Europe!
•2015-08-24!>!2015-08-28!IPv6.!New!York.!
•2015-09-07!>!2015-09-11!IPv6.!Europe.!Amsterdam!and/or!London,!
•2015-09-21!>!2015-09-25!DNS!Intro/Advanced.!US!West!Coast.!
•2015-09-28!>!2015-10-02!DNS!Intro/Advanced.!US!East!Coast.!
•2015-10-12!>!2015-10-16!DNS!Intro/Advanced.!Amsterdam/Europe.!
•Next!webinar:!RIPE!70!review!2!June!2015!!
•Signup!@!https://www.menandmice.com/resources/educational-resources/webinars/
50
©!Men!&!Mice!!http://menandmice.com!
Q/A
51
?2015!Schedule,!Slides,!Links,!Recording!and!errata!
can!be!found!@https://www.menandmice.com/resources/educational-resources/webinars/
top related