The Men & Mice Blog

RIPE 68 report

Posted by Men & Mice on 6/25/14 12:04 PM

Report from RIPE 68 in Warsaw, Poland

A RIPE Meeting is a five-day event where Internet Service Providers (ISPs), network operators and other interested parties from all over the world gather.

In this webinar, Carsten Strotmann from the Men & Mice Services team reports about what was new at the RIPE 68 meeting.

Hear what he had to say on:

  • Amplification DDoS Attacks – Defenses for Vulnerable Protocols
  • news from DNS-OARC meeting (DNS measurements, open resolver stats)
  • Strengthening the Internet Against Pervasive Monitoring
  • What Went Wrong With IPv6?
  • RIPE IPv6 Analyser
  • IPv6 troubleshooting procedures for helpdesks
  • Using DDoS to Trace the Source of a DDoS Attack
  • Measuring DNSSEC from the End User Perspective
  • Google DNS Hijacking in Turkey
  • The Rise and Fall of BIND 10
  • Knot DNS Update – DNSSEC and beyond
  • Bundy-DNS – the new life of BIND 10

Have a look at the slides and recording from the webinar to learn more.


 

Topics: DNSSEC, IPv6, BIND 10, Webinars

Generating TSIG key for BIND 10

Posted by Men & Mice on 2/15/13 9:29 AM

The first Release Candidate of the new DNS and DHCP server from ISC, BIND 10 (http://bind10.isc.org) was released on February 15, 2013.

Men & Mice is monitoring and supporting the BIND 10 development, and as part of that, our engineers sometimes create little helpful tools to share with the community.

TSIG keys

TSIG is short for Transaction Signatures, defined in RFC 2845 "Secret Key Transaction Authentication for DNS (TSIG)". TSIG is primarily used to authenticate DNS zone transfer between DNS servers, and to secure dynamic DNS updates.

BIND 10 supports TSIG for both zone transfer and dynamic updates, but it does not contain a tool to create the TSIG keys. While it is possible to use the tools from BIND 9 (https://www.isc.org/wordpress/software/bind/) or ldns (ldns-keygen, http://www.nlnetlabs.nl/projects/ldns/), installing these tools along with BIND 10 might be too much overhead.

Men & Mice engineers have written a small tool in Python called b10-gentsigkey.py (https://github.com/menandmice/b10-gentsigkey).

The tool creates by default an HMAC-MD5 key with 128bits size and prints the key on the screen:

# b10-gentsigkey.py example.com
example.com:rc4VdlEPMFan4D+9icDEkg==:hmac-md5

b10-gentsigkey options:

Usage: b10-gentsigkey.py [--help | options] name
Options:
 -h, --help              show this help message and exit
-a ALGORITHM, --algorithm=ALGORITHM
                         algorithm for the TSIG key
-b SIZE, --bytes=SIZE
                         size of the key
-f                      print bindctl CLI command

b10-gentsigkey supports all the TSIG algorithms that are also supported by BIND 10 ('hmac-md5', 'hmac-sha1', 'hmac-sha224', 'hmac-sha256', 'hmac-sha384', 'hmac-sha512').

Using the "-f" (Format) switch, the tool will print the bindctl command to enter the TSIG key into the BIND 10 configuration. That command can be copy-n-paste into the bindctl command line:

# b10-gentsigkey.py -a hmac-sha256 -b 256 -f example.de
config add tsig_keys/keys "example.de:M2nrsQWVEAuAfm67U2Gdfj2dFfJIPay9ZFMukXSSCiY=:hmac-sha256"
config commit

this output can be directly piped into bindctl:


# b10-gentsigkey.py -a hmac-sha1 -b 256 -f example.com | bindctl

We hope to bring a similar command into the BIND 10 CLI (bindctl), so that no external tool is required to create TSIG keys by an external tool.

Until then, enjoy this little tool.

If you are interested in learning more about BIND 10, Men & Mice is working close with ISC to deliver the first industry training on this new version of the BIND name server software in Amsterdam, Netherlands from February 20th - 21st, 2013. You can learn more about it from the Men & Mice BIND 10 workshop page.
 

Topics: BIND 10, TSIG keys

The first BIND 10 Training

Posted by Dagmar Hilmarsdottir on 2/7/13 8:28 AM

BIND 10 - Men BIND 10 is the next generation of BIND, the most widely-used DNS server on the Internet. It is modular server that includes an authoritative DNS server, a recursive DNS server, a DNSSEC signer and a DHCP server for IPv4 and IPv6. BIND 10 first production release to be expected in 2013.

Additional information on BIND 10 can be found on the BIND 10 project website http://bind10.isc.org.

Men & Mice is working close with ISC to deliver the first industry training on this new version of the BIND name server software in Amsterdam, Netherlands from February 20th - 21st, 2013.

This is a classroom-style course with lecture and hands-on labs.

The students will learn how to:

  • install BIND 10 from source or from packages
  • configure BIND 10 as an authoritative DNS Server, a DHCP server and automate DNS and DHCP data provisioning using the BIND 10 management toolset.

The class is geared towards sysadmins and network administrators with basic knowledge on DNS. 
Knowledge on BIND 9 is not required.
 

BIND 10 - Men  & Mice

Topics: BIND 10

Why follow Men & Mice?

The Men & Mice blog publishes educational, informational, as well as product-related material for everyone and anyone interested in IP Address Management, DNS, DHCP, IPv6, DNSSEC and more.

Subscribe to Email Updates

Recent Posts