Deploy360 7 October 2015

Last Week at LACNIC24 and LACNOG in Bogota, Columbia

By Jan ŽoržFormer Operational Engagement Programme Manager

screen-capture-338I went to the LACNIC24 and LACNOG meeting last week in Bogota, Colombia. As usual, the agenda was packed with good presentations, content, and workshops.

The 2 LAC BCOP meetings helped move the activity forward in the region. The group is working on a Document Development process proposal and we’re trying to help the initiative move forward and start documenting the Best Current Operational Practices on how to build and run networks and how to implement new protocols and standards in the region. The group got a new chair – Ariel Weher – and during the second meeting the group discovered many new topics to work on and document the best current operational practices. Decision was to follow up on every topic separately on mailing list and reconvene at next meeting in Cuba.

12096241_10207979141619242_5666248937441522871_n

As you probably noticed from my other blog posts – we implemented and did some experiments with DANE, DNSSEC and TLS, and I presented the results of that work together with Carlos Martinez Cagnazzo (LACNIC CTO) on the first day of LACNOG meeting, just after the opening plenary session.

We joined together some theory, practice, and some experimentation and we got the whole one-hour slot to make the audience enthusiastic about this technology and move the implementation needle a bit further.

Why do I say that? When I talked about my DNSSEC/DANE implementation and experiments at the SINOG meeting in Ljubljana and at iWeek and ION Cape Town, people in the audience started looking into DNSSEC and DANE and actually started deploying it. Certainly in Slovenia, but also elsewhere – for example Liquid Telekom enabled DNSSEC verification on their public DNS servers (the open resolvers for African continent, Google “8.8.8.8” style) just after my talk about this stuff in Cape Town.

DNSSEC and DANE are not hard to do; the hardest step is to actually start looking at it, learning how it works, and deploying it. When you get over this first step – then you are on your way towards more secure DNS system and also more secure mail and web systems, verified with DANE.

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related Posts

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Improving Technical Security 13 March 2019

IPv6 Security for IPv4 Engineers

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a...