Deploy360 2 March 2016

DNSSEC and DANE Activities at ICANN 55 and Africa DNS Forum in Marrakech March 5-10

By Dan YorkDirector, Internet Technology

ICANN 55 logoStarting this Friday, March 4, I’ll be in Marrakech, Morocco, for a great bit of DNS security discussions at two events:

There will be some great introductions to DNSSEC and DANE – and some outstanding technical presentations on Wednesday.  Two important changes from previous ICANN meetings:

  1. The “DNSSEC For Everybody” tutorial is now on Sunday instead of the usual Monday.
  2. The “DNSSEC Workshop” will be live streamed over YouTube in addition to the usual Adobe Connect (links are included below).

You can also follow along live on most social networks using these hashtags: #AfricaDNSForum, #ICANN55, #DNSSEC.

I also note at the end of the schedule below that I’ll be briefing ICANN staff and interested board members about the MANRS initiative to secure BGP and reduce IP spoofing as part of the Technical Experts Group (TEG) meeting at ICANN 55.

In addition to all of this technical and security work happening at ICANN 55, we at the Internet Society will also be extremely focused on the IANA Stewardship Transition process.  Please read this post from my colleague Konstantinos Komaitis where he explains why this upcoming meeting will be such a critical milestone.

Here are the  main activities – remote participation is available for all of them except one. Do note that all times are Western European Time (WET) which is the same as UTC.

Africa DNS Forum: Panel on DNS Tools

On Saturday, March 5, from 14:00 – 15:30 I will be talking about DNSSEC and DANE in a panel about “DNS and Internet Security Tools: DNSSEC, IPv6 and DANE“. The live stream will be available at:

Africa DNS Forum: Panel on emerging trends in DNS security

On Sunday, March 6, from 11:00 – 12:45 my colleague Michuki Mwangi will be moderating a panel on “Emerging Trends in DNS Security“. The live stream will be available at:

I will be in the audience listening to what looks to be a great set of panelists.

DNSSEC For Everybody: A Beginner’s Guide

On Sunday, March 6, we’ll have the regular “DNSSEC For Everybody: A Beginner’s Guide” session from 16:45 – 18:15  where we’ll do our “skit” dramatizing DNS and DNSSEC. If you have been seeking to understand WHY this all matters, do join in to see! You can watch it remotely (or watch the archive later) at:

And yes, I’ll be talking about blue smoke as I usually do – and this time I get to have a role in the skit!

NOTE: This session has historically taken place on the Monday afternoon of each ICANN meeting, but it was changed to Sunday as of this meeting as ICANN is in the process of consolidating tutorials on the Sunday of the event.

DNSSEC Implementers Gathering

On Monday, many of us who have been involved with deploying DNSSEC or DANE will travel to a nearby restaurant for the “DNSSEC Implementers Gathering” for food, drink and conversation from 19:00-20:00 IST.

Many thanks to Afilias for sponsoring the event.  This is the one event where there is no remote participation possible.

DNSSEC Workshop

As usual, the main event will be the DNSSEC Workshop on Wednesday, March 9, from 9:00 to 15:15 WET.

Remote participation information, slides, the agenda and more info can be found at:

At the event the workshop will also be streamed live via YouTube at:

The sessions will be recorded on both YouTube and Adobe Connect if you would like to listen to them later. Slides will be posted to the workshop page before the event begins.

Thank you to Afilias, CIRA, Dyn and SIDN for sponsoring the DNSSEC Workshop series in 2016.

The current agenda includes:

0900-0915 – DNSSEC Workshop Introduction, Program, Deployment Around the World – Counts, Counts, Counts 

  • Dan York, Internet Society
0915-0930 – Presentation: Update on the ‘Sunset’ of the DNSSEC Look-aside Validation Registry (DLV)

  • Victoria Risk, Internet Systems Consortium (ISC)
0930-1045 – Panel Discussion: DNSSEC Activities in the African Region 

  • Moderator: Mark Elkins, DNS/ZACR
  • Panelists:
    • Alain Aina, AfriNIC
    • Landi Ahmed, KeNIC
    • Alex Corenthin and Khoudia Gueye Sy, .SN
    • Eberhard Lisse, .NA
1045-1100 – Break
1100-1130 –Presentation: DNSSEC SIGNER Switchover

  • Alain Aina, AfriNIC
1130-1200 – Presentation: DNSSEC At Scale

  • Dani Grant, Cloudflare
1200-1230 – Great DNS/DNSSEC Quiz 

  • Dan York, Internet Society, presenting questions developed by Roy Ahrens, ICANN
1230-1315 – Lunch Break
1315-1415 – Panel Discussion: DNSSEC and Elliptic Curve Cryptography

  • Moderator and panelist: Dan York, Internet Society
  • Panelists:
    • Geoff Huston, APNIC
    • Jim Galvin, Afilias
    • Ólafur Guðmundsson, CloudFlare
    • Ondřej Surý, CZNIC
1415-1500 – Panel Discussion:  DNSSEC Root Key Signing Key (KSK) Rollover

  • Moderator: Russ Mundy, Parsons
  • Panelists
    • ICANN Root KSK Rollover Design Team members
    • Warren Kumari, Google
1500-1515 – Presentation: DNSSEC – How Can I Help? 

  • Russ Mundy, Parsons and Dan York, Internet Society

ICANN Board with Technical Experts Group

After the 6+ hours of the DNSSEC Workshop are over, I’ll then head over to the meeting of the Technical Experts Group (TEG) from 15:30 – 17:00 where will I will be participating in the discussions meant to advise the ICANN staff and interested ICANN Board members about emerging trends in technology.  Toward the end of the session I will be presenting for about 15 minutes on the MANRS initiative to secure BGP and reduce IP spoofing in order to make the Internet’s routing infrastructure more resilient and secure.

Remote participation is available through the links found on the session page:

If you will be there at either the Africa DNS Forum 2016 or  ICANN 55 please do say hello – you can find me in these sessions… or drop me a note at [email protected] and we can arrange a time to connect.

And … if you want to get started with DNSSEC and DANE, please visit our Start Here page to find resources that can help!

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Improving Technical Security 13 March 2019

IPv6 Security for IPv4 Engineers

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a...