swinog October 2023

swinog@lists.swinog.ch

5 participants
5 discussions

Operational announcement: transition from NSEC3 to NSEC in the CH/LI zone
by Daniel Stirnimann 30 Oct '23

30 Oct '23

Hi list, We plan a DNSSEC signing change for the ch. and li. zone files. Introduction: Both NSEC and NSEC3 are mechanisms that provide signed DNS records as proof of non-existence for a given name or associated Resource Record Type in a DNSSEC signed zone. While they serve the same primary purpose, NSEC3 offers added features, such as not directly disclosing bounding domain name pairs and providing "opt-out support." This latter feature allows large registries to cover blocks of unsigned delegations with a single NSEC3 record, thereby only signing as many NSEC3 records as there are signed DS or other RRsets in the zone. Recent trends and developments: Since 2021, there's been a notable increase in the percentage of domain names with DNSSEC for .ch, jumping from 6% to 49% [1]. Additionally, the TLD zone files for both .ch and .li have been made publicly accessible for download in recent years [2]. These developments have rendered the argument for using NSEC3 with opt-out less compelling. Our action plan: SWITCH is set to transition from NSEC3 (utilizing opt-out) to NSEC for both the .ch and .li TLD zones. Given the high percentage of domain names already employing DNSSEC, this shift will result in only a modest increase in the size of the zone files. Importantly, transitioning to NSEC offers several benefits [3]: * Enhanced performance and reduced latency * Decreased resource utilization on both authoritative and recursive servers * Potential bolstering of resilience against specific types of DoS attacks Scheduled transition dates: .li: 10th November 2023, 8 am CET .ch: 10th November 2023, 10 am CET Impact assessment: We expect no operational impacts for end users. However, we value feedback and observations. If you have concerns or notice any anomalies related to this transition, please don't hesitate to contact us. [1] https://www.nic.ch/statistics/dnssec/ [2] https://zonedata.switch.ch/ [3] https://datatracker.ietf.org/doc/html/rfc8198 -- Daniel Stirnimann, SWITCH-CERT Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland phone +41 44 268 15 15, direct +41 44 268 16 24 https://switch.ch https://swit.ch/linkedin https://swit.ch/twitter

1 0

Rack Cooling getting trashed?
by Steven Glogger 21 Oct '23

21 Oct '23

Hi There I’m looking for a ventilator / aka rack cooler. If someone is about to trash it, please let me know :) I’m willing to compensate in Beer, etc. :) [cid:f10ef73e-36c2-417c-bc2f-9aae0fcfc9d3@eurprd03.prod.outlook.com] greetings -steven

1 0

attn: ip-plus postmaster regarding issue on: mail.swisscom.com
by Benoit Panizzon 19 Oct '23

19 Oct '23

Hi List Trying that way. Could the ip-plus postmaster contact me off-list please: Regarding emails to Swisscom employees reproducible disappearing after being successfully received on: mail.swisscom.com. [138.188.176.225] Mit freundlichen Grüssen -Benoît Panizzon- -- I m p r o W a r e A G - Leiter Commerce Kunden ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web http://www.imp.ch ______________________________________________________

1 0

DENOG15 in Berlin (Workshop registration open)
by Stefan Funke 18 Oct '23

18 Oct '23

Hallo SWINOG! ========= Deutsch Das jährliche DENOG Event (DENOG15) wird dieses Jahr im Estrel Congress Center (Sonnenallee 225, 12057 Berlin) stattfinden.Wie jedes Jahr möchten wir selbstverständlich auch alle Freunde, Bekannten und Kollegen aus der SWINOG Region dazu einladen! Wer an den Workshops teilnehmen möchte, sollte jetzt die Möglichkeit benutzen und den Ticketkauf mit entsprechenden Reservierungen verbinden. Die Workshops sind immer recht schnell ausgebucht und der reguläre Ticketverkauf endet in weniger als 2 Wochen, am 28. Oktober 2023. https://www.denog.de/de/meetings/denog15/workshop_registration.html https://www.denog.de/de/meetings/denog15/tickets.html Wir freuen uns euch in Berlin! ========= English DENOG15 (19.-21.11.2023) in Berlin will be held in the Estrel Congress Center (Sonnenallee 225, 12057 Berlin). We are excited about DENOG15 in November and look forward to seeing you all again. The agenda is fixed now, and we already opened workshop registrations. Since there is limited space for all workshops, please register now to have a spot! https://www.denog.de/de/meetings/denog15/workshop_registration.html Ticket sales end on October 28th. If you haven't ordered your ticket until now, please do so at: https://www.denog.de/de/meetings/denog15/tickets.html Für die DENOG Event Orga, Stefan

1 0

Free places in DNSSEC/DANE training 19./20. October in Zurich and 30./31. October in Lausanne
by Michael Hausding 10 Oct '23

10 Oct '23

Dear Swinog We are pleased to invite you to join the DNSSEC/DANE training organised by SWITCH. We offer two options: Training in Zürich 19 Oct 2023 - 20 Oct 2023 Training in Lausanne 30 Oct 2023 - 31 Oct 2023 The DNSSEC/DANE training is targeted at registrars, hosters and email providers, but might be also valuable for those who want to improve their DNS and email security. The participation is free for Swinog members. More information and registration can be found at: https://www.switch.ch/security/DNSSEC_2023/ In case of question, do not hesitate to contact petra.raszkova(a)switch.ch. Best regards Michael ------------------------------------ Michael Hausding, Competence Lead DNS & Domain Abuse SWITCH-CERT Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland phone +41 44 268 15 77, incident phone +41 44 268 15 40 michael.hausding(a)switch.ch http://securityblog.switch.ch

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

swinog October 2023