Deploy360 Domain Name System Security Extensions (DNSSEC) Events Transport Layer Security (TLS)

Last Week at LACNIC24 and LACNOG in Bogota, Columbia

screen-capture-338I went to the LACNIC24 and LACNOG meeting last week in Bogota, Colombia. As usual, the agenda was packed with good presentations, content, and workshops.

The 2 LAC BCOP meetings helped move the activity forward in the region. The group is working on a Document Development process proposal and we’re trying to help the initiative move forward and start documenting the Best Current Operational Practices on how to build and run networks and how to implement new protocols and standards in the region. The group got a new chair – Ariel Weher – and during the second meeting the group discovered many new topics to work on and document the best current operational practices. Decision was to follow up on every topic separately on mailing list and reconvene at next meeting in Cuba.


As you probably noticed from my other blog posts – we implemented and did some experiments with DANE, DNSSEC and TLS, and I presented the results of that work together with Carlos Martinez Cagnazzo (LACNIC CTO) on the first day of LACNOG meeting, just after the opening plenary session.

We joined together some theory, practice, and some experimentation and we got the whole one-hour slot to make the audience enthusiastic about this technology and move the implementation needle a bit further.

Why do I say that? When I talked about my DNSSEC/DANE implementation and experiments at the SINOG meeting in Ljubljana and at iWeek and ION Cape Town, people in the audience started looking into DNSSEC and DANE and actually started deploying it. Certainly in Slovenia, but also elsewhere – for example Liquid Telekom enabled DNSSEC verification on their public DNS servers (the open resolvers for African continent, Google “” style) just after my talk about this stuff in Cape Town.

DNSSEC and DANE are not hard to do; the hardest step is to actually start looking at it, learning how it works, and deploying it. When you get over this first step – then you are on your way towards more secure DNS system and also more secure mail and web systems, verified with DANE.