- 85
- 195 547
Internet Systems Consortium
United States
Приєднався 22 сер 2013
Internet Systems Consortium, Inc. (ISC) is a 501(c)(3) corporation dedicated to supporting the infrastructure of the universally connected self-organizing Internet -- and the autonomy of its participants -- by developing and maintaining core production-quality software, protocols, and operations. We hope these videos will help our users make the best use of our open source software to continue to support and extend the Internet.
How to Install the Stork Demo package - video tutorial
Marcin Godzina, a member of the Stork QA team, demonstrates how to install the Stork Demo system. This is a package that creates a self-contained simulated DHCP system, complete with multiple Kea DHCP servers, a DHCP traffic generator, a Grafana installation for viewing charts of dhcp activity, and a Stork management server.
Stork Administrative Reference Manual:
stork.readthedocs.io/en/v1.18.0/demo.html
Ubuntu 24.04.1 image:
releases.ubuntu.com/24.04.1/ubuntu-24.04.1-desktop-amd64.iso
Docker Install instructions:
docs.docker.com/engine/install/ubuntu/
CHAPTERS
---------------------------------------------------
0:00 Intro
0:22 Requirements
1:03 Installing Rake
1:47 Installing Docker
4:16 Downloading Stork
5:12 Starting the Stork Demo
6:05 Stopping the Demo
6:55 Running detached
8:30 Using the Stork Demo
---
Learn more at www.isc.org/stork
Stork Administrative Reference Manual:
stork.readthedocs.io/en/v1.18.0/demo.html
Ubuntu 24.04.1 image:
releases.ubuntu.com/24.04.1/ubuntu-24.04.1-desktop-amd64.iso
Docker Install instructions:
docs.docker.com/engine/install/ubuntu/
CHAPTERS
---------------------------------------------------
0:00 Intro
0:22 Requirements
1:03 Installing Rake
1:47 Installing Docker
4:16 Downloading Stork
5:12 Starting the Stork Demo
6:05 Stopping the Demo
6:55 Running detached
8:30 Using the Stork Demo
---
Learn more at www.isc.org/stork
Переглядів: 131
Відео
Kea Configuration With Stork, 13 December 2023
Переглядів 4,1 тис.11 місяців тому
ISC senior engineer Marcin Siodelski demonstrates some of the new features in Stork that allow users to configure subnets and pools in Kea DHCP. You are welcome to post your questions about Kea DHCP on our helpful community mailing list at lists.isc.org/mailman/listinfo/kea-users. The Kea Administrative Reference Manual is online at kea.readthedocs.io/en/stable/. We also publish a knowledgebase...
Resolver ECS with BIND 9 - S Edition, 26 October 2023
Переглядів 520Рік тому
EDNS Client-Subnet Identifier is an Internet Draft for providing different responses based on the subnet the client is on. BIND 9 has an implementation of the resolver portion of ECS, so it can provide the client subnet identifier to authoritative servers that are equipped to customize responses. What options are available and what do they do? What are some considerations and potential pitfalls...
Reverse DNS and BIND, 19 October 2023
Переглядів 440Рік тому
A DNS lookup takes a name and returns an IP address; reverse DNS does the opposite, and provides a name when given the address. Greg Choules, ISC Support Engineer, explains what reverse DNS is and how to set it up in BIND. (The slides are available at www.isc.org/docs/ReverseDNSpresentation.pdf.) You are welcome to post your questions about BIND 9 DNS on our helpful community mailing list at li...
Robert Carolina speaking at RIPE86 on the revised EU Product Liability Directive, 23 May 2023
Переглядів 117Рік тому
The updates to the EU Product Liability Directive have very significant ramifications for software developers and publishers. Under the new regime, software will be subject to product liability laws, as other products have been for some time. Software bugs, and particularly unpatched vulnerabilities, could be judged to constitute negligence. This video is an edited version of a talk Rob Carolin...
Kea DHCP Template Classes, 7 June 2023
Переглядів 1,1 тис.Рік тому
In this webinar, Carsten Strotmann explains how to use configuration templates to create dynamic classes in Kea DHCP. (The slides are available at: www.isc.org/docs/2023-Kea-Template-Classes.pdf.) You are welcome to post your questions about Kea DHCP on our helpful community mailing list at lists.isc.org/mailman/listinfo/kea-users. The Kea Administrative Reference Manual is online at kea.readth...
Migrating to Kea from ISC DHCP, 16 May 2023
Переглядів 2,5 тис.Рік тому
In this webinar Carsten Strotmann discusses the process of migration, including planning, configuration, testing, and lease migration. (The slides are available at: www.isc.org/docs/2023-Kea-DHC-Migration.pdf.) You are welcome to post your questions about Kea DHCP on our helpful community mailing list at lists.isc.org/mailman/listinfo/kea-users. The Kea Administrative Reference Manual is online...
NetBox and Kea DHCP, 20 April 2023
Переглядів 4,1 тис.Рік тому
Netbox (docs.netbox.dev) is an asset management system, which includes IPAM and DCIM functions. In an IT environment it serves as the source of truth. Other services can (should) use Netbox as its backend. We use Netbox as an example of how to integrate Kea DHCP into open source or commercial IPAM (IP Address Management) and DCIM (Datacenter Infrastructure Management). In this webinar we will e...
Configuring vendor options in Kea DHCP, 30 March 2023
Переглядів 2,9 тис.Рік тому
Over time, the DHCP protocol has added multiple ways to deliver configuration parameters through vendor options (DHCPv4 options 60/43 and 124/125 as well as DHCPv6 options 16/17). In this webinar trainer and presenter Carsten Strotmann demystifies the use of vendor options in DHCP and explains how to translate vendor option configuration examples for ISC DHCP into a working Kea DHCP setup. (The...
Kea DHCP and Stork, 23 February 2023
Переглядів 6 тис.Рік тому
Stork is a relatively new open source project providing a graphical interface for a network of Kea DHCP systems. Although initially it was limited to monitoring and dashboard functions, recent releases are adding some configuration controls. In this webinar we review the new features, and then provide a hands-on lab to give participants experience in installing Stork on a RedHat-compatible syst...
Memory Management in BIND 9, 15 December 2022
Переглядів 743Рік тому
Users frequently ask questions about BIND 9 memory usage and how to optimize memory usage and performance. This is an impossible question to answer, in the general case. The truth is, the answers are platform-specific. So, you need to know how to measure memory usage on *your* platform, and how to adjust BIND memory usage if you need to. (The slides are available at: www.isc.org/docs/2022-webin...
Aliasing in the DNS and HTTPS/SCVB RRs, 22 November 2022
Переглядів 847Рік тому
It would be very handy to be able to establish an alias for an apex record in the DNS. Unfortunately, this is not a standardized feature of the DNS, although some operators have created proprietary features with this effect. The new HTTPS and Service-binding (SCVB) resource records on the brink of standardization in the IETF are supposed to 'solve' this long-standing interoperability problem. C...
Using DNS Wildcards, 10 November 2022
Переглядів 1,9 тис.2 роки тому
A “wildcard” is a DNS resource record whose owner’s name starts with an asterisk. It sounds like a very simple hack to save time when creating a lot of similar names, but there may be cases where a wildcard is not what you think it is. Test your knowledge with a tricky quiz about how various queries would be answered, given the zone contents (of course, with wildcard entries). Our presenter, Ca...
Optimizing Kea Performance, 27 April 2022
Переглядів 7052 роки тому
This talk, by Tomek Mrugalski, the original author of Kea and an industry expert in the DHCP and DHCPv6 protocols, explains how to maximize the number of leases per second your Kea DHCP server can provide. Test result show the impact of settings such as queue size and enabling multi-threading on throughput. Tomek uses his knowledge of the software to explain how to use various features such as ...
Governing the "Ungovernable" - DNS Root Server System Governance, 15 March 2022
Переглядів 3082 роки тому
The world’s trust in DNS rests in no small part on the Root Server System (RSS). For three decades the RSS has operated 24 x 365 without interruption thanks to the services of a small group of organisationally diverse, fiercely independent, utterly dedicated, and highly collaborative Root Server Operators (RSO). The year 2021 began with a potential regulatory threat to the stability of the RSS ...
BIND Advance Security Notifications (ASNs) Process, 2 March 2022
Переглядів 3462 роки тому
BIND Advance Security Notifications (ASNs) Process, 2 March 2022
DNS Fragmentation: Real-World Measurements, Impact, and Mitigations, 15 December 2021
Переглядів 3032 роки тому
DNS Fragmentation: Real-World Measurements, Impact, and Mitigations, 15 December 2021
Instrumenting BIND 9 on Linux with BCC/eBPF, 16 November 2021
Переглядів 6273 роки тому
Instrumenting BIND 9 on Linux with BCC/eBPF, 16 November 2021
Securing BIND 9 with AppArmor/Firejail/SecompBPF, 20 October 2021
Переглядів 5903 роки тому
Securing BIND 9 with AppArmor/Firejail/SecompBPF, 20 October 2021
Securing BIND 9 with SELinux (RHEL), 21 September 2021
Переглядів 7873 роки тому
Securing BIND 9 with SELinux (RHEL), 21 September 2021
Stork dashboard for Kea DHCP: Host reservations and lease query
Переглядів 3,3 тис.3 роки тому
Stork dashboard for Kea DHCP: Host reservations and lease query
Practical BIND 9 Management - Session 5 of 5. Advanced topics in Dynamic Zones, 16 June 2021
Переглядів 7463 роки тому
Practical BIND 9 Management - Session 5 of 5. Advanced topics in Dynamic Zones, 16 June 2021
Practical BIND 9 Management - Session 4 of 5. Dynamic Zone Files, 19 May 2021
Переглядів 1,4 тис.3 роки тому
Practical BIND 9 Management - Session 4 of 5. Dynamic Zone Files, 19 May 2021
Practical BIND 9 Management - Session 3 of 5. Load-balancing with dnsdist, 21 April 2021
Переглядів 1,8 тис.3 роки тому
Practical BIND 9 Management - Session 3 of 5. Load-balancing with dnsdist, 21 April 2021
Practical BIND 9 Management - Session 2 of 5. Long-Term Stats Monitoring & Log Analysis, 17 Mar 2021
Переглядів 1,9 тис.3 роки тому
Practical BIND 9 Management - Session 2 of 5. Long-Term Stats Monitoring & Log Analysis, 17 Mar 2021
Practical BIND 9 Management - Session 1 of 5. Setting up, managing and using logs, 17 February 2021
Переглядів 4 тис.3 роки тому
Practical BIND 9 Management - Session 1 of 5. Setting up, managing and using logs, 17 February 2021
Using the Kea DHCP Server - Session 6 of 6. Migrating to Kea from ISC DHCP, 3 December 2020
Переглядів 1,8 тис.3 роки тому
Using the Kea DHCP Server - Session 6 of 6. Migrating to Kea from ISC DHCP, 3 December 2020
Using the Kea DHCP Server - Session 5 of 6. Monitoring and Logging, 18 November 2020
Переглядів 4,3 тис.3 роки тому
Using the Kea DHCP Server - Session 5 of 6. Monitoring and Logging, 18 November 2020
Using the Kea DHCP Server - Session 4 of 6. DB Backends and High Availability, 28 October 2020
Переглядів 4,5 тис.4 роки тому
Using the Kea DHCP Server - Session 4 of 6. DB Backends and High Availability, 28 October 2020
<3 Great video :)
Excellent and great explanation Thanks a lot
Good stuff to learn DNSSEC. Very useful
In one hand all these configurations need kea premium and this is not I what I was expecting from an open source project!! In the other hand I'm too old to remember (or dig the documentation) for all the options and syntax quirks just to configure a few subnets and reservations. I wasted my time with is project
Have you found an alternative?
@@TerAnYu Yes and No. For instance pfSense comes with a DHCP server with a nice GUI that's easy to use for simple scenarios
@@soulimanemammar2909 pfSense does have a nice GUI! I believe they include our older ISC DHCP server (as well as DNSMASQ) in their product. We need some revenue source to support the DHCP server developers at ISC, so we charge for the extensions that make it easier to configure. Stork is a GUI we are developing using those extensions, but you can use the open source Kea dhcp server and configure it via CLI, for free.
@@ISCdotorg No, you don't need revenue sources to support developers. Open source is exactly how it sounds, that is, developers GIVING their free time to make something better and something they enjoy doing. Companies charging for something that should be free and open is laughable.
Hello I want to know if you recommend to intall KEA with docker
Very good!
thanks! i was having a hard time reading the rfc directly.
im in one of those countries!
congratulations 😂
Very nice ... is you slide deck available for download ?
Slides are posted at: www.isc.org/docs/2023-Kea-and-NetBox.pdf.
Thanks for the tutorial, it helped alot!
Very helpful!! Thanks
How to run kea dhcp in a specific network namecpace ?
You create a network namespace (using "ip" or a container runtime such as "docker" or "podman") and execute the Kea DHCP processes inside that network namespace. Kea DHCP is not special in regards to network namespaces from other processes
Promo'SM 😇
Thank you for posting this as I was unable to make the webinar
Thank you for watching!
Great content. Thank you. I guess I'm one of the crazy ones interested in these topics, since this doesn't have a whole lot of views... Since some aspects have changed with recent versions of BIND 9.17/9.18, an update would be appreciated. Also I'm interested in details regarding split horizon DNS setups:-).
True, but anyway it's a very helpful refresher
Glad it was helpful! The split horizon set up is indeed complicated. If you look at our web site (www.isc.org/presentations/) we have had other recent talks on DNSSEC that are up to date.
It's also interesting to know that for a .de Domain you have to provide a KSK Key to the parent zone and they will calculate the DS record for you.
Is any dns server that has an API to upload the DS record? Maybe PowerDNS has something for this
It was mentioned early on that there were some more general DNS classes facilitated by these two. Are they referring to the videos on this channel or are they available elsewhere? Also very cool, thanks to ISC!
We recommend our webinars for general DNS information, and sometimes ISC staff present live at various conferences. Men&Mice has worked with ISC to develop their own suite of training classes, at www.menandmice.com/training. Thanks for watching!
Instead of using number 257, what's the reason the RFC don't use KSK?
Because that field is actually a set of flag bits and not "just" the KSK/ZSK marker. Sorry for the delayed response. 🙂 A friend of mine just reminded me about these. (I'm the author/presenter)
Finally! Thank you!
i have a question, where did the watcher could see our dns queries, is there any specific place or it can be anywhere, and how
i learned something. thanks!
Glad to hear it!
Aren't Trust Anchors deprecated and removed from DNSSEC for some time now??
No. You need trust anchors for DNSSEC - the DLV or DNSSEC Look-aside Validator registry was deprecated. That might be what you are thinking of. It was a place to locate a trust anchor if your parent couldn't do that, kind of like a foster-parent.
Very clear
This series, and especially this video, are great for understanding DNSSEC. Thanks a lot!
You are welcome!
@@ISCdotorg 0:33
I completed this entire series. Fantastic content.
Is there a fundamental to advanced course with this level of detail? I loved this, thanks!
Not that I know of
Thank you for your video. I just had one question regarding configuration of KEA over TLS. Is it necessary to have public IP and DNS or does it work also with reserved IP-s to add as SAN in a certificate in order that TLS Handshake for 2 KEA peers in HA mode to work?
Thank you , you really helped me a lot
Congratulations on the content. Didactics and ease in approaching the topic. Nelson - Brazil
Thank you!
thank you very much friend.
i just noticed the part of isc ipv6 address is b00b and cafe :)) instead of trying to understand the content i notice this stuff sorry.
thank you very usefull video training
You are welcome
Good article and clear explanation.
仍然没有过时
cant even test this without cdn useless for people keen on learning
"Host database not available, cannot add host." Works like a charm..
Great Session
Great useful info. Thank you!
Very good video! Just one question: how can an enterprise still enforce filtering with DoT if the DNS-request is encrypted (14:10)?
It should work, if you are using RPZ. The Resolver still sees the replies it is sending so it can filter them. If you are filtering elsewhere in the network, then, yeah, this could be a problem.
Can DNSSEC provide privacy? It only provides integrity and authentication is my understanding. Is that correct?
yes, you are correct. DNSSEC is not relevant for privacy. For privacy there are options to use encrypted transport, or to limit the queries sent to systems that don't 'need' to know the whole query (query minimization).
Great session. Kaminsky left this world...
Excellent.. thanks
Glad you liked it!
very informative
Glad you think so!
Thank you thank you thank you for making this public! Kinda scary how this only has 700 views, no one cares about security!
Thank you very much
You are welcome
Looking forward for part 5 and 6.
Best explanation of DNSSEC so far
Thank you!
👍 very nice intro to DHCP
Glad you like it
Thank you so much for adding these so quickly. I was very disappointed to not be able to miss that last Zoom live scheduled event. It has been my goal to implement Kea for over a year!
Glad it was helpful!