Interview: Kyle Rankin - DNSSEC @ SCALE 12x

Interview by Eric Van Johnson

SCALE: Thanks for taking the time for this interview. I am somewhat of a fan, I've been following your articles in Linux Journal for years. I will try to be short. I may reply to your response with a couple follow up questions if something comes to me. Kyle Rankin: Very cool! I'm glad you like the column. SCALE: Kyle, thanks for taking the time to speak with us today. For those reading this who might not know who you are, would you mind giving us a little background on yourself and what you've been up to lately.

Kyle Rankin: So by day I'm a systems administrator who's been working with Linux since the late `90s and on the side I do a fair amount of technical writing including a number of books for various publishers and a monthly column for Linux Journal magazine. About a year ago I joined a security-focused startup Artemis Internet Inc. where I've been building out their server infrastructure from the ground up. The combination of working for a security startup plus all of the Snowden revelations a few months later has encouraged me to step up my own game with respect to security and privacy so I've been focused a lot on my own security and have devoted at least the first half of my 2014 Linux Journal columns to security and privacy.

SCALE: You are not a new comer to SCALE. How many SCALE events have you you attended and how many have you spoken at?

Kyle Rankin: I started attending SCALE at SCALE 8x where I gave talks on Forensics and also Linux Network Troubleshooting and I enjoyed it so much I've made a point to come every year since. I've been fortunate to be able to speak at each SCALE since then including a keynote last year. I have to admit that SCALE is one of my favorite cons and I look forward to it every year.

SCALE: This year you are doing a talk titled "Introduction to DNSSEC". Can you tell us a little about DNSSEC?

Kyle Rankin: Essentially DNSSEC is an extra layer of security on top of the traditional DNS infrastructure that uses public key cryptography to sign DNS records. This allows the end user to verify that a DNS record truly came from the correct DNS server and wasn't tampered with along the way. In a way the concepts behind how it works are similar both to the public Certificate Authority system and PGP-encrypted emails so if you are familiar with how either of those systems work DNSSEC isn't too difficult to understand.

SCALE: DNS is often a neglected piece of a company's architecture, how difficult is it to implement DNSSEC?

Kyle Rankin: One of the main reasons I wanted to give my talk is due to how difficult I assumed DNSSEC would be to implement, and how simple it ultimately was to set up once I went through quite a bit of documentation and tried it myself. It turns out with all the RFCs and documents out there, it boils down to a few configuration options and a couple of commands on a command line and you are up and running.

SCALE: Who should attend this talk and what should they expect to walk away with?

Kyle Rankin: Any systems administrators who are responsible for DNS systems or anyone curious about DNS or overall Internet security should consider attending. Hopefully everyone will not only walk away with a better understanding of what DNSSEC is, how it works, what it protects, and what it doesn't, but also after the talk they should also be able to go home and implement DNSSEC on their own zones pretty easily.