Managed DNSSEC services (Internship@AFRINIC)

DNSSEC is a mechanism to protect the integrity of DNS records and protect end-users against DNS cache poisoning attacks. However, operating a DNSSEC signing infrastructure requires a lot of investment and effort for the maintenance and to ensure the security of the signing service. There is also a need to maintain a proper key management life-cycle. This project is about operating a DNSSEC signing service for external parties (any network operator).

We envisage it to be a container-based infrastructure, where a new container is spun every time a new operator enrols into this service. Each signer will have their isolated environment for e.g. running on a Docker and keys will be stored in a soft-HSM. There will be a web portal allowing the users to activate their service and get the configuration to setup zone transfers for signing between master and slave servers. 

KeywordsDNSSEC, Docker, SoftHSM, web development, security

 


 

Number of Students/Interns required Duration
 1  6-8 months
 Key deliverables  Skills required
 
  1. A container-based system for activating a DNSSEC engine for AFRINIC members
  2. Key management strategy within the Docker ecosystem
  3. Web interface to manage and monitor ecosystem
 
  1. Bash scripting
  2. Good understanding of the DNS and DNSSEC infrastructure
  3. Good working knowledge of Docker, Kubernetes, etc
  4. Web development (Python/Django, PHP, Angular.js, etc)

 

 

Last Modified on -