DNS Security Without Airport Security
August 27, 2020
NSRC Welcomes our colleague and friend Joe Abley who works as the Chief Technology Officer at the Public Internet Registry. Joe and NSRC have worked together on numerous network training activities over the years. This blog entry was originally published at https://thenew.org/dns-security-without-airport-security/.
It’s a sunny Friday afternoon in Amsterdam. A gentle breeze is rustling the curtains and I can hear children playing at the school round the corner, interrupted by the noise of the occasional defiant scooter. I’m assisting Phil Regnauld, at home in Copenhagen, and Antonio Lobo, who has woken up at 2am to help from his sofa in Colombia. Some of our colleagues from ICANN have joined us from Brisbane and Cotonou. Together we have spent the week teaching a technical workshop on the subject of DNS Security (DNSSEC), coordinated by the Kenya Network Information Centre. The workshop participants are in Nairobi.
This workshop is the latest example of a thirty-year history of engagements for the Network Startup Resource Center (NSRC) in Africa. Public Interest Registry and NSRC have a lot in common on paper: we’re both non-profits, we both support the core infrastructure of the Internet, and both organisations are dedicated to making the Internet a better, safer place. It’s always great when our respective missions overlap and we get to work together.
NSRC and PIR have carried out these kinds of workshops before—last year, in Riyadh and Lagos—and while they normally take place in person, 2020 is not a normal year. What kind of workshop do you have when the instructors and participants are spread over four continents instead of being in the same room?
Our in-person workshops are usually a mix of theory and practice, but heavily tilted towards the practice. As instructors in a physical classroom, we spend a lot of time walking around the room helping people when they get stuck and scribbling on whiteboards to explain things that need more colour. A DNS security workshop generally takes place over three days and the days are long.
This week it was harder to mix the hands-on exercises and the theory, because there’s only so much we know how to do on Zoom, and at the most human level it’s just easier to interact as a group when you’re in the same room. It’s also difficult to pay attention to Zoom and type in terminal windows at the same time on the same laptop. So we split the days into two hours of theory on zoom in the morning, followed by homework to be done during the rest of the day, with questions and suggestions exchanged over a group channel in WhatsApp. We ran for five days instead of the usual three.
The result? Based on the feedback from the students and the fun I had this week teaching, it was an enormous success. The questions offered during the morning sessions might have been typed rather than spoken, but they were thought-provoking and compelling. Students were enthusiastically debugging each other’s work on WhatsApp and trying new things long into every evening. We never quite managed to finish a Zoom call on time because there was always more to talk about.
The men and women from Nairobi who joined us this week are now not just equipped with new theoretical knowledge about how DNSSEC works, they’ve also applied it, creating signatures and managing cryptographic keys; making mistakes, fixing them and working together to solve problems. It’s the Internet way of networking in microcosm: and in a small but significant way, the Internet this afternoon is now a better and safer place than it was last week.