F5 Infoblox DNS DNS F5 DNS DHCP IP DDI Infoblox DNS DNS DNS DNSSEC Nathan Meyer F5 Cricket Liu Infoblox 2 2 DNS DNSSEC DNSSEC DNSSEC Infoblox DNSSEC F Infoblox Delegation CNAME Delegation DNSSEC 11 Authoritative Screening DNSSEC 11 IP Anycast 11 Authoritative Screening 12 Authoritative Slave 12 Authoritative Slave DNSSEC 1 Authoritative Slave 1 1 1 Delegation Authoritative Screening
DNS DNSSEC DNS DNSSEC Infoblox F5 Web F5 Infoblox 3 DNSSEC DNS DNS 1 F5 Infoblox BIG-IP GTM Infoblox DNS Web F5 BIG-IP GTM Infoblox DNS LDNS DNS DNS LDNS FQDN DNS www.example. com GSLB IP DNS BIG-IP Global Traffic Manager TM GTM GSLB F5 BIG-IP GTM F5 BIG-IP Local Traffic Manager TM LTM Web F5 BIG-IP LTM IP WIP F5 BIG-IP GTM www.example.com www.gtm.example.com KSK ZSK ZSK 2
SOA DNS CNAME DNS 1 A 32 IPv4 IP MX A mail.example.com DNS DNSSEC IOActive Dan Kaminsky DNS DNS DNS DNSSEC DNS 1 F5 DNS DHCP IP DDI Infoblox DNS DNS DNS DNSSEC DNS DNSSEC DNS DNSSEC DNS DNS DNS IOActive Dan Kaminsky DNS DNS DNSSEC DNS DNS DNSSEC F5 GSLB DNS DNS DNSSEC DNS 2 1
F5 Infoblox DNS GSLB DNSSEC DNSSEC DNS DNS DNS DNSSEC Infoblox DNS F5 BIG-IP Global Traffic Manager TM GTM Infoblox DNSSEC DNS Infoblox F5 FIPS 140-2 FIPS F5 Infoblox NIST NIST Special Publication 800-81 Secure DNS Deployment Guide DNSSEC F5 DNSSEC F5 Infoblox 3 DNSSEC SOA MX A DNS 30 Infoblox DNSSEC DNS DNSSEC GSLB LDNS IP GSLB IP LDNS A LDNS GSLB DNSSEC DNSSEC GSLB
F5 BIG-IP TMOS TMOS BIG-IP DNS DNS DNSSEC BIG-IP Global Traffic Manager GTM BIG-IP GTM TMOS DNSSEC TMOS LDNS Infoblox DNS RAM TMOS GSLB DNSSEC TMOS DNS DNSSEC Secure Vault F5 FIPS FIPS 1 FIPS FIPS DNSSEC 3 DNSSEC 1. 2. 3. BIG-IP GTM
KSK Infoblox DNSSEC Infoblox DNSSEC Infoblox Infoblox DNSSEC DNSSEC KSK F5 Infoblox Infoblox GSLB CNAME 3 1. Delegation 2. Authoritative Screening
3. Authoritative Slave Delegation DNS GSLB CNAME Authoritative Screening Infoblox Authoritative Slave BIG-IP GTM DNS Infoblox DNS DNSSEC Delegation DNS GSLB Delegation Infoblox example.com NS Infoblox IP BIG-IP GTM gtm.example.com GSLB GTM A BIG-IP GTM BIND CNAME GTM CNAME GTM www.example.com CNAME www.gtm.example.com mail.example.com CNAME mail.gtm.example.com
F Infoblox DNSSEC DNS Infoblox Cricket Liu CNAME www.example.com CNAME BIG-IP GTM 1 CNAME Delegation www.example.com BIG-IP GTM BIG-IP GTM example.com NS 1 BIG-IP GTM WIP www. example.com www.example.com GSLB Delegation DNSSEC Delegation DNSSEC DNS example.com Infoblox Infoblox DNS Infoblox DNS DNSSEC GTM GSLB BIG-IP GTM TMOS Delegation Delegation DNS DNSSEC BIG-IP GTM CNAME CNAME CNAME Delegation GSLB DNS Authoritative Screening Authoritative Screening 3 BIG-IP GTM 10.1 Authoritative Screening BIG-IP Local Traffic Manager TM BIG-IP GTM BIG-IP GTM 10.2.0 BIG-IP GTM 10.2 BIG-IP GTM Authoritative Screening
Authoritative Screening BIG-IP GTM DNS Infoblox DNS Authoritative Screening GSLB BIG-IP GTM IP NS DNS TMOS A AAAA A6 CNAME BIG-IP GTM BIG-IP GTM FQDN IP WIP GSLB IP DNS WIP BIG-IP GTM Infoblox Infoblox DNS BIG-IP GTM TCP UDP 53 DNS SOA ns1.example.com IP IP Infoblox Infoblox example. com NS F5 BIG-IP IP BIG-IP GTM Screening MX BIG-IP GTM WIP WIP Infoblox
1. TMOS example.com MX A AAAA A6 CNAME BIG-IP GTM DNS MX TMOS Infoblox 2. Infoblox example.com MX A mail.example.com 3. TMOS BIG-IP GTM WIP 4. BIG-IP GTM WIP mail.example.com mail.example.com BIG-IP GTM IP IP 5. TMOS MX mail.example.com BIG-IP GTM IP A 6. DNSSEC TMOS LDNS A 1. ftp.example.com TMOS A TMOS BIG-IP GTM WIP 2. ftp.example.com WIP BIG-IP GTM TMOS ftp.example.com DNS 10
3. MX Infoblox 4. Infoblox A server.example.com CNAME TMOS BIG-IP GTM server.example.com WIP 5. server.example.com WIP BIG-IP GTM TMOS Authoritative Screening DNSSEC TMOS DNSSEC BIG-IP GTM GSLB TMOS BIG-IP GTM WIP DNS Infoblox DNSSEC BIG-IP GTM DNSSEC LDNS Infoblox KSK ZSK IP Anycast 1 IP F5 IP Anycast F5 RHI F5 IP LDNS BIG-IP GTM IP Anycast DNS DNS DNS DoS Authoritative Screening Authoritative Screening A DNS Infoblox DNS DNS CNAME BIG-IP GTM Infoblox DNS BIG-IP GTM BIG-IP GTM GSLB WIP Infoblox DNSSEC DNSSEC Infoblox IP Anycast DNS DoS Authoritative Screening 11
Authoritative Slave Authoritative Screening BIG-IP GTM Authoritative Slave DNS BIG-IP GTM Infoblox BIG-IP GTM BIND BIG-IP GTM Authoritative Slave BIND DNS Infoblox BIG-IP GTM BIND Authoritative Screening WIP BIND Infoblox Authoritative Slave DNSSEC DNSSEC TMOS DNSSEC DNSSEC GSLB WIP TMOS DNSSEC BIG-IP GTM WIP DNS Infoblox DNSSEC Infoblox DNSSEC BIG-IP GTM TMOS DNSSEC LDNS Infoblox KSK ZSK 12
Authoritative Slave Authoritative Slave Authoritative Screening A DNS GSLB Authoritative Screening DNSSEC Infoblox Authoritative Slave DNS Infoblox BIND DNS GSLB DNS BIND GSLB DNS Infoblox DNS Delegation GSLB Authoritative Delegation DNS DNS DoS DNSSEC CNAME Authoritative Screening GSLB Infoblox Authoritative Slave F5 Infoblox DNS DNS DNS DNSSEC F5 Infoblox DNS DNSSEC DNS 13
DNS DNSSEC DNS and BIND, 5th Edition, By Cricket Liu, Paul Albitz Free DNS Tools at MX Toolbox DNSSEC Deployment Initiative DNSSEC News and Announcements National Institute of Standards and Technology 107-0052 4-15-1 19 TEL 03-5114-3210 FAX 03-5114-3201 www.f5networks.co.jp/fc/ 530-0017 8-47 20 TEL 06-7711-1655 FAX 06-7711-1501 2010 F Networks, Inc. All rights reserved.f F Networks F BIG-IP FirePass icontrol F Networks, Inc. F F 2010 A