Archive for January, 2010
DNSSEC implemented in dot-US:
Posted by Jeffrey Dewhurst in Uncategorized on January 4, 2010
Neustar announced it has implemented DNSSEC in the dot-US country-code top level domain. Rodney Joffe, senior vice president and senior technologist at Neustar, said, “DNSSEC means a more secure and reliable domain name system because its extensions provide origin authentication of DNS data, data integrity and authenticated denial of existence.”
Root zone deployment schedule issued:
Posted by Jeffrey Dewhurst in Uncategorized on January 4, 2010
The root zone DNSSEC deployment team has launched a web site with updates on the effort. It includes documentation and technical status updates on DNSSEC deployment at the root, and will offer announcements as the project moves forward. You can subscribe to future status updates via RSS. For more information, contact the root deployment team.
Initiative shares advice on signing zones:
Posted by Jeffrey Dewhurst in Uncategorized on January 4, 2010
The DNSSEC Deployment Coordination Initiative has published advice for registrars and other DNS operators with “a reasonable set of DNSSEC configuration parameters.” Titled “DNSSEC Operations: Setting the Parameters,” the suggests values to choose for the configuration parameters associated with DNSSEC that provide good security without causing an undue burden on operators’ name service infrastructures. The configuration parameters include key sizes and lifetimes, re-signing periods, and time-to-live for the records. Feedback on the memo is welcomed at [email protected].
RIPE issues new app to gauge DNSSEC readiness:
Posted by Jeffrey Dewhurst in Uncategorized on January 4, 2010
RIPE NCC has released an application to help network administrators determine the maximum size of DNS responses that a resolver can receive so they can prepare their networks and resolvers for a signed root zone. For additional discussion of how to test whether your site is ready for DNSSEC and what to do to prepare, read Olafur Gudmundsson’s discussion.
Report on DNSSEC administrative tools released:
Posted by Jeffrey Dewhurst in Uncategorized on January 4, 2010
Dot-SE (The Internet Infrastructure Foundation) has released a [now final] report it commissioned from independent IT security firm Certezza focused on the functionality of signing and key management tools. The report notes, “the product standard is good and the tested products work as expected.”
Google launches Public DNS:
Posted by Jeffrey Dewhurst in Uncategorized on January 4, 2010
Google launched a free, global Domain Name System (DNS) resolution service, offering it as “an alternative to your current DNS provider.” The new service supports EDNS0 extensions, accepting and forwarding DNSSEC-formatted messages, but does “not yet” validate responses.
California CISOs hear about DNSSEC:
Posted by Jeffrey Dewhurst in Meetings and Workshops on January 4, 2010
Initiative sponsor Douglas Maughan of the U.S. Department of Homeland Security, Science and Technology (S&T) Directorate, spoke on DNSSEC deployment at the California Chief Information Security Officer lecture series on December 15 in Sacramento, to an audience of the state’s information security officers, disaster recovery coordinators, and chief information officers.
Recent Comments