Archive for December, 2011

Writing in CircleID,  Interlan CTO Torbjörn Eklöv described a novel test of DNSSEC in The Christmas Goat, IPv6 and DNSSEC — Second Season. His company was asked for the second year in a row to assist with load share in the live-streaming of the famous Christmas Goat display in Gävle, Sweden, a task that allowed him to compare IPv6 usage and DNSSEC validation from visitors to the site. Starting on November 27,

we were able find out that both usage of native IPv6 and DNSSEC validation have increased quite a lot this year. The native IPv6 users increased from 0.1% to 0.5% and the DNSSEC validation from 44% to 72%.

The test, and the goat, had an untimely end when the goat burned down on December 2. “But with the experience from the test last year, and this year, I only need few days to get quite an accurate percentage of the use of IPv6 and DNSSEC from the visitors. This year I did a check after two days, last year I checked several times and the result was surprisingly correct after only a few days,” he reports.

Czech voice and data mobile operator Vodafone has announced that it has secured its domain and web services with DNSSEC, making it the first mobile operator in the Czech Republic to do so. The company notes that its customers have two ways to find out whether their connections are secure:

On the www.dnssec.cz site is an automatic test, which displays a green or red icon showing the key users, whether their connection is, respectively, not safe. The second option offers an add-on for Firefox, which can be downloaded for free from www.dnssec-validator.cz. This program allows you to control whether or not the currently visited domain is protected, again displaying an icon key, this time directly in the address bar of your browser window.

Part of the international Vodafone Group, the company serves more than three million customers in the Czech Republic.

PayPal has announced that all of  its owned and operated domain names are now DNSSEC-secured. It joins several country-code top-level domains that have announced their deployment of DNSSEC in recent weeks.  Russia’s .su, which is made up of about 90,000 second-level domain names, has been DNSSEC-signed. The Technical Center of Internet says it plans to sign root national domains .РФ and .RU with DNSSEC in 2012. Also DNSSEC-signed are Uganda’s .ug, Myanmar’s .mm, Slovenia’s .si, New Zealand’s .nz and Tawain’s .tw.

Comcast’s vice president for Internet systems, Jason Livingood, updated the company’s progress in deploying DNSSEC today. Noting that the company has signed more than 90% of its domain names, Livingood called on banking and commerce domain owners to sign their domains. From the blog post:

Since 2010, our deployment has steadily progressed and we have reached a couple of significant milestones. First, Comcast owns thousands of domains such as comcast.com. We have now cryptographically signed more than 5,000 of our domains, representing over 90% of our domain names. Second, we now have 50% of our 17.8M Internet customers using our DNSSEC-validating servers. We expect to complete signing all of our domain names and having all of our customers use our DNSSEC-validating servers in early 2012.

Now that millions of Internet users in the U.S. are able to use DNSSEC, we feel it is an important time to urge major domain owners, especially for commerce and banking-related sites, to begin signing their domain names. PayPal has already taken this important step, which we applaud, and we encourage other domains to follow their lead.