FW: [Fwd: .ORG DNS Security (DNSSEC) Testbed]

[Ram Mohan]

We sent this out to registrars just a day or two ago

-ram

-------- Original Message --------
Subject: .ORG DNS Security (DNSSEC) Testbed
Date: Mon, 31 Oct 2005 16:42:54 -0500
From: PIR Technical Support <techsupport at pir.org>
To: org-registrars at publicinterestregistry.net

Dear Registrars,

Effective 21:09 UTC, 31 October 2005, Public Interest Registry (PIR) has
available a DNS Security (DNSSEC) testbed for the .ORG registry.

DNSSEC is an addition to the DNS protocols that is designed to thwart
specific types of attacks against your DNS such as DNS cache poisoning.
DNSSEC provides

1) Origin authentication of DNS data
2) Data Integrity
3) Authenticated denial of existence

Registrars are invited to connect to the DNSSEC testbed EPP server using
the standard EPP port (700), and submit .ORG domain registrations into
the DNSSEC testbed.  Registrars will not be billed for these names.  In
addition, these names will NOT appear anywhere except within this
testbed system.  Registrars will have the ability to perform all EPP
transactions in the testbed, including updates and deletes.

Registrars will be able to connect to the DNSSEC testbed through the
following EPP servers:

epp1.dnssec-testbed.pir.org
epp2.dnssec-testbed.pir.org

The Public will be able to lookup DNSSEC testbed domains on the
following DNSSEC-aware nameservers:

ns1.dnssec-testbed.pir.org
ns2.dnssec-testbed.pir.org

Registrars will be able to point DNSSEC aware resolvers at the testbed
name servers, to gain an understanding of how their .ORG domain names
are affected by the DNSSEC protocols.  PIR will propagate registrars'
current OT&E EPP credentials to the testbed.  Once accounts are set up,
these will not change, even if account changes are made in the OT&E
system unless a specific request is made to PIR Technical Support by the
registrar.

Please note that the Registrar Tool Kit (RTK) and the FAQ for registrars
is listed on the PIR website (links below).  Also listed below are
resources on how to integrate this with your systems.  Please remember
that the .ORG DNSSEC testbed is an experimental RTK, and should not be
used to attach to the .ORG OT&E or Production systems.

- DNSSEC RTK - download the zip file
(http://www.pir.org/docs/liberty_rtk_addon_0.4.2.zip) or the tar file
(http://www.pir.org/docs/liberty_rtk_addon_0.4.2.tar.gz)
- DNSSEC FAQ
(http://www.pir.org/RegistrarResources/RegistrarFAQsDNSSecurity.aspx)
- DNSSEC.NET (http://www.dnssec.net/)
- DNSSEC Deployment Initiative (http://www.dnssec-deployment.org/)

We look forward to your participation in this project and to receiving
feedback from you on this initiative.

Please contact PIR Technical Support if you should have any questions or
concerns.

Sincerely,

PIR Technical Support
<techsupport at pir.org>
+1.416.646.3308