Institutions of higher education throughout the world have been key advocates of Internet technologies. The .EDU gTLD is signed, however, a recent survey of .EDU names shows that only about one percent are signed. While this is a greater than the Internet as a whole, it is far less than TLDs that are requiring or otherwise strongly advocating DNSSEC.
On the pedestrian side, colleges and universities present a microcosm of the Internet as a whole, replete with cyber attacks, some of which could prevented by a combination of DNSSEC signing and validation. On the academic side, DNSSEC adds to the authenticity of the academic work product.
If you teach at, work at, attend, or attended any of the following, congratulations — your school is signed:
| acadiana.edu | baker.edu | berkeley.edu |
| bucknell.edu | carnegiemellon.edu | cltc.edu |
| cmu.edu | coloradomesa.edu | csupomona.edu |
| cuhk.edu | desales.edu | fhsu.edu |
| fhtc.edu | gtc.edu | hfg.edu |
| highlands.edu | indiana.edu | indianatech.edu |
| internet2.edu | iu.edu | iub.edu |
| iupui.edu | jhuapl.edu | kestrel.edu |
| lctcs.edu | lsu.edu | ltc.edu |
| ma.edu | mesa.edu | mesastate.edu |
| millikin.edu | minnesota.edu | monmouth.edu |
| mst.edu | myneltc.edu | nau.edu |
| northcentral.edu | northshorecollege.edu | nwltc.edu |
| oxford-university.edu | pacificu.edu | penn.edu |
| psc.edu | richland.edu | rockefeller.edu |
| scl.edu | sdsmt.edu | southern.edu |
| suu.edu | tilburguniversity.edu | tiss.edu |
| truman.edu | ualr.edu | ucaid.edu |
| ucb.edu | ucberkeley.edu | uccv.edu |
| ucr.edu | uiowa.edu | umbc.edu |
| uni-stuttgart.edu | upenn.edu | upf.edu |
| valencia.edu | washjeff.edu | weber.edu |
We’re sorry if your school is signed and we missed it. Our survey was limited to the .EDU gTLD. We know that many schools outside of the US are under their countries’ academic second-level domains or directly under their countries’ ccTLDs. If your school isn’t signed, DNSSEC resources tailored to Higher Education are published by:
- EDUCAUSE, the nonprofit association whose mission is to advance higher education by promoting the intelligent use of information technology, manages the .EDU TLD and worked to get it signed. They have a collection of resources for their members and others throughout the Internet.
- Internet2, the advanced networking consortium led by the U.S. research and education community, is also supporting DNSSEC within its membership. They have a DNS SIG.
The DNSSEC Deployment Initiative is ready to help. Contact us at info @ dnssec-deployment.org to discuss DNSSEC presentations for conferences and meetings.
#1 by Viktor Dukhovni on May 2, 2017 - 20:05
For the record, the truman.edu DNSSEC zone is handled by nameservers that don’t conform to the specification, which leads to interoperability issues with DANE-TLSA-enabled SMTP senders.
The data below was captured some time ago, for the most recent results see: http://dnsviz.net/d/_25._tcp.barracuda.truman.edu/dnssec/
The nameserver for truman.edu returns a very slightly different (and thus invalid) signature for the same SOA record in negative replies than it does for a direct SOA query.
;truman.edu. IN SOA
truman.edu. SOA ns3.truman.edu. dns-alerts.truman.edu. 2065422032 3600 900 1209600 3600
truman.edu. RRSIG SOA 5 2 3600 20160906050001 20160807050001 17523 truman.edu. B6Qfu3gkP6P8hzMOrCiCTorxzdBdNny7q5cKAZp9U1HeVEazjfA30v26lyTvqs4TwiJ/jCuwUP62uSCJOGegz84dGWrvYImMoDLrP/jE4EjeWs8ppf1C0ouOw+XAH3fdXDdc34TuQH0gNpNRnI63bFf8Huegq/12gKH+gF+1Mog=
;_25._tcp.barracuda.truman.edu. IN TLSA
truman.edu. SOA ns3.truman.edu. dns-alerts.truman.edu. 2065422032 3600 900 1209600 3600
truman.edu. RRSIG SOA 5 2 3600 20160906050001 20160807050001 17523 truman.edu. B6Qfu3gkP6P8hzMOrCiCTorxzdBdNny7q5cKAZp9U1HeVEazjfA30v26lyTvqs4TwiJ/jCuwUP62uSCJOGegz84dGWrvYImMoDLrP/jE4EjeWs8ppf1C0ouOw+XAH3fdXDdc34TuQH0gNpNRnI63bFf8Huegq/12gKH+gAAAAlg=
These signatures differ only in the final 8 base64 encoded characters:
gF+1Mog=
gAAAAlg=
which decode to:
80 5f b5 32 88
80 00 00 02 58
thus the mysterious damage is in the final 32 bits of the signature.