Deployment watch:
Posted by Jeffrey Dewhurst in Uncategorized on January 4, 2010
Netherlands, European Union, dot-US, root zone: Help us stay up-to-date on your organization’s deployment news by submitting information about your DNSSEC deployment deadlines, test beds or other progress to info @ dnssec-deployment.org.
SIDN to sign dot-NL in August:
Posted by Jeffrey Dewhurst in Uncategorized on January 4, 2010
SIDN, the registry for The Netherlands’ dot-NL and ENUM, announced it will implement DNSSEC one month after the root zone is signed in July, setting its implementation for August 2010. SIDN CEO Roelof Meijer said, “Waiting until the root is signed means that we won’t need to implement any interim solutions – which inevitably increase the risk of errors – and it will be possible to sign the whole chain at once. We believe that this is the best and safest way to implement DNSSEC for the dot-NL zone.”
DNSSEC implemented in dot-US:
Posted by Jeffrey Dewhurst in Uncategorized on January 4, 2010
Neustar announced it has implemented DNSSEC in the dot-US country-code top level domain. Rodney Joffe, senior vice president and senior technologist at Neustar, said, “DNSSEC means a more secure and reliable domain name system because its extensions provide origin authentication of DNS data, data integrity and authenticated denial of existence.”
Root zone deployment schedule issued:
Posted by Jeffrey Dewhurst in Uncategorized on January 4, 2010
The root zone DNSSEC deployment team has launched a web site with updates on the effort. It includes documentation and technical status updates on DNSSEC deployment at the root, and will offer announcements as the project moves forward. You can subscribe to future status updates via RSS. For more information, contact the root deployment team.
Initiative shares advice on signing zones:
Posted by Jeffrey Dewhurst in Uncategorized on January 4, 2010
The DNSSEC Deployment Coordination Initiative has published advice for registrars and other DNS operators with “a reasonable set of DNSSEC configuration parameters.” Titled “DNSSEC Operations: Setting the Parameters,” the suggests values to choose for the configuration parameters associated with DNSSEC that provide good security without causing an undue burden on operators’ name service infrastructures. The configuration parameters include key sizes and lifetimes, re-signing periods, and time-to-live for the records. Feedback on the memo is welcomed at [email protected].
RIPE issues new app to gauge DNSSEC readiness:
Posted by Jeffrey Dewhurst in Uncategorized on January 4, 2010
RIPE NCC has released an application to help network administrators determine the maximum size of DNS responses that a resolver can receive so they can prepare their networks and resolvers for a signed root zone. For additional discussion of how to test whether your site is ready for DNSSEC and what to do to prepare, read Olafur Gudmundsson’s discussion.
Report on DNSSEC administrative tools released:
Posted by Jeffrey Dewhurst in Uncategorized on January 4, 2010
Dot-SE (The Internet Infrastructure Foundation) has released a [now final] report it commissioned from independent IT security firm Certezza focused on the functionality of signing and key management tools. The report notes, “the product standard is good and the tested products work as expected.”
Google launches Public DNS:
Posted by Jeffrey Dewhurst in Uncategorized on January 4, 2010
Google launched a free, global Domain Name System (DNS) resolution service, offering it as “an alternative to your current DNS provider.” The new service supports EDNS0 extensions, accepting and forwarding DNSSEC-formatted messages, but does “not yet” validate responses.
California CISOs hear about DNSSEC:
Posted by Jeffrey Dewhurst in Meetings and Workshops on January 4, 2010
Initiative sponsor Douglas Maughan of the U.S. Department of Homeland Security, Science and Technology (S&T) Directorate, spoke on DNSSEC deployment at the California Chief Information Security Officer lecture series on December 15 in Sacramento, to an audience of the state’s information security officers, disaster recovery coordinators, and chief information officers.
IETF to California
Posted by Jeffrey Dewhurst in Meetings and Workshops on December 4, 2009
IETF to California: IETF will convene its 77th meeting in Anaheim, Calif., March 21-26.
Sponsored By
Recent Comments