Monitoring DNSSEC

Written by Migiel de Vos in category: Resilience, Technical

DNS is currently a “once it runs, never touch it again” infrastructure. This changes with the introduction of DNSSEC. Managing a DNSSEC signed zone involves a continuous effort of resigning zones and generating key material. Apart from that, DNS is a fundamental Internet protocol, thus the changes required to implement DNSSEC have an impact at […]

3 Comments

Why it takes time to switch DNSSEC on and off

Written by Rick van Rein in category: Security, Timing, Users

DNS data is spread accross the internet, at different levels of maturity. When activating or de-activating DNSSEC, it is important to ripple the data through the various servers in a known-good order, with known-good time delays built into the process.

No Comments

DNSSEC as a push-button service

Written by Rick van Rein in category: Security, Users

We let customers edit their zone data through a web-interface. What we intend to do is make DNSSEC a mere toggle in that interface, and conceal the technical complications from their view.

No Comments

Welcome to the SURFnet DNSSEC blog

Written by Roland van Rijswijk in category: General

SURFnet has been active in the DNSSEC arena for quite some time now. Last year we deployed DNSSEC on our DNS resolvers and we have since learned a great deal about the operational aspects of DNSSEC. We regularly share this information with our constituency and our international peers at conferences and meetings. Since the beginning […]

No Comments