Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - DNSSEC...not a bang but a whimper? InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

DNSSEC...not a bang but a whimper?

Published: 2010-05-04
Last Updated: 2010-05-05 19:07:08 UTC
by Rick Wanner (Version: 2)
3 comment(s)

Tonight is the night that DNSSEC is enabled between the DNS root servers. I am not going to go into detail since the good people at the other ISC have already done a wonderful job of that in their posting.

Lots of the usual hype in the usual places including The Register, slashdot, etc.  The fact is that this really only affects the way your ISPs talk DNS to the root servers. I suspect most users are using their ISPs DNS servers which will continue to talk to their customers the old way.  It may cause problems for some users who are hosting their own DNS servers behind antiquated firewalls, but for the most part this will be a non-event.

What I find interesting is that using the resolver test at RIPE, my OpenDNS provided resolvers fail.  

Hopefully that will be fixed before the big event.

 

Update:  OpenDNS responded to my query with a pointer to a forum article.  It seems they are just fine.

 

-- Rick Wanner - rwanner at isc dot sans dot org

Keywords: DNSSEC
3 comment(s)
Diary Archives