Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: DNSSEC Progress for .com and .net - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
DNSSEC Progress for .com and .net

VeriSign announced that starting December 9th, .net and .com domains will be authenticated using DNSSEC. Right now, signatures are available for .net and .com, but they are not yet valid. The roll out will happen in stages, similar to the roll out for the root zone.

Verisign also offers a nice DNSSEC debugger [2]. In case you implement DNSSEC, use it to test your zone, as well as a DNSSEC Test site [3] to check if your resolver uses DNSSEC.

 

[1] http://www.verisign.com/domain-name-services/domain-information-center/dnssec-resource-center/index.html
[2] http://dnssec-debugger.verisignlabs.com/
[3] http://test.dnssec-or-not.org/
[4] http://www.h-online.com/security/news/item/Fast-start-of-DNSSEC-with-net-and-com-1128982.html

 and if you missed it... the solution is out for our DNSSEC related packet challenge: http://johannes.homepc.org/packet.txt

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Johannes

3085 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!