Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: DNSSEC for DShield.org SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
DNSSEC for DShield.org

Too many times over the last few weeks, you heard that the real answer to all the DNS problems is DNSSEC. I decided to give it a try, and signed the dshield.org zone. DNSSEC is not exactly used very widely, and it is very possible that we will be running into some problems. If you experience any issues, please let us know (via isc.sans.org ;-) ). For most users, this will not change anything. It only matters if your resolver or your web browser actually verifies DNSSEC signature. Expect a few changes to our dshield.org zone while I experiment.

"Experimenting" with a production setup isnt exactly ideal. But there is always isc.sans.org. On the other hand, many of the aspects of DNSSEC just can't easily be simulated in a lab.

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute

I will be teaching next: Defending Web Applications Security Essentials - SANS San Francisco Spring 2020

Johannes

3698 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!