Internet2 DNSSEC SIG

Skip to end of metadata
Go to start of metadata

In the spirit of avoiding duplication of effort and reinvention of wheels, we have taken the Internet2 DNSSEC SIG dormant as of December 2013. We encourage you instead to participate in the Internet Society's DNSSEC effort led by Dan York. See http://www.internetsociety.org/deploy360/dnssec/ 

For reference, here is the DNSSEC Community page that includes mailing list info and more: http://www.internetsociety.org/deploy360/dnssec/community/

We would also encourage you to watch their blog to keep up to date on DNSSEC-related news: http://www.internetsociety.org/deploy360/blog/category/dnssec/ 

The <dnssec@internet2.edu> mailing list will remain alive, and access to the archives will remain unchanged. But we do urge you to subscribe to the Internet Society <dnssec-coord> list and use that as the primary venue for discussion.

Also, see press release Internet Society Collaborates with Shinkuro and Parsons to Promote Global Deployment of Domain Name System Security Extensions (DNSSEC) (16 July 2013)

__________________________________________________________________________

See the Spaces Instructions for editing access.

This SIG (Special Interest Group) is intended as a collaborative forum for the research and education community, to share information and support each other in deploying DNSSEC - the Domain Name System Security Extension.

NOTE WELL: All Internet2 Activities are governed by the Internet2 Intellectual Property Framework.

Co-Chairs

  • Shumon Huque, University of Pennsylvania
  • Michael Sinatra, ESnet

Participation

  • To subscribe to the e-mail list, send an e-mail to <pubsympa AT internet2.edu> with the following message in the subject:           
    • subscribe DNSSEC FirstName LastName
  • To set a watch on this wiki space, to be notified of changes at the e-mail address in your profile, use the menu at the top of this page:
    • Browse => Advanced => Start watching this space (under Subscribe in the left nav)
  • To edit the e-mail address in your profile, use the menu at the top of this page:
    • [UserName] => Preferences => Edit Profile (tab)

.edu Production DNSSEC-enabled Zones

Information obtained from SecSpider - the DNSSEC Monitoring Project as of 8-June-2011

DNSstat - some DNS zone statistics

A compilation of DNS capabilities and statistics for a several categories of institutions (Internet2, ESnet, NYSERnet, GigaPoPs, Leading Tech companies, TLDs etc). The data are currently updated once per week. Maintained by Shumon Huque.

Upcoming Events of Interest

  •  

Past Events of Interest

Articles of Interest

Useful Links

  • ARIN (American Registry for Internet Numbers) DNSSEC
  • Comcast DNSSEC Information Center (How to Participate in the [Comcast] DNSSEC Trial Today...)
  • DNSSEC for .edu: Frequently Asked Questions
  • DNSCheck - Test your DNS-server and find errors (includes DNSSEC)
  • The DNSSEC Deployment Initiative works to encourage all sectors to voluntarily adopt security measures that will improve security of the Internet's naming infrastructure, as part of a global, cooperative effort that involves many nations and organizations in the public and private sectors. The U.S. Department of Homeland Security Science and Technology (S&T) Directorate provides support for coordination of the initiative. This site is a tremendous reference resource.
  • DNSSEC Links at Internet2 member institutions
  • DNSSEC.net: a collection of useful information
  • DNSSEC Industry Coalition - a global group of registries and industry experts whose mission is to work collaboratively to facilitate adoption of Domain Name Security Extensions (DNSSEC) and streamline the implementations across Domain Name Registries. Members work together to establish a consistent set of tools and applications, shared best practices, specifications and shared nomenclature. DNSSEC Industry Coalition members include both generic Top-Level Domain and country code Top-Level Domain registries along with industry and educational experts of the Domain Name System.
  • DNSSEC-Tools: The goal of the DNSSEC-Tools project is to create a set of software tools, patches, applications, wrappers, extensions, and plugins that will help ease the deployment of DNSSEC related technologies.
  • DNSViz - A DNS visualization toolDNSViz is a tool for visualizing the status of a DNS zone. It was designed as a resource for understanding and troubleshooting deployment of the DNS Security Extensions (DNSSEC). It provides a visual analysis of the DNSSEC authentication chain for a domain name and its resolution path in the DNS namespace, and it lists configuration errors detected by the tool.
  • EDUCAUSE Resources (.edu Registrar)
  • IETF
  • Internet Systems Consortium, Inc. (ISC)
    • BIND (Berkeley Internet Name Domain) is an open-source software implementation of the DNS protocols, but it is also production-grade software, suitable for use in high-volume and high-reliability applications.
    • ISC's DLV Registry
      DLV (DNSSEC Look-aside Validation) is an extension to the DNSSECbis protocol. It is designed to assist in early DNSSEC adoption by simplifying the configuration of recursive servers. DLV provides an additional entry point (besides the root zone) from which to obtain DNSSEC validation information. Without DLV, in the absence of a fully signed path from root to a zone, users wishing to enable DNSSEC-aware resolvers would have to configure and maintain multiple trusted keys into their configuration.
    • SNS@ISC: ISC's DNS Secondary Name Service
      As part of ISC's community outreach and their public benefit mission, in addition to their commercial offering they offer a public-benefit version of SNS@ISC.
  • NIST DNSSEC Project
  • OpenDNSSEC - Open Source software created as an open-source turn-key solution for DNSSEC. It secures zone data just before it is published in an authoritative name server.
  • Review of administrative tools for DNSSEC
    During the spring of 2010 .SE together with Certezza has conducted a second review of administrative tools for DNSSEC, this time including three new vendors, making a total of eight. ...The products have been divided into five DNS servers and three pure DNSSEC signers. We conclude that the quality of at least six of the management tools is good enough for convenient deployment. Some features is missing from most of the products, including support for signing several zones with a shared key and standardized key migration.
  • Root DNSSEC - Information about DNSSEC for the Root Zone
  • TERENA TF-Mobility DNSSEC Working Group
    (Trans-European Research and Education Networking Association - Task Force on Mobility)
Labels:
None
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.