See the Spaces Instructions for editing access.
This SIG (Special Interest Group) is intended as a collaborative forum for the research and education community, to share information and support each other in deploying DNSSEC - the Domain Name System Security Extension.
NOTE WELL: All Internet2 Activities are governed by the Internet2 Intellectual Property Framework.
Co-Chairs
- Shumon Huque, University of Pennsylvania
- Michael Sinatra, University of California, Berkeley
Participation
- To subscribe to the e-mail list, send an e-mail to <sympa AT internet2.edu> with the following message in the subject:
- subscribe DNSSEC FirstName LastName
- To set a watch on this wiki space, to be notified of changes at the e-mail address in your profile, use the menu at the top of this page:
- Browse => Advanced => Start watching this space (under Subscribe in the left nav)
- To edit the e-mail address in your profile, use the menu at the top of this page:
[UserName] => Preferences => Edit Profile (tab)
Upcoming Events of Interest
- EDUCAUSE Security Professionals Conference: The Shifting Landscape: Changing Mind-Sets
April 12-14, 2010, Atlanta, GA- Securing DNS: Doing DNS as if DNS Actually Mattered (Preconference Seminar), April 12, 1:00 - 4:30 p.m. ET
Joseph E. St Sauver, Security Programs Manager, Internet2, University of Oregon
- Securing DNS: Doing DNS as if DNS Actually Mattered (Preconference Seminar), April 12, 1:00 - 4:30 p.m. ET
- Internet2 Spring Member Meeting
April 26-28, 2010, Arlington VA- DNSSEC Panel, April 27, 8:45-10:00 AM ET
Past Events of Interest
- DNSSEC Workshop at the ICANN Meeting in Nairobi, Kenya
Wednesday, March 10, 2010- Presentations
- NANOG48
February 24, 2010, Austin, TX - TF-Mobility
February 18, 2010, Vienna, Austria- DNSSEC update (pdf)
Roland van Rijswijk, SURFnet
- DNSSEC update (pdf)
- Winter 2010 ESCC/Internet2 Joint Techs
January 31 - February 4, 2010 - Summer 2009 ESCC/Internet2 Joint Techs
July 19 - July 22, 2009
Articles of Interest
- Comcast DNSSEC Statement (Feb 2010)
By the end of 2011, we plan to implement DNSSEC validation for all of our customers...- More info at Comcast DNSSEC Information Center
- Roll Over and Die? (Problems related to key rollover) (Feb 2010)
George Michaelson, Patrik Wallström, Roy Arends, Geoff Huston
Useful Links
- ARIN (American Registry for Internet Numbers) DNSSEC
Comcast DNSSEC Information Center (How to Participate in the [Comcast] DNSSEC Trial Today...)
- DNSSEC for .edu: Frequently Asked Questions
- DNSCheck - Test your DNS-server and find errors (includes DNSSEC)
- The DNSSEC Deployment Initiative works to encourage all sectors to voluntarily adopt security measures that will improve security of the Internet's naming infrastructure, as part of a global, cooperative effort that involves many nations and organizations in the public and private sectors. The U.S. Department of Homeland Security Science and Technology (S&T) Directorate provides support for coordination of the initiative. This site is a tremendous reference resource.
- DNSSEC.net: a collection of useful information
- DNSSEC Industry Coalition - a global group of registries and industry experts whose mission is to work collaboratively to facilitate adoption of Domain Name Security Extensions (DNSSEC) and streamline the implementations across Domain Name Registries. Members work together to establish a consistent set of tools and applications, shared best practices, specifications and shared nomenclature. DNSSEC Industry Coalition members include both generic Top-Level Domain and country code Top-Level Domain registries along with industry and educational experts of the Domain Name System.
- DNSSEC-Tools: The goal of the DNSSEC-Tools project is to create a set of software tools, patches, applications, wrappers, extensions, and plugins that will help ease the deployment of DNSSEC related technologies.
- EDUCAUSE Resources (.edu Registrar)
- IETF
- Internet Systems Consortium, Inc. (ISC)
- BIND (Berkeley Internet Name Domain) is an open-source software implementation of the DNS protocols, but it is also production-grade software, suitable for use in high-volume and high-reliability applications.
- ISC's DLV Registry
DLV (DNSSEC Look-aside Validation) is an extension to the DNSSECbis protocol. It is designed to assist in early DNSSEC adoption by simplifying the configuration of recursive servers. DLV provides an additional entry point (besides the root zone) from which to obtain DNSSEC validation information. Without DLV, in the absence of a fully signed path from root to a zone, users wishing to enable DNSSEC-aware resolvers would have to configure and maintain multiple trusted keys into their configuration. - SNS@ISC: ISC's DNS Secondary Name Service
As part of ISC's community outreach and their public benefit mission, in addition to their commercial offering they offer a public-benefit version of SNS@ISC.
- NIST DNSSEC Project
- OpenDNSSEC - Open Source software created as an open-source turn-key solution for DNSSEC. It secures zone data just before it is published in an authoritative name server.
- Root DNSSEC - Information about DNSSEC for the Root Zone
- TERENA TF-Mobility DNSSEC Working Group
(Trans-European Research and Education Networking Association - Task Force on Mobility)