Duane Wessels

Duane Wessels

Principal Research Scientist at Verisign
Joined on July 16, 2008
Total Post Views: 27,082

About

Duane is Principal Research Scientist, with a focus on DNSSEC projects. He is responsible for collecting and analyzing large amounts of data during the initial rollout of the signed root zone. He is working on Verisign's DNSSEC interoperability lab and other DNSSEC tools for both internal and public use. He is also managing collaborative university research projects.

Prior to joining Verisign, Duane was the Director of the DNS Operations Analysis Research Center (DNS-OARC). Duane enjoys attending various technical conferences and is a member of the North American Network Operators Group (NANOG) Board of Directors.

Featured Blogs

A Great Collaborative Effort: Increasing the Strength of the Zone Signing Key for the Root Zone

A few weeks ago, on Oct. 1, 2016, Verisign successfully doubled the size of the cryptographic key that generates DNSSEC signatures for the internet's root zone. With this change, root zone DNS responses can be fully validated using 2048-bit RSA keys. This project involved work by numerous people within Verisign, as well as collaborations with ICANN, Internet Assigned Numbers Authority (IANA) and National Telecommunications and Information Administration (NTIA). more»

Increasing the Strength of the Zone Signing Key for the Root Zone, Part 2

A few months ago I published a blog post about Verisign's plans to increase the strength of the Zone Signing Key (ZSK) for the root zone. I'm pleased to provide this update that we have started the process to pre-publish a 2048-bit ZSK in the root zone for the first time on Sept. 20. Following that, we will publish root zones with the larger key on Oct. 1, 2016. more»

Increasing the Strength of the Zone Signing Key for the Root Zone

One of the most interesting and important changes to the internet's domain name system (DNS) has been the introduction of the DNS Security Extensions (DNSSEC). These protocol extensions are designed to provide origin authentication for DNS data. In other words, when DNS data is digitally signed using DNSSEC, authenticity can be validated and any modifications detected. more»

Verisign's Perspective on Recent Root Server Attacks

On Nov. 30 and Dec. 1, 2015, some of the Internet's Domain Name System (DNS) root name servers received large amounts of anomalous traffic. Last week the root server operators published a report on the incident. In the interest of further transparency, I'd like to take this opportunity to share Verisign's perspective, including how we identify, handle and react, as necessary, to events such as this. more»

Topic Interests

DDoSCyberattackCybersecurityDNSNetworksDNS Security

Recent Comments

Not a Guessing Game
Not a Guessing Game
Not a Guessing Game
Not a Guessing Game
Not a Guessing Game

Popular Posts