Home / Blogs

More Stepping Stones Before This Summer's Seminal DNSSEC Events

Ram Mohan

The deployment of Domain Security Extensions (DNSSEC) has crossed another milestone this month with the publication of DURZ (deliberately unvalidatable root zone) in all DNS root servers on 5 May 2010.

While this change was virtually invisible to most Internet users, this event and the remaining testing that will occur over these next two months will dictate the ultimate success of DNSSEC deployment across the Internet.

Until now, ICANN and its partners have been rolling out DURZ to each of the root servers individually. With this step, all root servers now have DURZ. We will now get to see, before a validatable root zone is published, how the DNS infrastructure will behave as more queries for DNSSEC information result in larger responses. Answers to the important question about how the DNS scales with the addition of DNSSEC will hopefully start to filter in, as well as the opportunity to watch for abnormalities in the system. The final step in the root's DNSSEC deployment will occur in July when a validatable root zone is published.

If you are an application provider, ISP, or a Top-Level Domain (TLD) registry thinking of DNSSEC deployment you should take this event as an actionable item and allow your technical teams time to participate in DNSSEC testing.

The next milestone will be the deployment of a validatable signed root. Signed TLDs will be able to submit their keys to the root zone after it is signed, creating a single, hierarchical, secure infrastructure, in contrast to the islands of trust we have today.

We have spent the better part of the past three years working closely with .ORG and the Public Interest Registry towards the deployment of DNSSEC in .ORG throughout the domain name system. This June, second level .ORG names will be able to submit their key information and be signed, which will propagate throughout the DNS, a first-ever in a major gTLD. We look forward to learning, sharing and helping the system become stronger across this and future DNSSEC deployments across the other TLDs we support.

By Ram Mohan, Executive Vice President & CTO, Afilias. Mr. Mohan brings over 20 years of technology leadership experience to Afilias and the industry.

Related topics: DNS, DNS Security, Registry Services, Security, Top-Level Domains

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

Carlsberg Group Joins Minds + Machines Pioneer Program

Introducing the Verisign DNS Firewall

In Celebration of Marriage Equality Each New .LGBT Name Donates $20 to the It Gets Better Project

Afilias Adds .PROMO to Its Expanding List of Top Level Domains

LogicBoxes Helps .MN Registry Grow by 350%

TLD Security, Spec 11 and Business Implications

Verisign Named to the Online Trust Alliance's 2015 Honor Roll

LogicBoxes Powers .NGO & .ONG Retail and Wholesale Channels for ENSET

3 Key Steps for SMBs to Protect Their Website and Critical Internet Services

Key Considerations for Selecting a Managed DNS Provider

Verisign Mitigates More DDoS Attacks in Q1 2015 than Any Quarter in 2014

Alabama Joins dotVOTE Movement - Announces Alabama.vote for Its Election Site

LogicBoxes Partners With Domains.Green to Setup Retail & Wholesale Channels for .green Domains

New Top-Level Domain .fit Launches, Announces Partnership with the Arnold Sports Festival

Bauer Media Joins Minds + Machines as a .fishing Pioneer

New .vote TLD Used for Arizona Voters

First Premium .yoga Domains Up for Auction

Afilias Releases 160,000+ Names Across 8 New TLDs

Deal Yourself In: .POKER Names Now Open to All

Verisign OpenHybrid for Corero and Amazon Web Services Now Available

Sponsored Topics