Home / Blogs

More Stepping Stones Before This Summer's Seminal DNSSEC Events

Ram Mohan

The deployment of Domain Security Extensions (DNSSEC) has crossed another milestone this month with the publication of DURZ (deliberately unvalidatable root zone) in all DNS root servers on 5 May 2010.

While this change was virtually invisible to most Internet users, this event and the remaining testing that will occur over these next two months will dictate the ultimate success of DNSSEC deployment across the Internet.

Until now, ICANN and its partners have been rolling out DURZ to each of the root servers individually. With this step, all root servers now have DURZ. We will now get to see, before a validatable root zone is published, how the DNS infrastructure will behave as more queries for DNSSEC information result in larger responses. Answers to the important question about how the DNS scales with the addition of DNSSEC will hopefully start to filter in, as well as the opportunity to watch for abnormalities in the system. The final step in the root's DNSSEC deployment will occur in July when a validatable root zone is published.

If you are an application provider, ISP, or a Top-Level Domain (TLD) registry thinking of DNSSEC deployment you should take this event as an actionable item and allow your technical teams time to participate in DNSSEC testing.

The next milestone will be the deployment of a validatable signed root. Signed TLDs will be able to submit their keys to the root zone after it is signed, creating a single, hierarchical, secure infrastructure, in contrast to the islands of trust we have today.

We have spent the better part of the past three years working closely with .ORG and the Public Interest Registry towards the deployment of DNSSEC in .ORG throughout the domain name system. This June, second level .ORG names will be able to submit their key information and be signed, which will propagate throughout the DNS, a first-ever in a major gTLD. We look forward to learning, sharing and helping the system become stronger across this and future DNSSEC deployments across the other TLDs we support.

By Ram Mohan, Executive Vice President & CTO, Afilias

Related topics: DNS, DNS Security, Registry Services, Security, Top-Level Domains

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

Infographic: Where in the World Do Chinese People Live?

Public Interest Registry Seeks Leaders to Serve on its NGO Community Advisory Council

Neustar to Build Multiple Tbps DDoS Mitigation Platform

Auctions Update: MMX Wins .law and .vip

LogicBoxes Partners with I-Content to Implement Vertical Integration for .RICH and .ONL

The Latest Internet Plague: Random Subdomain Attacks

Digging Deep Into DNS Data Discloses Damaging Domains

General Availability Kicks Off for .Website, .Press and .Host

New .ORGANIC Top-Level Domain Welcomes Leading Brands As .ORGANIC Pioneers

Dot Chinese Online and Dot Chinese Website Featured in EURid's World Report on IDNs 2014

New .ORGANIC Top-Level Domain Opens to Serve the Organic Community

Independent Endorsement of Dot Chinese Online & Dot Chinese Website by by FiarWinds Partners

New gTLDs and Best Practices for Domain Management Policies (Video)

.Host Announces Top Global Players As Pioneer Partners

Public Interest Registry Releases Bi-Annual Report, .Org Domain Registrations Pass 10.4 Million

Public Interest Registry to Speak About Upcoming Launch of .ngo and .ong Domains for NPOs

Landrush Opens for .Website, .Press and .Host

Afilias Announces General Availability of .BLACK Top-Level Domain

Nominum Announces Future Ready DNS

Last Lap of .WEBSITE, .PRESS and .HOST Sunrise

Sponsored Topics