Home / Blogs

More Stepping Stones Before This Summer's Seminal DNSSEC Events

Ram Mohan

The deployment of Domain Security Extensions (DNSSEC) has crossed another milestone this month with the publication of DURZ (deliberately unvalidatable root zone) in all DNS root servers on 5 May 2010.

While this change was virtually invisible to most Internet users, this event and the remaining testing that will occur over these next two months will dictate the ultimate success of DNSSEC deployment across the Internet.

Until now, ICANN and its partners have been rolling out DURZ to each of the root servers individually. With this step, all root servers now have DURZ. We will now get to see, before a validatable root zone is published, how the DNS infrastructure will behave as more queries for DNSSEC information result in larger responses. Answers to the important question about how the DNS scales with the addition of DNSSEC will hopefully start to filter in, as well as the opportunity to watch for abnormalities in the system. The final step in the root's DNSSEC deployment will occur in July when a validatable root zone is published.

If you are an application provider, ISP, or a Top-Level Domain (TLD) registry thinking of DNSSEC deployment you should take this event as an actionable item and allow your technical teams time to participate in DNSSEC testing.

The next milestone will be the deployment of a validatable signed root. Signed TLDs will be able to submit their keys to the root zone after it is signed, creating a single, hierarchical, secure infrastructure, in contrast to the islands of trust we have today.

We have spent the better part of the past three years working closely with .ORG and the Public Interest Registry towards the deployment of DNSSEC in .ORG throughout the domain name system. This June, second level .ORG names will be able to submit their key information and be signed, which will propagate throughout the DNS, a first-ever in a major gTLD. We look forward to learning, sharing and helping the system become stronger across this and future DNSSEC deployments across the other TLDs we support.

By Ram Mohan, Executive Vice President & CTO, Afilias. Mr. Mohan brings over 20 years of technology leadership experience to Afilias and the industry.

Related topics: DNS, DNS Security, Registry Services, Security, Top-Level Domains

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

Verisign's Q2'15 DDoS Trends: DDoS for Bitcoin Increasingly Targets Financial Industry

.ONLINE GA Launches with 28,000 Registrations in the First 30 Minutes

Protect Your Network From BYOD Malware Threats With The Verisign DNS Firewall

.ONLINE Sees the Biggest Generic Sunrise Ever

Influential Law Firms Have Become Early Adopters of '.law' TLD

.Online Receives 550+ Sunrise Requests, a Fortnight Still to Go

Announcing Verisign IntelGraph: Unprecedented Context for Cybersecurity Intelligence

40+ Pioneers Signed on for .TECH, as it Enters EAP Today‚Ä®

WeddingWire Joins Minds + Machines As New TLD '.Wedding' Pioneer

Minds + Machines and ALM Media Announce Strategic Partnership on .law

Independent Review Panel Favored DotConnectAfrica Trust Against ICANN Ruling Over .Africa Domain

Carlsberg Group Joins Minds + Machines Pioneer Program

Introducing the Verisign DNS Firewall

In Celebration of Marriage Equality Each New .LGBT Name Donates $20 to the It Gets Better Project

Afilias Adds .PROMO to Its Expanding List of Top Level Domains

LogicBoxes Helps .MN Registry Grow by 350%

TLD Security, Spec 11 and Business Implications

Verisign Named to the Online Trust Alliance's 2015 Honor Roll

LogicBoxes Powers .NGO & .ONG Retail and Wholesale Channels for ENSET

3 Key Steps for SMBs to Protect Their Website and Critical Internet Services

Sponsored Topics