Some folks have already asked me if DNSSEC could have prevented Twitter.com traffic from being hijacked. In this case, the answer is, "No".
Less than nine months after the DNS root was signed, the rollout of DNSSEC across the Internet's top-level domains is approaching the tipping point.
Over the next few years we should expect to see applications leveraging DNSSEC in ways we cannot imagine now.
There has been quite a bit of talk lately about the best way to secure a domain, mainly centered in two camps: SSL or DNSSEC. The answer is quite simple - you should use both.
July 15, 2010 marks the end of the beginning for DNSSEC, and the opening of a new chapter in the task of securing the core infrastructure on which the global Internet relies.
The movement is on, DNSSEC, ready set go! Just make sure you are ready when you go!"The General Services Administration is analyzing what caused an outage of .gov websites for a few hours Wednesday morning," reports Federal Times. Officials said the problem involved so-called DNSSEC cybersecurity measures that affected access to certain .gov sites, according to GSA spokeswoman Mafara Hobson. more»
The Internet Society today announced it has signed a Memorandum of Understanding with Shinkuro and Parsons to collaborate on multiple initiatives to promote the global deployment of Domain Name System Security Extensions (DNSSEC). more»
Neil Schwartzman writes to report that U.S. Cert issued Alert TA13-088A on Friday March 29, 2013. "It is a solid how-to guide to test for, and remediate DNS configurations that can be used for Distributed Denial of Service attacks." more»
Google today announced that its "Public DNS" service is now performing DNSSEC validation. Yunhong Gu, Team Lead for Google Public DNS, in post today wrote: "We launched Google Public DNS three years ago to help make the Internet faster and more secure.Today, we are taking a major step towards this security goal: we now fully support DNSSEC (Domain Name System Security Extensions) validation on our Google Public DNS resolvers." more»
A recent progress report on DNSSEC adoption reveals the extent to which organizations in a number of industries are falling short of their own objectives for making Domain Name Server (DNS) infrastructure more secure. The progress report, conducted by Secure64 Software Corporation, is a follow-up to a 2010 study by Forrester Research titled, "DNSSEC Ready for Prime Time," which reported on organizations' plans to implement DNSSEC in order to shore up vulnerabilities in DNS. more»
The Internet Society Deploy360 Programme issues a call for speakers for a series of upcoming global ION Conferences. ISOC welcomes submissions from IPv6 and DNSSEC experts to speak at any of the following ION conferences. more»
Google has announced that it has started undertaking an effort to notify roughly half a million people whose computers or home routers are infected with a well-publicized form of malware known as DNSChanger. "After successfully alerting a million users last summer to a different type of malware, we've replicated this method and have started showing warnings via a special message that will appear at the top of the Google search results page for users with affected devices." more»
Up to 100,000 customer modems are at risk of losing their internet connection from July 9 when the FBI disables rogue DNS servers seized late last year. The affected customer modems make up about a third of the 350,000 to 400,000 internet users believed to still have the DNSChanger malware on either their modems or Windows computers. more»
Internet Society recently announced the appointment of former chief technology officer of Motion Picture Association of America (MPAA). The decision has raised concerns within the Internet community as Paul Brigner had campaigned for SOPA while at MPAA as well as being on record opposing net neutrality while being an official at Verizon. more»
A misconfiguration in NASA's DNSSEC implementation on its website caused Comcast's network to block users from the site last week. NASA had incorrectly signed DNSSEC in its implementation of the new security protocol that last week, causing Comcast's newly DNSSEC-enabled service to automatically block access to the site. the day part of the Web went dark in protest of controversial anti-piracy legislation, leading some users and pundits to inaccurately speculate this was Comcast's way of protesting the government-based bills. more»
Comcast, a leading ISP in the U.S., has fully deployed Domain Name System Security Extensions (DNSSEC) according to a company announcement today. Jason Livingood, Comcast's Vice President of Internet Systems writes: "As of today, over 17.8M residential customers of our Xfinity Internet service are using DNSSEC-validating DNS servers. In addition, all of the domain names owned by Comcast, numbering over 5,000, have been cryptographically signed. All of our servers, both the ones that customers use and the ones authoritative for our domain names, also fully support IPv6." more»
ICANN and internet exchange firm Packet Clearing House (PCH) have joined forces with Infocomm Development Authority of Singapore (IDA) and the National University of Singapore (NUS) to launch the first of three facilities designed to boost the adoption of Domain Name System Security (DNSSEC) among country code Top-Level Domains (ccTLDs). The three new facilities, located in Singapore; Zurich, Switzerland (still under construction) and San Jose, California, provide cryptographic security using the recently deployed DNSSEC protocol. more»
A group of leading DNS experts have released a paper detailing serious concerns over the proposed DNS filtering requirements included as part of the bill recently introduced in the U.S. Senate named Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act of 2011 ("PROTECT IP Act"). The group who is urging lawmakers to reconsider enacting such a mandate into law, includes leading DNS designers, operators, and researchers, responsible for numerous RFCs for DNS, publication of many peer-reviewed academic studies related to architecture and security of the DNS, and responsible for the operation of important DNS infrastructure on the Internet. more»
UK registry Nominet has enabled the deployment of domain name system security extensions (DNSSEC) for 9.4 million second level .uk domains. Completing the rollout represents over a year's work and marks an important milestone in making the web a more trusted environment for UK consumers and businesses, says Nominet, which is responsible for running the .uk internet infrastructure. more»
Citrix has published a case study featuring Nixu DDI run on Citrix XenServer by Unify Mobile, a Dutch Mobile Virtual Network Operator (MVNO). Having grown its customer base at an extremely rapid pace, Unify wanted to develop a network services platform that could be scaled up quickly and allow efficient management to cope with growth. more»
