The Case for DNSSEC, DANE & Root Key Rollover @ APRICOT 2017

Our colleague Jan Žorž from the Deploy360 team was asked to present during the DNS/DNSSEC sessions during APRICOT 2017 last week, and this provides us with the opportunity to highlight a few of the other presentations there. If you need to make the technical and/or business case for deploying DNSSEC, then you can do worse than check out the excellent Read more…

DNSSEC and DANE Activities at ICANN 58 in Copenhagen, March 12-15, 2017

ICANN 58 Logo

Next week in Copenhagen, Denmark, ICANN 58 will include some great technical info about DNSSEC and DANE happening in several sessions. Here is the plan… All times below are Central European Time (CET), which is UTC+1. DNSSEC For Everybody: A Beginner’s Guide – Sunday, 12 March On Sunday, March 12, 2017, we’ll have the “DNSSEC For Everybody: A Beginner’s Guide” session that Read more…

March 6th, 2017 by | Posted in DANE, DNSSEC, Events | Tags: , , , | No Comments

New report: “State of DNSSEC Deployment 2016”

State of DNSSEC Deployment 2016

What is the current state of deployment of the DNS Security Extensions? (DNSSEC) How many domains are secured with DNSSEC? What actual usage are we seeing on the Internet? What software is available to help? For years there have been many statistics about DNSSEC available, but it’s been hard to get an overall picture of Read more…

January 4th, 2017 by | Posted in DANE, DNSSEC, Reports | Tags: , | No Comments

DNSSEC and DANE Activities at ICANN 57 in Hyderabad, India, November 4-7, 2016

ICANN 57 Hyderabad logo

Friday marks the beginning of the ICANN 57 meeting in Hyderabad, India. As per usual there will be a range of activities related to DNSSEC or DANE. Two of the sessions will be streamed live and will be recorded for later viewing.  Here is what is happening. All times below are India Standard Time (IST), which is UTC+05:30. Read more…

November 3rd, 2016 by | Posted in DANE, DNSSEC, Events | Tags: , , , | No Comments

NIST Publishes New Guide: “DNS-Based Email Security” about DANE and DNSSEC

NIST Report on DANE for email

How can we make email more secure and trusted? How can we encrypt all email between mail servers? And how can we use DANE and DNSSEC to provide that added layer of security? Today the U.S. National Cybersecurity Center of Excellence (NCCoE)  and the National Institute of Standards and Technology released a “draft practice guide” Read more…

November 2nd, 2016 by | Posted in DANE, DNSSEC | Tags: , , | No Comments

Deploy360 @ NLNOG Day 2016

The Deploy360 team will be supporting NLNOG Day this coming Friday, 9 September 2016, which is being organised by the Netherlands Network Operator Group in Amsterdam. There are still some free places available, although you’re encouraged to make a donation when you register. Our colleague Jan Žorž will be talking about TLS and DANE, including the testing Read more…

Let’s Encrypt certificates for mail servers and DANE – Part 2 of 2

In the first part of our blog on testing the Let’s Encrypt certificates for mail servers and adding extra security with DANE TLSA records, we focused on how to deal with the default behaviour of the Let’s Encrypt client on Linux. This generates a new underlying key and certificate request every time we renew the Read more…

DNSSEC and DANE Activities at ICANN 55 and Africa DNS Forum in Marrakech March 5-10

ICANN 55 logo

Starting this Friday, March 4, I’ll be in Marrakech, Morocco, for a great bit of DNS security discussions at two events: the Africa DNS Forum 2016 and the 55th meeting of the Internet Corporation for Assigned Names and Numbers (ICANN). There will be some great introductions to DNSSEC and DANE – and some outstanding technical Read more…

March 2nd, 2016 by | Posted in DANE, DNSSEC, Maps, Securing BGP | Tags: , , , | No Comments

Let’s Encrypt certificates for mail servers and DANE – Part 1 of 2

Some would think that having a trusted certificate for your services such as web and email servers is enough, but some might wish to add an extra layer of security by publishing the hash of that in the DNS through a TLSA record and signed with DNSSEC. We already enabled Let’s Encrypt certificates for various web servers in the Go6lab, but this Read more…

January 29th, 2016 by | Posted in DANE, DANE, DNSSEC, Let's Encrypt, TLS for Applications | Tags: , , | 1 Comment

Got a DNSSEC or DANE Story or Tool To Share? Submit a Proposal For ICANN 55 DNSSEC Workshop

ICANN 55 logo

Do you have an idea for a new way to use DNSSEC or DANE to make the Internet more secure?  Have you recently installed DNSSEC and have a great case study you can share of lessons learned?  Do you have a new tool or service that makes DNSSEC or DANE easier to use or deploy? Read more…

November 30th, 2015 by | Posted in DANE, DNSSEC | Tags: , | No Comments