This weekend begins the “Spring Forum” of the Domain Name System Operations Analysis and Research Center, a.k.a. “DNS-OARC” and it once again represents a gathering of many of the prominent people within the DNS / DNSSEC community. The event takes place in Dublin, Ireland, on the Sunday and Monday morning prior to the RIPE 66 meeting happening for the rest of the week.
Would you like to chat with me (Dan York) about DNSSEC and DANE and how they might work with voice-over-IP (VoIP) and unified communications (UC)? Or would you just like to listen to my views on the subject? If so, you can join in to the live “VoIP Users Conference (VUC)” conference call / podcast Read more…
It’s official… Google’s Public DNS service is now performing DNSSEC validation for all DNS queries by default! When news broke back on March 19 that Google had enabled DNSSEC validation on its Public DNS service, there was some initial concern after people noticed that Google was only performing the DNSSEC validation when requested. This led Read more…
Can DNSSEC help make voice and video communications over IP more secure? Could DNSSEC combined with DANE provide a means to more easily distribute the TLS/SSL certificates needed for VoIP phones and systems? Can DNSSEC help ensure that you are talking with the correct VoIP system or application server? Can DNSSEC improve the security of Read more…
This page will serve as a repository of information related to how DNSSEC and DANE can work with communications protocols based on IP, including voice-over-IP (VoIP), unified communications (UC). real-time communications (RTC) and the use of the Session Initiation Protocol (SIP). Documentation (need to identify any documentation on this topic) Presentation Slides Who Are You Read more…
How did the deployment of DNSSEC go within the .GOV top-level domain? What kind of errors were found in the deployment? What lessons were learned? If they could start it all again, what would they do differently? These were all questions discussed by Scott Rose of the US NIST in a talk last December at Read more…
Congratulations to both the Christmas Islands and Thailand for the DNSSEC-signing of two more top-level domains (TLDs): .CX (Christmas Islands) .ไทย (Thailand) In the case of Thailand, their .TH domain was already signed with DNSSEC, but this is now the internationalized domain name (IDN) for .TH. These two new signed TLDs bring the count to Read more…
Next week at the SIPNOC conference, Dan York will be presenting about how VoIP can work over IPv6 – and how DNSSEC can add a layer of security to IP communications.
As we mentioned previously in both a blog post and an audio commentary, today, April 12, 2013, is the last day to weigh in with comments to ICANN about the rollover process of the DNSSEC Root Key-Signing Key (KSK). We strongly encourage you to read ICANN’s request for public comment and the comments already submitted Read more…
If you are a Reddit user interested in DNSSEC, there is now a subreddit focused on “DNS security” at: http://www.reddit.com/r/dnssecurity/ Please do subscribe and comment – and also please feel free to contribute links to any articles or resources out there related to DNSSEC, DANE or other topics related to DNS security. P.S. There’s also Read more…