‹ Back
Deploy360 9 November 2015

ION Cape Town: Implementing DNSSEC

Kevin Meynell
By Kevin MeynellSenior Manager, Technical and Operational Engagement

ion-capetown-ai-pngThis week we’re highlighting some of the topics that were covered during ION Cape Town a couple of months back. This was our third ION conference of 2015, and was held in conjunction with South Africa iWeek 2015 which has been South Africa’s leading annual Internet industry conference since 2001.

To kick-off we’re looking at DNSSEC which is increasingly being implemented by ccTLD registries around the world. Simon Balthazar of tzNIC (Tanzania) presented a concise but clear case for deploying DNSSEC, pointing out the wide reaching implications of the DNSChanger trojan since 2007. DNS validation will greatly reduce the impact of these sorts of hijackings, and with significant effort and money being expended to improve other areas of Internet security, it’s important to ensure that you’re actually connecting to an authenticated host.

Mark Elkins of Posix Systems also provides a deployment case study for this small South African ISP. They’ve been implementing DNSSEC since 2008, and have signed all their gTLD domains as well as 90 co.za and other domains using tools available from posixafrica.com. However, the .za root and second-level domains have still to be signed which limits the effectiveness of this initiative, although there are signs this may happen in the coming months.

Please do check out the other presentations and videos from the conference, as there’s some interesting deployment case studies and trials of the Deploy360 technologies.

‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Improving Technical Security 13 March 2019

IPv6 Security for IPv4 Engineers

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a...

Join the conversation with Internet Society members around the world