[Cialug] SOT: DNSSEC and what it means to the average joe

Josh More morej at alliancetechnologies.net
Thu Jan 28 16:16:58 CST 2010


I'm not an expert, but here's my quick opinion anyway:

1) It cryptographically signs DNS records (and perhaps transactions)

2) It uses chain of trust, so I don't think it will be much good until
the TLDs implement them.  I know the process started on .mil and .gov. 
I don't know where .com, .net and .org are in the process.

3) In BIND, at least, the security history hasn't been that great.  I'd
say to let the technology mature before you even touch it.  Implementing
a weak security system can decrease your overall security to the point
where it's less than it would have been if you'd done nothing.

4) If you don't run any Internet DNS, I don't think that there is
anything you can do.  Leave it up to the providers.



-Josh More, RHCE, CISSP, NCLP, GIAC 
 morej at alliancetechnologies.net 
 515-245-7701

>>> "Nathan C. Smith" <nathan.smith at ipmvs.com> 01/28/10 4:10 PM >>>

I'm hearing a little about DNSSEC and wondering if somebody who knows
more or a lot more could distill it to the cliff notes.
If you don't run any Internet DNS is it still a concern?

-Nate


_______________________________________________
Cialug mailing list
Cialug at cialug.org
http://cialug.org/mailman/listinfo/cialug



More information about the Cialug mailing list