DNSSEC - 17 Resources

DNSSEC (DNS Security Extensions) is a set of specifications used to add an additional layer of security to the Domain Name System (DNS). DNSSEC was designed to prevent specific types of popular attacks on the Internet and protect against these threats to the Domain Name System. The specific extensions provide origin authentication of DNS data, data integrity, and authenticated denial of existence. [Source: Webopedia]

DNSSEC and .edu

On September 3, 2009, EDUCAUSE and VeriSign announced the initiation of a project to enhance Internet reliability and stability. By the end of March 2010, the project will deploy a security system known as Domain Name Security Extensions (DNSSEC) within the .edu portion of the Internet, which EDUCAUSE manages under a cooperative agreement with the U.S. Department of Commerce. When the project is completed, institutions whose domain names end in .edu will be able to incorporate a digital signature into those names to limit a variety of security vulnerabilities. Read more in the press release or visit the DNSSEC for .edu FAQ.

The University of Pennsylvania recently announced its successful implementation institution-wide of Domain Name Security Extensions (DNSSEC) technology. Read the press release for additional details.

DNSSEC and .gov

The U.S. Government has now mandated that DNSSEC will be deployed throughout the .gov domain. The Memorandum from the Office of Management and Budget (OMB) to Chief Information Officers throughout the U.S. government states that the top level .gov domain will be signed by January 2009, the zones below .gov are to be signed by December 2009, and agencies are obliged to survey their systems and plan their deployment strategy.

Suggested Resources

• DNSSEC Coalition is a global group of registries and industry experts whose mission is to work collaboratively to facilitate adoption of Domain Name Security Extensions (DNSSEC) and streamline the implementations across Domain Name Registries.
• DNSSEC Deployment Initiative Roadmap - (February 2005) This road map describes the basic goal for deployment; the current state of practice, gaps and barriers; a set of sequences and dependencies; and next steps.
• DNSSEC - DNS Security Extensions - This website provides important background information on the history and development of the DNSSEC protocol. It also contains references to all major DNSSEC projects, presentations, research work, DNSSEC enabled software, and IETF reference material.
• DNSSEC: The Protocol, Deployment, and a Bit of Development - This article by Miek Gieben (NLnet Labs) offers a useful introduction to the protocol.
• The FISMA Implementation Project promotes the development of key security standards and guidelines to support the implementation of and compliance with the Federal Information Security Management Act (FISMA).
• Internet2 DNSSEC Deployment Initiative - Internet2 has formed a dot-edu advisory group on adopting DNSSEC. This website provides information about deployment initiatives and pilot projects, a roadmap for DNSSEC deployment, working group activities, and the "DNSSEC This Month" newsletter.
• NIST DNSSEC Project - This website provides information on NIST's contribution to securing DNS is in aiding deployment and determining the impact of the new security transactions on server performance.
• NIST Secure Domain Name System (DNS) Deployment Guide - (August 2009 Draft) This document provides deployment guidelines for securing DNS within an enterprise.
• The USG Secure Naming Infrastructure Pilot (SNIP) is a joint project involving NIST, SPARTA Inc, and the Department of Homeland Security. The main goal is to provide a test domain for participants to use and become familiar with the DNS Security Extensions (DNSSEC) and how they will affect current DNS operations.