DNSSEC - 24 Resources

Overview
Publications (9)
Presentations (6)
Blogs (9)

Overview

DNSSEC (DNS Security Extensions) is a set of specifications used to add an additional layer of security to the Domain Name System (DNS). DNSSEC was designed to prevent specific types of popular attacks on the Internet and protect against these threats to the Domain Name System. The specific extensions provide origin authentication of DNS data, data integrity, and authenticated denial of existence. [Source: Webopedia]

DNSSEC and .edu

On September 3, 2009, EDUCAUSE and VeriSign announced the initiation of a project to enhance Internet reliability and stability. By the end of March 2010, the project will deploy a security system known as Domain Name Security Extensions (DNSSEC) within the .edu portion of the Internet, which EDUCAUSE manages under a cooperative agreement with the U.S. Department of Commerce. When the project is completed, institutions whose domain names end in .edu will be able to incorporate a digital signature into those names to limit a variety of security vulnerabilities. Read more in the press release or visit the DNSSEC for .edu FAQ.

The University of Pennsylvania recently announced its successful implementation institution-wide of Domain Name Security Extensions (DNSSEC) technology. Read the press release for additional details.

DNSSEC and .gov

The U.S. Government has now mandated that DNSSEC will be deployed throughout the .gov domain. The Memorandum from the Office of Management and Budget (OMB) to Chief Information Officers throughout the U.S. government states that the top level .gov domain will be signed by January 2009, the zones below .gov are to be signed by December 2009, and agencies are obliged to survey their systems and plan their deployment strategy.

Suggested Resources

7 Things You Should Know About DNSSEC, EDUCAUSE, January 2010.
DNSSEC Coalition is a global group of registries and industry experts whose mission is to work collaboratively to facilitate adoption of Domain Name Security Extensions (DNSSEC) and streamline the implementations across Domain Name Registries.
DNSSEC Deployment Initiative - This initiative works to encourage all sectors to voluntarily adopt security measures that will improve security of the Internet’s naming infrastructure, as part of a global, cooperative effort that involves many nations and organizations in the public and private sectors. The U.S. Department of Homeland Security Science and Technology (S&T) Directorate provides support for coordination of the initiative.This website provides case studies, guidelines, a learning center, and a DNSSEC This Month newsletter.
DNSSEC Deployment Initiative Roadmap (2007 release) - This roadmap, revised March 16, 2007, describes the basic goal for deployment; the current state of practice, gaps and barriers; a set of sequences and dependencies; and next steps.
DNSSEC - DNS Security Extensions - This website provides important background information on the history and development of the DNSSEC protocol. It also contains references to all major DNSSEC projects, presentations, research work, DNSSEC enabled software, and IETF reference material.
DNSSEC: The Protocol, Deployment, and a Bit of Development - This article by Miek Gieben (NLnet Labs) offers a useful introduction to the protocol.
The FISMA Implementation Project promotes the development of key security standards and guidelines to support the implementation of and compliance with the Federal Information Security Management Act (FISMA).
NIST DNSSEC Project - This website provides information on NIST's contribution to securing DNS is in aiding deployment and determining the impact of the new security transactions on server performance.
NIST Secure Domain Name System (DNS) Deployment Guide - (August 2009 Draft) This document provides deployment guidelines for securing DNS within an enterprise.
The USG Secure Naming Infrastructure Pilot (SNIP) is a joint project involving NIST, SPARTA Inc, and the Department of Homeland Security. The main goal is to provide a test domain for participants to use and become familiar with the DNS Security Extensions (DNSSEC) and how they will affect current DNS operations.

Updated March 2010

Publications (9)

EDUCAUSE publications address a diverse range of professional challenges in higher education IT, from updates on current developments to explorations of important overarching issues. Listed below are the full range of research, reports and other publications that EDUCAUSE and its members have written about DNSSEC.

Item ID	Title	Pub Date	Views
CSD5732	DNSSEC Deployment Initiative Roadmap	02/12/2005	60
EST1001	7 Things You Should Know About DNSSEC	01/15/2010	964
CSD5533	Enhancing the Security and Stability of the Internet’s Domain Name and Addressing System: Notice of Inquiry	10/09/2008	324
CSD5729	DNSSEC Secures Another Domain	09/08/2009	55
CSD5731	DNSSEC Industry Coalition	09/15/2009	31
CSD5733	NIST Secure Domain Name System (DNS) Deployment Guide	02/18/2009	101
CSD5779	Study on the Costs of DNSSEC Deployment	11/20/2009	15
CSD5785	Team Cymru's YouTube Channel	12/07/2009	51
PUB1001	2009 Cybersecurity Summit Report	02/26/2010	31

Presentations (6)

Stepping away from the distractions of normal routine to meet with peers, share experiences, and learn together can be invaluable. EDUCAUSE places great emphasis on the face-to-face meeting experience, offering you numerous opportunities throughout the year to gather with colleagues - from small regional events and special topic meetings to large, national conferences covering the full spectrum of roles and issues important to higher education. For more information on EDUCAUSE conferences and seminars, please see our Frequently Asked Questions page. Listed below is the full range of presentations EDUCAUSE and its members tagged with DNSSEC

Item ID	Title	Pub Date	Views
CYB09_179953	Driving Security Improvements Through Research and Development	09/15/2009	69
CYB09_179647	Domain Name System Security (DNSSEC): Lessons Learned and Deployment for Research Facilities	09/15/2009	187
CSD5575	DNSSEC -- Living and Loving Life after Kaminsky; Or: How I overcame my fear and signed my zones	10/30/2008	203
CSD5488	Port 53 Wars: Security of the Domain Name System and Thinking About DNSSEC	02/14/2007	500
NMD08010	DNSSEC: Challenges and Opportunities for Higher Education	02/10/2008	1,276
SEC07066	Securing DNS	04/10/2007	1,524

Blogs (9)

EDUCAUSE hosts a number of blogs for its members. To view a list of all our blogs, click here.

Title	Blogger	Posted	Views
Security Sessions at the Spring 2010 Internet2 Member Meeting	Valerie M. Vogel, EDUCAUSE	03/02/2010	18
EDUCAUSE Releases 7 Things You Should Know About DNSSEC	Valerie M. Vogel, EDUCAUSE	01/19/2010	82
Team Cymru Offers Free Series of Security Videos Online	Valerie M. Vogel, EDUCAUSE	12/03/2009	73
University of Pennsylvania Successfully Deploys DNSSEC	Valerie M. Vogel, EDUCAUSE	11/10/2009	96
Plans for Increasing Security of .EDU Domain Announced Today	Anna Gould, EDUCAUSE	09/03/2009	139
Security of .edu Internet Domain to Increase	Valerie M. Vogel, EDUCAUSE	09/03/2009	118
NIST Updates Secure Domain Name System (DNS) Deployment Guide	Valerie M. Vogel, EDUCAUSE	03/05/2009	254
DNSSEC Notice of Inquiry	Valerie M. Vogel, EDUCAUSE	10/10/2008	276
Notice of Inquiry to Examine Security of the Domain Name and Addressing System	Rodney J. Petersen, EDUCAUSE	10/09/2008	235

Do you have a great resource that should be listed here? Email contribute@educause.edu with your recommendation!