Conferences & Events
Events for all Levels and InterestsStay
Jump Start Your Career GrowthStay
Get on the Higher Ed IT MapStay
Uncommon Thinking for the Common Good™Stay
Filter by type
Filter by Publications
DNSSEC (DNS Security Extensions) is a set of specifications used to add an additional layer of security to the Domain Name System (DNS). DNSSEC was designed to prevent specific types of popular attacks on the Internet and protect against these threats to the Domain Name System. The specific extensions provide origin authentication of DNS data, data integrity, and authenticated denial of existence. [Source: Webopedia]
DNSSEC and .edu
On August 2, 2010, EDUCAUSE and VeriSign announced the completion of a project to deploy DNSSEC within the .edu portion of the Internet, which EDUCAUSE manages under a cooperative agreement with the U.S. Department of Commerce. Institutions whose domain names end in .edu will now be able to utilize digital signatures to mitigate certain DNS security vulnerabilities, such as cache poisoning and man-in-the-middle attacks.
The University of Pennsylvania recently announced its successful implementation institution-wide of DNSSEC technology. Read the press release for additional details.
Adopting DNSSEC in the Higher Education Institution
What the CIO Should Know
The adoption of DNSSEC is another opportunity for higher education to show leadership in the use and advancement of the Internet. Every decision maker in the higher education IT community should know about DNSSEC and consider adding it to the maintenance schedule. Colleagues that have already signed their zones include berkeley.edu, merit.edu, penn.edu, psc.edu, upenn.edu, internet2.edu, and ucaid.edu.
What the Technical Staff Should Know
For institutions that host their own DNS, the technical team will need to learn about signing, upgrade to DNSSEC-aware DNS software, and proceed with signing their zones. For institutions whose DNS is hosted by an ISP, the technical staff will need to find out when the ISP plans to support DNSSEC and the enhanced reliability and stability it provides. Learn more about DNSSEC by reviewing the resources on this page and by browsing DNSSEC.net and the VeriSign resource page.
- Tool Guide Series on DNSSEC, a VeriSign publication detailing how to DNSSEC-enable your DNS zones using BIND, OpenDNSSEC, DNSSEC TOOLS, and ZKT.
- NIST Secure Domain Name System (DNS) Deployment Guide - (August 2009 Draft) This document provides deployment guidelines for securing DNS within an enterprise.
- DNSViz, a tool for visualizing the DNSSEC status of a DNS zone.
- DNSSEC Debugger, a DNSSEC debugging tool from VeriSign Labs.
- DNSSEC HOWTO, a "tutorial in disguise".
- DNSSEC Key Maintenance Analysis, a document that provides advice on DNSSEC key management.
- DNSSEC Validator, a Firefox add-on (still in alpha, not yet reviewed by Mozilla, use at your own risk).
- VeriSign announced that they have achieved a critical DNSSEC milestone by deploying security extensions in .com top level domain. March 31, 2011.
- DNSSEC for the .edu Domain, EDUCAUSE Live! April 29, 2010 - a presentation explaining DNSSEC: what it is, why you need to implement it, who has already implemented it, and how to get started.
- 7 Things You Should Know About DNSSEC, EDUCAUSE, January 2010.
- Internet2 DNSSEC Special Interest Group (SIG) is a collaborative forum for the research and education community to share information and support each other in deploying DNSSEC
- DNSSEC Coalition is a global group of registries and industry experts whose mission is to work collaboratively to facilitate adoption of Domain Name Security Extensions (DNSSEC) and streamline the implementations across Domain Name Registries.
- DNSSEC Deployment Initiative - This initiative works to encourage all sectors to voluntarily adopt security measures that will improve security of the Internet’s naming infrastructure, as part of a global, cooperative effort that involves many nations and organizations in the public and private sectors. The U.S. Department of Homeland Security Science and Technology (S&T) Directorate provides support for coordination of the initiative.This website provides case studies, guidelines, a learning center, and a DNSSEC This Month newsletter.
- DNSSEC Deployment Initiative Roadmap (2007 release) - This roadmap, revised March 16, 2007, describes the basic goal for deployment; the current state of practice, gaps and barriers; a set of sequences and dependencies; and next steps.
- DNSSEC - DNS Security Extensions - This website provides important background information on the history and development of the DNSSEC protocol. It also contains references to all major DNSSEC projects, presentations, research work, DNSSEC enabled software, and IETF reference material.
- DNSSEC: The Protocol, Deployment, and a Bit of Development - This article by Miek Gieben (NLnet Labs) offers a useful introduction to the protocol.
- The FISMA Implementation Project promotes the development of key security standards and guidelines to support the implementation of and compliance with the Federal Information Security Management Act (FISMA).
- NIST DNSSEC Project - This website provides information on NIST's contribution to securing DNS is in aiding deployment and determining the impact of the new security transactions on server performance.
- The USG Secure Naming Infrastructure Pilot (SNIP) is a joint project involving NIST, SPARTA Inc, and the Department of Homeland Security. The main goal is to provide a test domain for participants to use and become familiar with the DNS Security Extensions (DNSSEC) and how they will affect current DNS operations.
Library Items on this Topic
EDUCAUSE Library Items for DNSSEC
DNSSEC True DNSSEC (DNS Security Extensions) is a set of …
- DNSSEC with BIND 9.8.0
May 4, 2011
This blog posting gives directions for upgrading from an older version of BIND. This blog posting gives directions for upgrading from an older …
- Helping Secure the Internet with DNSSEC
September 22, 2010
Key Takeaways The Domain Name System (DNS) suffers from vulnerabilities that when exploited can have devastating effects on the affected institutions and their communities. DNS Security…
- EDUCAUSE Quarterly Magazine, Volume 33, Number 3, 2010
September 22, 2010
Reflections on Play, Pedagogy, and World of Wa…
- EDUCAUSE Member Update and Input Session - September 7, 2010
September 7, 2010
This is an archive of President Oblinger's online discussion of EDUCAUSE plans for this fallâ€™s annual conference. Other topics to be discussed include ACTI, InCommon, DNSSEC, EDUCAUSE…
- Tool Guide Series on DNSSEC Version 1 - February 2010
July 26, 2010
The intent of this document is to provide an overview of the DNSSEC-related Open Source tools and automation suites available in the industry to DNS operators who wish to DNSSEC-enable their oper…
- .com and .net Now Support DNSSEC
April 14, 2011
VeriSign recentlyÂ announced Â that .comâ€”the Internet's largest domain with more than 90 million domain name registrations worldwideâ€”now supportsÂ DNS Security Extensi…
- DNSSEC for the .edu Domain
April 29, 2010
The Domain Name System (DNS) was built without security, leaving Internet traffic exposed to forged DNS data, which, among other things, allows the spoofing of addresses to redirect traffic to ma…
- 2009 Cybersecurity Summit Report
February 26, 2010
The 2009 Cybersecurity Summit was held September 14â€“15, 2009, in Arlington, Virginia. The purpose of this forum was to bring together stakeholders to establish and maintain collaborative e…
- 7 Things You Should Know About DNSSEC
January 15, 2010
The Domain Name System (DNS) uses a distributed network of name servers to translate text-based web addresses into IP addresses, directing Internet traffic to proper servers. DNS was built withou…