Threat Level: green Handler on Duty: John Bambenek

SANS ISC: InfoSec Handlers Diary Blog - dshield.org now DNSSEC signed via .org InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

dshield.org now DNSSEC signed via .org

Published: 2011-04-14
Last Updated: 2011-04-14 02:26:28 UTC
by Johannes Ullrich (Version: 1)
1 comment(s)

To coincide with today's webcast about DNSSEC [1], I changed how the dshield.org zone is DNSSEC signed. The zone itself has been signed for a while now, but I used "look aside validation" via isc.org . For a few months now, it has been possible to have .org zones directly signed by .org, and I decided to give it a try. Please let me know if you see any issues. If you plan to deploy DNSSEC yourself, see Verisign's [3] nice testing tool as well as the visualization tool by DNSVIZ [4].

[1] https://www.sans.org/webcasts/isc-threat-update-20110413-94083
[2] http://dlv.isc.org
[3] http://dnssec-debugger.verisignlabs.com
[4] http://dnsviz.net/d/dshield.org/dnssec/

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords: dns dnssec dshield
1 comment(s)
Diary Archives