Slashdot Mirror

← Back to Stories (view on slashdot.org)

Root DNS Zone Now DNSSEC Signed

Posted by timothy on from the signing-of-the-times dept.

r00tyroot writes with news that slipped by yesterday, quoting from the Internet Systems Consortium's release: "ISC joined other key participants of the Internet technical community in celebrating the achievement of a significant milestone for the Domain Name System today as the root zone was digitally signed for the first time. This marked the deployment of the DNS Security Extensions (DNSSEC) at the top level of the DNS hierarchy and ushers the way forward for further roll-out of DNSSEC in the top level domains and DNS Service Providers."

5 of 94 comments (clear)

  1. For the rest of us... by oldhack · · Score: 2, Interesting

    What do we need to do on our side, the DNS client side?

    --
    Fuck systemd. Fuck Redhat. Fuck Soylent, too. Wait, scratch the last one.
  2. Re:Too complicated: designed by ISC for ISC? by h4rr4r · · Score: 3, Interesting

    http://blog.techscrawl.com/2009/01/13/enabling-dnssec-on-bind/

    Looks pretty easy at least as easy as setting up bind and a few zones.

  3. Re:OS Support by TheRaven64 · · Score: 2, Interesting

    A better question is whether there is any portable API for accessing this information. When I call getaddrinfo(), can I tell whether a particular address is DNSSEC-signed? OpenBSD has a flag for this, but is it going to be standardised? Do other platforms have anything equivalent? If it is using DNSSEC, can I also check easily if there is an IPSECKEY record and establish an IPsec connection using it if there is?

    --
    I am TheRaven on Soylent News
  4. Re:Software development like the good old days... by moonbender · · Score: 2, Interesting

    I wonder whether you're right.

    What kind of services rely on DNS? Web and email communication, obviously, but would voice communication either via cell phones or landlines break down? I suppose much of the voice traffic is routed over the same physical backbone as the Internet, but does it share the same server infrastructure including DNS? What about bank transactions? Are companies smart enough to handle internal communication (even if it touches the net) in a way that would work without DNS? Or would my toilet refuse working without DNS?

    Also: considering the distributed, caching nature of DNS, how long would it take for a problem in the root zone to affect people? (Wasn't there a root zone incident a short while back?) Would that give people enough time to revert a botched rollout?

    --
    Switch back to Slashdot's D1 system.
  5. Re:Great! by penguin359 · · Score: 2, Interesting

    Actually, you can't transfer a domain when it's close (~30 days I think) to expiring to avoid it expiring mid-tranfer. You shouldn't not loose any time off of the original registration. It should just extend it so it's probably better to transfer now. Check on the rules for that from both registrars.