Slashdot Mirror

← Back to Stories (view on slashdot.org)

Root DNS Zone Now DNSSEC Signed

Posted by timothy on from the signing-of-the-times dept.

r00tyroot writes with news that slipped by yesterday, quoting from the Internet Systems Consortium's release: "ISC joined other key participants of the Internet technical community in celebrating the achievement of a significant milestone for the Domain Name System today as the root zone was digitally signed for the first time. This marked the deployment of the DNS Security Extensions (DNSSEC) at the top level of the DNS hierarchy and ushers the way forward for further roll-out of DNSSEC in the top level domains and DNS Service Providers."

6 of 94 comments (clear)

  1. Software development like the good old days... by Anonymous Coward · · Score: 5, Insightful

    “ISC has been intimately involved with the development of DNSSEC for more than fourteen years..." "Today's milestone marked the final step in a seven month process of evaluation and incremental deployment, assuring operational readiness of systems, software, and processes necessary for any significant change to the DNS root."

    Just like the good old days. Not like the Rapid Application Development that pushes crap out the door that goes obsolete before all the bugs are fixed. I miss those days.

    1. Re:Software development like the good old days... by phyrexianshaw.ca · · Score: 4, Insightful

      though your toilet may continue to work without DNS being there, the company that keeps your water flowing would likely slow to a crawl if they were unable to e-mail/call the partners they do business with.

      Voip servers, when calling other voip servers, will make DNS lookups to get IP's to establish such calls, though anything that's done over the PSTN just goes through the phone companies version of DNS, the CO.

      E-mail would fall apart inside the TTL of the cache entries. web browsing would quickly deteriorate, most debit machines that I've installed are hand coded with Static IP's, though most ABM's were DNS names. (because the service cost for ABM's is much higher than just leading the business owner/tech through changing IP's on a terminal over the phone)

      However, as the DNS system follows the CO ideology, the ISP's all along the way would have the simple ability to just switch away from the CO stored root zone, and only provide certain names resolvability. this would allow ISP's the ability to offer "services like Google! something not all providers are able to say!" as a promo, attracting people that don't know better.

      in my city, the vast majority of DNS names for city locations/devices are internal names anyways. none of them are accessible via the root zone. to systems like these the aforementioned changes would make no difference in the world.

  2. Re:OS Support by Anonymous Coward · · Score: 4, Informative

    DNSSEC is generally optional. You can now speak DNSSEC to your local DNS server and now it can stay DNSSEC all the way to the root domain (assuming there are no breaks). Prior to this you could authenticate your own DNS server's response, but you were never sure that it was talking to the right person. If you send a standard DNSSEC request out it will respond in a standard, albeit insecure, way. DNSSEC's sole purpose in life is to prevent DNS hijacking.

  3. Re:For the rest of us... by Hes+Nikke · · Score: 4, Informative

    here is a tool that lets you figure out which are the best DNS servers to use for your internet connection.

    --
    Don't call me back. Give me a call back. Bye. So yeah. But bye our, well, but alright we are on a shirt this chill.
  4. Re:What should DNS server administrators do? by mcrbids · · Score: 5, Funny

    What is this gopher thing you write about?

    Is it newer than telnet?

    --
    I have no problem with your religion until you decide it's reason to deprive others of the truth.
  5. Re:One More Error Message For Users To Ignore by Anonymous Coward · · Score: 4, Informative

    Wrong. A bad signature will make the hostname unresolvable.