Don't wait until it is too late! Secure your DNS NOW!

Internet Systems Consortium (ISC) - the industry's core drivers of DNSSEC deployment will help you step by step to secure your DNS infrastructure. Please join us for the third of a series DNSSEC talks.

Date and Time: We will present this webinar twice to maximize time zone coverage.

Recently, at a BIND 10 Face to face meeting, we scheduled a short slot of time to discuss the features of a DNS forwarder. As part of the development process of the BIND 10 recursive resolver, we initially implemented a basic forwarder. As we added actual recursive resolver features, the original 'forwarding' mode was left in, and got some of the features that were added for the 'resolving' mode, mostly on an ad-hoc basis.

While many of you know ISC as the maintainer of the BIND DNS server software, we have always had our hand in the DNS operations field, including operating one of the 13 DNS root servers (F.ROOT-SERVERS.NET), as well as secondaring many ccTLD and non-commercial zones for over a decade. ISC has also been at the forefront of designing and implementing DNS Security Extensions (DNSSEC) which is a mechanism to cryptographically verify that the response given to a DNS request is correct.

Now that the root zone has been officially signed, what happens with ISC's DNSSEC Look-aside Validation Registry? The short answer is, it gets smaller, but does not go away, at least not today.

While having the root signed is a critically important step in the DNSSEC deployment effort, it is not the final step. It's the one that enables a lot of other zones such as Top Level Domains (TLDs) to be signed usefully. It removes the need for many stop-gap measures like certain TARs, and the need for TLD entries in ISC's DLV system.