Blogs

Last modified: January 30, 2014
  • Towards a DNSCERT Definition

    To mix metaphors, my e-mail has been ringing off the hook after my previous article (“Perspectives on a DNS-CERT“) and I’ve had to think deep and difficult thoughts about what we really mean by DNSCERT, and whether DNS-OARC really has the capability or really can grow the capability to operate such a thing. I’ve had some discussions with ICANN and

    Read more
    0
  • BIND 9.7.2 and automatic DNSSEC signing

    BIND 9.7.0 introduced automatic in-server signature re-freshing and automatic key rollover.  This allows BIND 9.7, if provided with the DNSSEC private key files, to sign records as they are added to the zone, or as the signatures need to be refreshed.  This refresh happens periodically to spread out the load on the server and to even out zone transfer load.

    Read more
    0
  • Open source *more* secure?

    I seem to read all the time that open source projects must be less secure, since the bad guys can look through the source code to find vulnerabilities. I was pleased to see an article today that takes the point of view that security through obscurity is not the right direction and that open source projects can be more secure than competing

    Read more
    0
  • Imminent Death of Internet Predicted. Film at 11.

    The press seems to love stories of doom and gloom. And for almost as long as the Internet has been around, there have been dire predictions of some resource exhaustion, success disaster or security flaw that will destroy the internet. And who is the villain in this week’s piece? DNSSEC and the signing of all the root servers. While I

    Read more
    0
  • DNSSEC Readiness

    DNSSEC is coming. Is your organization ready? The DNS community is buzzing with activity around the implementation of the DNS Security Extension, DNSSEC. In simple terms, DNSSEC provides a “chain of trust” within the DNS hierarchy and the authentication of DNS responses. Once deployed across the DNS, DNSSEC will render the infamous man-in-the-middle attack a thing of the past. But

    Read more
    0