DNSSEC ... finally!

It looks like the signed DNS root zone might finally get deployed on July 15th and Geoff Huston celebrates the fact with a lengthy article on DNSSEC. Just in case you’re not aware what DNSSEC is all about, he’s providing this nifty summary:

A succinct summary of the problem that DNSSEC is intended to address is that DNSSEC is intended to protect DNS clients from believing forged DNS data.

Read the rest of the article on his blog.

DNSSEC deployment could cause some firewalls to hiccup. You might have to change your ASA configuration; zone-based firewall on IOS supposedly works just fine.

2 comments:

  1. DNSSec is a good thing but when will it be enabled on the GSS?

    ReplyDelete
  2. Ivan Pepelnjak04 August, 2010 09:27

    Did you have to point out another weak spot in Cisco's Data Center strategy :-P

    https://supportforums.cisco.com/thread/2030566

    On the other hand, until buying customers (with lots of revenue) start asking for it and/or start considering alternate vendors, not much will change. We can yammer all we want, it's the box revenues that drive the development efforts.

    ReplyDelete

You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.

Ivan Pepelnjak, CCIE#1354, is the chief technology advisor for NIL Data Communications. He has been designing and implementing large-scale data communications networks as well as teaching and writing books about advanced technologies since 1990. See his full profile, contact him or follow @ioshints on Twitter.