SDN/SDDC Retreat in Miami, Florida (November 4th-6th)
Separate SDN hype from real life!

DNSSEC ... finally!

It looks like the signed DNS root zone might finally get deployed on July 15th and Geoff Huston celebrates the fact with a lengthy article on DNSSEC. Just in case you’re not aware what DNSSEC is all about, he’s providing this nifty summary:

A succinct summary of the problem that DNSSEC is intended to address is that DNSSEC is intended to protect DNS clients from believing forged DNS data.

Read the rest of the article on his blog.

DNSSEC deployment could cause some firewalls to hiccup. You might have to change your ASA configuration; zone-based firewall on IOS supposedly works just fine.


  1. DNSSec is a good thing but when will it be enabled on the GSS?

  2. Ivan Pepelnjak04 August, 2010 09:27

    Did you have to point out another weak spot in Cisco's Data Center strategy :-P

    On the other hand, until buying customers (with lots of revenue) start asking for it and/or start considering alternate vendors, not much will change. We can yammer all we want, it's the box revenues that drive the development efforts.


You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.