DNSSEC ... finally!

It looks like the signed DNS root zone might finally get deployed on July 15th and Geoff Huston celebrates the fact with a lengthy article on DNSSEC. Just in case you’re not aware what DNSSEC is all about, he’s providing this nifty summary:

A succinct summary of the problem that DNSSEC is intended to address is that DNSSEC is intended to protect DNS clients from believing forged DNS data.

Read the rest of the article on his blog.

DNSSEC deployment could cause some firewalls to hiccup. You might have to change your ASA configuration; zone-based firewall on IOS supposedly works just fine.


  1. DNSSec is a good thing but when will it be enabled on the GSS?
  2. Did you have to point out another weak spot in Cisco's Data Center strategy :-P


    On the other hand, until buying customers (with lots of revenue) start asking for it and/or start considering alternate vendors, not much will change. We can yammer all we want, it's the box revenues that drive the development efforts.
Add comment