Your browser failed to load CSS style sheets. Your browser or web proxy might not support elliptic-curve TLS

Building network automation solutions

9 module online course

Start now!
back to overview

DNSSEC ... finally!

It looks like the signed DNS root zone might finally get deployed on July 15th and Geoff Huston celebrates the fact with a lengthy article on DNSSEC. Just in case you’re not aware what DNSSEC is all about, he’s providing this nifty summary:

A succinct summary of the problem that DNSSEC is intended to address is that DNSSEC is intended to protect DNS clients from believing forged DNS data.

Read the rest of the article on his blog.

DNSSEC deployment could cause some firewalls to hiccup. You might have to change your ASA configuration; zone-based firewall on IOS supposedly works just fine.

Please read our Blog Commenting Policy before writing a comment.


  1. DNSSec is a good thing but when will it be enabled on the GSS?

  2. Ivan Pepelnjak04 August, 2010 09:27

    Did you have to point out another weak spot in Cisco's Data Center strategy :-P

    On the other hand, until buying customers (with lots of revenue) start asking for it and/or start considering alternate vendors, not much will change. We can yammer all we want, it's the box revenues that drive the development efforts.


Constructive courteous comments are most welcome. Anonymous trolling will be removed with prejudice.