Sandia National Laboratories is touting a free Web-based visualization tool called DNSViz to help domain name registrars, government organizations and others rolling out DNS Security to better manage the technology that federal entities have been mandated to employ. DNSSEC for the .com domain was also enabled last year, with big registrars like GoDaddy.com jumping on board.
Sandia computer scientist Casey Deccio says in a statement: “DNSSEC is hard to configure correctly and has to undergo regular maintenance. It adds a great deal of complexity to IT systems, and if configured improperly or deployed onto servers that aren’t fully compatible, it keeps users from accessing .gov sites. They just get error responses.” (See more from Deccio in the video below)
Sandia Labs is looking for funding and partners to extend the tool, such as by enabling historical analysis to improve monitoring. Deccio envisions DNSViz becoming available as open source software, though currently it's accessible only via the Web interface.
As colleague Carolyn Duffy Marsan writes, "DNSSEC is an emerging Internet standard that allows Web sites to verify their domain names and corresponding IP addresses using digital signatures and public-key encryption. DNSSEC prevents Kaminsky-style attacks, where traffic is redirected from a legitimate Web site to a fake one without the Web site operator or end user knowing"
Comcast this week said it is the first large ISP serving North America to have rolled out DNSSEC across its network.
Follow Bob on Twitter at www.twitter.com/alphadoggs