- How to make new stuff from your piles of obsolete tech
- Why your computer sucks
- 10 recession-proof IT skills
- Juniper execs share network vision
- 9-year-old plots his fifth Microsoft certification
Page 4 of 6
First, the OMB memo says nothing about when the Internet’s root servers will support DNSSEC.
Second, the memo doesn’t address whether the U.S. government will require VeriSign, which operates the popular .com and .net top-level domains, to support DNSSEC.
The National Telecommunications and Information Administration (NTIA), the arm of the U.S. government that oversees the Internet’s DNS infrastructure, has not set a deadline for DNSSEC deployment for the root servers, .com or .net.
"NTIA recognizes the potential benefits of a DNSSEC signed root zone file and is actively examining various implementation models in coordination with other U.S. government agencies as well as all the other relevant stakeholders, including [The Internet Corporation for Assigned Names and Numbers] and VeriSign, with whom the Department has existing relevant legal relationships,’’ according to an NTIA statement.
NTIA’s statement said the agency will not take any action that would affect the operational stability or efficiency of the DNS.
"A DNSSEC signed root zone would represent one of the most significant changes to the DNS infrastructure since it was created; therefore any changes cannot be taken lightly considering that the Internet DNS is a global infrastructure on which the global economy relies,’’ the statement said.
VeriSign has been running DNSSEC pilot projects for several years, and it offers free DNSSEC tools on its Web site for developers.
VeriSign operates two of the Internet’s 13 root servers. In March 2008, VeriSign created a DNSSEC testbed for all the root zone operators to use.
Rss FeedRss Feed
The Leader in Network Knowledge
Comments (9)
Non-Federal entities using dot-govBy Anonymous on September 22, 2008, 2:56 pmHow does this affect the non-Federal entities within the .gov domain? Several years ago state (www.idaho.gov) and local (www.columbus.gov) governments started...
Reply | Read entire comment
FYI, incorrect info - DNSSEC is now defined in RFCs 4033, 4034 aBy Anonymous on September 22, 2008, 4:32 pmGreat article! You do, though, have the link in your 3rd paragraph on "the Internet standard" pointing to the obsolete RFC 2065 dating from 1997. The standard...
Reply | Read entire comment
DNSSEC RFCsBy Anonymous on September 22, 2008, 5:03 pmIndeed, the DNSSEC RFC mentioned in this article (RFC 2065, January 1997) is heavily outdated. Recent DNSSEC RFCs can be found on the DNSSEC.net website in the RFC...
Reply | Read entire comment
hmmBy Anonymous on September 22, 2008, 5:19 pmand they're now just getting around to doing this? DNSSEC has been around for a bit wouldn't you say?
Reply | Read entire comment
And all those "open" DNS vendors?By unclesmrgol on September 22, 2008, 6:49 pmEurope has been laboring mightily to build a capability parallel to the US-provided root domain structure. I'm wondering where they are in this whole effort to...
Reply | Read entire comment
Misleading statementBy Anonymous on September 24, 2008, 7:32 amThis statement is not quite true "With DNSSEC deployed, federal Web sites “are less prone to be hacked into". DNSSEC actually prevents redirect/session hijacking...
Reply | Read entire comment
View all comments