Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Networking Security The Internet Technology

DNSSEC Comes To .Net Zone Today 62

Posted by kdawson from the if-it-were-easy-we'd-be-done-already dept.
wiredmikey sends news that as of today VeriSign has enabled DNSSEC on the .net zone. This is one milestone in a years-long process of securing the DNS against cache poisoning and other attacks. Next step will be for VeriSign to sign the .com root early next year."Having DNSSEC enabled for .net domains... [is] important as it represents one of the most critical implementations of DNSSEC technology, since .net serves as the underpinning for many critical Internet functions. The largest zone to be DNSSEC enabled to date, .net currently has more than 13 million... domain name registrations worldwide."
This discussion has been archived. No new comments can be posted.

DNSSEC Comes To .Net Zone Today More

DNSSEC Comes To .Net Zone Today

Comments Filter:

  • Re:More security in what way? (Score:1, Interesting)

    by xMrFishx ( 1956084 ) on Friday December 10, 2010 @10:59AM (#34514046)
    We'll all have to move to non US domains. Like .tr which stands for TERROR. Obviously. Oh wait. ICANN. No such thing as non US controlled. I wouldn't mind EUCANN (you can) existing. But no doubt the powers that be (read: powers that do because they cann) would have too much sway. I cringe each time the word hacktivists is used on the news.

  • Certificates in DNS. (Score:5, Interesting)

    by Timmmm ( 636430 ) on Friday December 10, 2010 @11:18AM (#34514172)

    Does DNSSEC allow storing SSL certificates in the DNS records? It would seem that this is an awesome way of getting free SSL certificates.

    Also, I doubt anyone bothered with this, but does DNSSEC have any way of saying "this domain should only be contacted with SSL"? That would prevent SSL stripping MitM attacks.

  • Re:Certificates in DNS. (Score:2, Interesting)

    by Anonymous Coward on Friday December 10, 2010 @12:59PM (#34515146)

    Does DNSSEC allow storing SSL certificates in the DNS records? It would seem that this is an awesome way of getting free SSL certificates.

    Also, I doubt anyone bothered with this, but does DNSSEC have any way of saying "this domain should only be contacted with SSL"? That would prevent SSL stripping MitM attacks.

    There are CERT records that can have X.509 (SSL/TLS) certificates:

    http://tools.ietf.org/html/rfc4398

    Just like a browser can do a look up for the A record of a web site, it could also look up the CERT record if it was so inclined.

    With DNSSEC it is now possible to check the veracity of the CERT RR to prevent man-in-the-middle accounts. DNSSEC could be used as a substitute for certificate authorities.

Slashdot Top Deals

To the systems programmer, users and applications serve only to provide a test load.

Close