[] in mid-2010, DNSSEC got deployed over 'root-DNS-server' and '.org' domain
[] on 10-Dec-2010, Verisign deployed DNSSEC in '.net' zone too
{securing more than 13million registrations online}
[] preparations are up to sign the '.com' zone in first quarter of 2011
Verisign has even launched a cloud based DNSSEC implementation service to ease its implementation in organisations.
Refer to http://www.securityweek.com/verisign-launches-new-dnssec-signing-service For those who are not much familiar with DNSSEC, its a security layer standardized to be implemented over traditional DNS services... it will help the users counter DNS vulnerabilities exposed by researchers like 'Dan Kaminsky' including DNS poisoning attacks.
Refer to http://www.dnssec.net
Its implementation would require more processing power, bandwidth usage and more storage needs as it uses intensive encryption mechanism over all DNS traffic.
Though, I was surprised hearing initially of its implementation over root DNS server as its alterantive DNSCURVE (suggested by Dan Kaminsky) was conceptually better in security and easy on resources too. Don't know it was fair selection or just another political/community-biased decision.
=begin :footer
# waited about a week to have time doing this post in detail...
# but more delay would deny its usability... so its here
=end :footer
Posts
No comments:
Post a Comment