Page 1 of 1
.ORG is signed
Posted: Mon Jun 08, 2009 11:05 am
by Sabre
I completely spaced and forgot to post
this.
Colleagues,
On behalf of PIR Technical Support I would like to announce that as of
today, 2009-06-02, at 16:00 UTC .ORG is DNSSEC signed.
The following KSK is now valid for .ORG
org. IN DNSKEY 257 3 7 (
AwEAAYpYfj3aaRzzkxWQqMdl7YExY81NdYSv+qayuZDo
dnZ9IMh0bwMcYaVUdzNAbVeJ8gd6jq1sR3VvP/SR36mm
GssbV4Udl5ORDtqiZP2TDNDHxEnKKTX+jWfytZeT7d3A
bSzBKC0v7uZrM6M2eoJnl6id66rEUmQC2p9DrrDg9F6t
XC9CD/zC7/y+BNNpiOdnM5DXk7HhZm7ra9E7ltL13h2m
x7kEgU8e6npJlCoXjraIBgUDthYs48W/sdTDLu7N59rj
CG+bpil+c8oZ9f7NR3qmSTpTP1m86RqUQnVErifrH8Kj
DqL+3wzUdF5ACkYwt1XhPVPU+wSIlzbaAQN49PU=
) ; key id = 21366
Please note that due to the use of NSEC3 this key should not be used
with BIND versions less than 9.6.0.
Please refer to
http://www.pir.org/dnssec for more information.
As always, please report operational concerns with any Afilias-hosted
zone to <noc at afilias-nst.info>
Dave Knight
Director, Resolution Services
Afilias
PIR Technical Support
URL:
http://www.pir.org
E-mail: techsupport at pir.org
Phone: +1.416.646.3308
Fax: +1.416.646.3305
VERY happy to see this. It's the first step in something that should have been done a long time ago...
Re: .ORG is signed
Posted: Mon Jun 08, 2009 11:27 am
by complacent
Sabre wrote:VERY happy to see this. It's the first step in something that should have been done a long time ago...
x eleventy.
Re: .ORG is signed
Posted: Mon Jun 08, 2009 5:18 pm
by schvin
yay!
Re: .ORG is signed
Posted: Tue Jun 09, 2009 7:53 am
by chicken n waffles
uh
k
so can any of you 3 ultra-dweebs tell the rest of us what this actually means for society?
Re: .ORG is signed
Posted: Tue Jun 09, 2009 8:39 am
by WRXWagon2112
chicken n waffles wrote:uh
k
so can any of you 3 ultra-dweebs tell the rest of us what this actually means for society?
Does this mean that until now .org web sites could not be made secure or something?
--Alan
Re: .ORG is signed
Posted: Tue Jun 09, 2009 9:59 am
by complacent
chicken n waffles wrote:uh
k
so can any of you 3 ultra-dweebs tell the rest of us what this actually means for society?
DNSSEC
As the interwebz move forward, dnssec will help to ensure that dns communications are in fact legit and not spurious. When we reach the point that all dns requests are signed, it will make it much easier to throw out malicious dns traffic and verify legit traffic - not a signed request, drop it. it'll be as simple statement at all devices.
CNs: Less dos, etc that utilize dns-based attackes (cache poisoning, etc) Eeees goot, celebrate.
Re: .ORG is signed
Posted: Tue Jun 09, 2009 10:38 am
by Sabre
hehe
Good explanation!
Re: .ORG is signed
Posted: Tue Jun 09, 2009 11:39 am
by chicken n waffles
aha.
yay!
Re: .ORG is signed
Posted: Tue Jun 09, 2009 12:48 pm
by Mr Kleen
ok, that
does sound good.
Re: .ORG is signed
Posted: Tue Jun 09, 2009 1:24 pm
by ElZorro
Dang, and I was having fun with DNS poisoning and zone transfers...
Re: .ORG is signed
Posted: Tue Jun 09, 2009 1:34 pm
by Libra Monkee
*goes cross-eyed*
*passes out*
*voids bowels*
*craves cheese*
Re: .ORG is signed
Posted: Tue Jun 09, 2009 2:19 pm
by chicken n waffles
Libra Monkee wrote:*goes cross-eyed*
*passes out*
*voids bowels*
*craves cheese*
and not necessarily in that order!