DNSSEC -- Living and Loving Life after Kaminsky; Or: How I overcame my fear and signed my zones


With the fear and uncertainty caused by Dan Kaminsky's new attack vector against DNS, the subsequently mandated deployment of DNSSEC into the .gov namespace, and the political debate surrounding the signing of the root zone, the race is on to secure DNS. This talk will explain the recent events that lead up to the government mandate and will help the system administrator and their managers to understand the next steps towards deploying a safe end-to-end DNS infrastructure. The talk will provide an overview of DNSSEC, its interoperability with existing DNS, and will outline the steps required to begin testing and deployment of DNSSEC. Examples of configuration and deployment of DNSSEC will be given using ISC's BIND[1].

Download Resources