Speakers
Mr
Geoff Huston
(APNIC)Mr
George Michaelson
(APNIC)
Description
With the implementation of a signed root in the DNS, we are now in the initial phases of widespread adoption of DNSSEC. There has been much in the way of surveys of DNSSEC adoption in terms of signed domains, but fewer measurements and studies in the level of use of DNSSEC validation by DNS resolvers and end clients using such resolvers.
The recent announcement by google regarding the use of DNSSEC validation in their public DNS product (8.8.8.8) has increased interest in this topic.
We have been undertaking a novel form of measurement of DNSSEC that uses online advertizing channels to enroll a large number of clients internet-wide to undertake specific DNS tasks that include aspects of DNSSEC behaviour. in this presentation we will explore the methodology, and present some initial findings related to the extend of DNSSC validation by clients, and the behaviours of DNS resolvers when presented with both valid and invalid DNSSEC keychains.
Primary author
Mr
Geoff Huston
(APNIC)
Co-author
Mr
George Michaelson
(APNIC)