Duane Wessels
(Verisign)
29/09/2017, 09:40
Public Workshop
Standard Presentation
RFC 8145 ("Signaling Trust Anchor Knowledge") was published in April 2017. This RFC describes how recursive name servers can signal, to authoritative servers, the trust anchors that they have configured for Domain Name System Security Extensions (DNSSEC) validation. Shortly after its publication, both Unbound and BIND implemented the specification. As organizations begin to deploy the new...
Mr
Scott Rose
(NIST)
29/09/2017, 10:10
Public Workshop
Standard Presentation
We look at the results of multiple years of DNSSEC scanning to see how DNSSEC is being maintained in the .gov TLD. We look at signing algorithm use, hash algorithms use in DS RRsets and parameters used in NSEC3. We also look for trends and changes over time to detect algorithm rollovers and changes to NSEC3 parameters.
The goal of this work is to see how DNSSEC is being deployed and...
Mr
Moritz Müller
(SIDN)
29/09/2017, 10:25
Public Workshop
Standard Presentation
The Root Canary Project has the goal to monitor and measure the rollover
of the DNSSEC root KSK. In this project we use over 9000 RIPE Atlas probes and
ten-thousands of vantage point of the Luminati VPN network to continuously
monitor recursive resolvers during the 9 months period of the rollover.
From each vantage point we query for testing domains that have bogus and valid
signatures...
