Mar 8 – 9, 2018
Centro de Convenciones de Puerto Rico
America/Puerto_Rico timezone

DNSSEC for a Complex Enterprise Network

Mar 8, 2018, 2:00 PM
209-BC (Centro de Convenciones de Puerto Rico)


Centro de Convenciones de Puerto Rico

100 Calle Guamaní San Juan 00907 Puerto Rico
Standard Presentation Public Workshop Public Workshop


Pallavi Aras (Salesforce) Shumon Huque (Salesforce)


This talk will give an overview of our planning and efforts so far to deploy DNSSEC for a large enterprise with a complex infrastructure, involving the services of several managed DNS providers. It will start by outlining our specific requirements and design choices (e.g. signing algorithms, authenticated denial mechanisms, signing of dynamically generated records, key rollover schedules, scaling and performance considerations, etc.). Many prominent managed DNS providers have significant limitations in the extent of their DNSSEC support. We will survey DNSSEC capabilities in several of the managed DNS providers, pointing out where they excel, and where they fall short, based on testing we've performed. We will discuss relevant discussions with the vendors and the status of several feature enhancement requests that we've made. A key challenge is the requirement for supporting multiple distinct DNS providers simultaneously, which further complicates the planned implementation, and we will outline several strategies around this. One additional desired goal of this talk is to stimulate a community discussion of what capabilities need to be widely available in DNS providers for successful DNSSEC deployment at many large enterprises.
Talk Duration 30 Minutes

Primary author

Shumon Huque (Salesforce)


Pallavi Aras (Salesforce)

Presentation materials

There are no materials yet.