From OpenDNSSEC to Knot DNS
Guest Post: How to use Knot with HSMs, seamlessly transition from OpenDNSSEC, and switch to in-memory keys.
Tag: DNSSEC
Signing the root in public: The foundations of trust
Inside the ceremony that safeguards global DNSSEC, and why community oversight still matters.
[Podcast] Downloading the root
Geoff Huston discusses the DNS root zone and how query load at the root could be reduced by using trusted local copies of the zone.
[Podcast] DNS computer says ‘NO’
Geoff Huston discusses novel ways to make saying ‘no’ in DNSSEC cheaper and faster, and explores the standards process around formalizing this choice.
How to convince your boss to deploy DNSSEC and RPKI
An improved strategy to advocate for DNSSEC and RPKI deployment.
Three of the best: Security
Here are APNIC Blog’s top three posts related to security for 2024.
[Podcast] Post-Quantum Cryptography
Geoff Huston discusses Post-Quantum Cryptography in Internet protocols and the DNS in particular.
Post-Quantum Cryptography
Using Moore’s Law, a computer 20 years into the future is predicted to be around 10,000 times more capable than today’s computation capabilities. Geoff Huston explores some practical implications.
[Podcast] Measuring DNSSEC keying ‘drift’ between parent and child
An analysis of CDS and CDNSKEY records looking at mismatches between child and parent, and the nameservers for the zone.
Web PKI: How to protect a popular security service?
Guest Post: Lessons learned from a study on the interrelation of CAA, CT, and DANE in web PKI deployments.