Again, DNSSEC Updates Shouldn't Impact You Minor problems could surface, mostly within business networks Yesterday we noted how next week's upgrades of the thirteen root DNS servers with DNSSEC security upgrades probably wouldn't be noticed by most customers, despite some claims to the contrary. Comcast and even OpenDNS CEO David Ulevitch stopped by in our comments to reiterate this fact. The upgrades are designed to help protect the DNS system from cache poisoning and man in the middle attacks, and while some older networking gear will struggle with the upgrade, a consultant tells itNews that if there are ripples felt -- they'll be in enterprise environments: Tonkin expects that the larger Internet Service Providers will have addressed the issue, so most home internet users will be unaffected. "I'm not entirely sure all ISPs will be prepared, but I imagine the major ones are," he said. "ISPs tend to do DNS translation for you. But it is likely to have a big impact in the corporate environment, where you might run your own DNS server and infrastructure." Again, as many people well-versed in DNS note in our forums, the vast majority of residential broadband users have nothing to worry about.
|
  GlenQuagmireGiggidy Giggidy Giggidy GooPremium
join:2004-02-16
Grand Rapids, MI | DNS FAIL I break the DNS all of the time, one little mistake and no Internets (f$##ng MX records). They are so going to break the root servers.
--
Yes, its stuck in a windows this time. | |
|  |  Noah VailSon made my AvatarPremium
join:2004-12-10
Lorton, VA
kudos:1
 ·Bright House
 ·Sprint Mobile Br..
| Re: DNS FAIL said by GlenQuagmire:I break the DNS all of the time, one little mistake and no Internets (f$##ng MX records). They are so going to break the root servers. Please tell me you forgot the sarcasm tags.
NV
--
In my perfect religion, a giant hole appears and sucks up all the lousy people.
I call it the Crapture. | |
|
neftv
join:2000-10-01
Broomall, PA | I know I know!! I know that DNSSEC will not break the internet but why wouldn't we all want to have the extra security feature to make a standard with all ISPs?
I was not going on the idea of breakage but for the security feature it brings. | |
| | |
| | And you can check for yourself for comfort... In constructing »netalyzr.icsi.berkeley.edu/ (netalyzr), this was one area we were specifically concerned about (I'm a random participant in the IETF's DNS areas), so we include a comprehensive set of checks for both the client->internet connection and resolver->internet connection for transport issues which may affect DNSSEC's deployment. | |
| |  Romney2012Defeat Obama 2012-Chg we can believe inPremium
join:2002-03-03
USA
kudos:4 | Re: And you can check for yourself for comfort... said by nweaver:In constructing » netalyzr.icsi.berkeley.edu/ (netalyzr), this was one area we were specifically concerned about (I'm a random participant in the IETF's DNS areas), so we include a comprehensive set of checks for both the client->internet connection and resolver->internet connection for transport issues which may affect DNSSEC's deployment. A very good tool to check how your internet connection is working. I have used it for a long time.
--
Are you happy with your rep in Washington, DC? | |
|
 TSI GabePremium,VIP
join:2007-01-03
Chatham, ON
kudos:2
1 edit | DNSSEC Look...I happen to know one of the guys that is working on this very project through ICANN and I can assure you that it's in very good hands.
There is really nothing to be worried about. | |
|
| |
|
|
·