[Unbound-users] (OT - FYI) US to implement DNSSEC for all .gov top level domains in 2009

7v5w7go9ub0o 7v5w7go9ub0o at gmail.com
Thu Aug 28 17:52:47 UTC 2008


The US government has called on all federal offices to take measures to 
prepare their domains for DNSSEC. Starting in January 2009, the US 
government will use DNSSEC for all .gov top level domains Second level 
domains for federal offices will follow. The move is the US government's 
reaction to the increasing threat of cache poisoning attacks on name 
servers, which make it possible to redirect even .gov addresses to 
servers controlled by criminals.

With the DNSSEC extension, all responses to a name server are signed, 
allowing the recipient to verify via public key infrastructure (PKI) 
whether they are authentic responses derived from the responsible name 
server. International implementation of DNSSEC has so far been hampered 
by disagreements over who would control the PKI.

While the implementation schedule for DNSSEC appears to be rather 
generous, federal offices tend to move rather slowly. Government offices 
are scheduled to have their initial plans for the implementation ready 
by early September. By December 2009 DNSSEC is supposed to be 
established for all second level domains under .gov.

More information about the Unbound-users mailing list