Shyam Seshadri, Program Manager Windows Core Networking: I’m excited that I finally get to talk about what the DNS team has been working on for over a year. That’s right – DNSSEC. It’s in Windows, and it’s on its way.
<br><br>
DNSSEC is a suite of security extensions to the DNS which provide origin authority, data intergity and authenticated denial of existance. Putting that in plain English, DNSSEC allows for a DNS zone to be cryptographically signed (which produces digital signatures), and provides a mechanism for validating the authenticity of the data received using these digital signatures. Validating resolvers and servers must be pre-configured with a Trust Anchor, using which a "chain of trust" will be established to the signed zone. Data from this signed zone can then be validated.
<br><br>
The new and improved DNSSEC RFCs were published in 2005, and since then DNSSEC has seen a steady growth in attention. However this year, things took a much more dramatic turn mainly because of the vulnerabilities that were revealed at BlackHat by researcher Dan Kaminsky. More and more people are showing interest in DNSSEC as a good solution to lock down their DNS infrastructures.

This entry was posted on Thursday, November 13th, 2008 at 1:07 am and is filed under Hi-Tech blog. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.