• Tuesday 24 July 2018 Knowledge

    With a new domain name in Google? Here's how to stay findable

    Your domain name is a trading name, that generates business and therefore has value. Prevent customer desertion!

    Afbeelding van With a new domain name in Google? Here's how to stay findable
    Read more
  • Monday 9 April 2018 Knowledge bank

    Support for secure transfer of signed domains now complete

    February 2014 Although DNSSEC was formally introduced to the Netherlands in 2012, the transfer of secure domains remained a problem for a long time. After all, when transferring a signed domain, the registrant will normally want to know that the domain will remain secure, not only after the new registrar takes control, but also while the transfer is in progress. A transfer protocol that made that possible was devised several years ago by Antoin Verschuren, Technical Advisor at SIDN, and has since been standardised by the IETF. However, the new transfer procedure required the receiving registrar and the releasing registrar to exchange key material: something that SIDN's registry interface didn't support at the time. Last year, a new EPP command was therefore developed: key relay. Now that PowerDNS — the most widely used DNS server for signed domains — officially supports the publication of external key material, the chain is complete. Signed domains can now be transferred between registrars securely and automatically. In the summer, Monshouwer became the first registrar to implement and use the entire transfer protocol.

    Afbeelding van Support for secure transfer of signed domains now complete
    Read more
  • Monday 9 April 2018 Internet security

    DNSSEC signatures in BIND named

    Most operators who run their own DNS services use BIND named, the most widely used DNS server software outside the world of the big registrars. BIND named can function as an (authoritative) name server and/or as a (caching) resolver. This article looks at the signing of a zone on an authoritative name server. The configuration of named as a DNSSEC validating resolver is dealt with in a separate article. BIND's DNSSEC functionality has developed incrementally over the past few years, to become a mature feature of this DNS server software. Because of the incremental development, there are significant differences between successive (minor) versions. Where possible and relevant, this article indicates the version from which the features described are supported. That is important mainly for users of enterprise platforms, which for stability and security reasons tend not to use the most recent software versions. There will also be cases where an existing BIND software installation has been upgraded by the package management system of the operating system, but the configuration in use is still based on an older version. We nevertheless recommend using the most recent version of BIND that you can, if for no other reason than that each successive version has bug-fixes and security-fixes absent from the earlier versions.

    Afbeelding van DNSSEC signatures in BIND named
    Read more