• Monday 9 April 2018 Internet security

    DNSSEC signatures in BIND named

    Most operators who run their own DNS services use BIND named, the most widely used DNS server software outside the world of the big registrars. BIND named can function as an (authoritative) name server and/or as a (caching) resolver. This article looks at the signing of a zone on an authoritative name server. The configuration of named as a DNSSEC validating resolver is dealt with in a separate article. BIND's DNSSEC functionality has developed incrementally over the past few years, to become a mature feature of this DNS server software. Because of the incremental development, there are significant differences between successive (minor) versions. Where possible and relevant, this article indicates the version from which the features described are supported. That is important mainly for users of enterprise platforms, which for stability and security reasons tend not to use the most recent software versions. There will also be cases where an existing BIND software installation has been upgraded by the package management system of the operating system, but the configuration in use is still based on an older version. We nevertheless recommend using the most recent version of BIND that you can, if for no other reason than that each successive version has bug-fixes and security-fixes absent from the earlier versions.

    Afbeelding van DNSSEC signatures in BIND named
    Read more
  • Wednesday 11 April 2018 Knowledge bank

    EPP 'key relay': a structural solution for the DNSSEC transfer problem

    Autumn 2013 This summer, a structural solution for the transfer of DNSSEC-enabled domains became available. SIDN's EPP interface has been extended to support a new 'key relay' command, meaning that a domain can now be transferred without interrupting its secure status. What's more, the transaction can be fully automated. Registrars and software providers can incorporate the new functionality into their own dashboards and interfaces thus make it available to their own users. A significant obstacle to further DNSSEC adoption has therefore been removed.

    Afbeelding van EPP 'key relay': a structural solution for the DNSSEC transfer problem
    Read more
  • Thursday 21 June 2018 Internet security

    A day's work becomes a one-click task

    Automated tool traces fake webshop networks

    Afbeelding van A day's work becomes a one-click task
    Read more