Registrar DNSSEC Implementation Cheat Sheet
At the Public Interest Registry, our continued commitment to security is rooted in ensuring our Registrars can protect their customers from attacks such as pharming, cache poisoning, DNS redirection, and domain hijacking. We recently announced that three of our registrars, GoDaddy, DYNDNS.com, and NamesBeyond, have adopted DNSSEC and are offering added security protection to their customers. To ensure that all of our registrars know what to consider as they plan out their DNSSEC implementation, I wanted to highlight a “Registrar Implementation Cheat Sheet,” written by Shinkuro and Sparta that outlines operational considerations a Registrar should review, including important topics such as NSEC vs. NSEC3, Key Length, and Key Rollovers, as they plan their DNSSEC implementation.
The “cheat sheet,” created with the help of our “Friends and Family Registrars,” provides those that manage a name service for their customers, a reasonable set of DNSSEC configuration parameters. The goal is to identify configuration parameters that provide effective security without causing an undue burden on Registrars’ authoritative name service infrastructure.
At last count twenty six have passed OT&E, as our Registrars begin to make DNSSEC implementation a reality for their sites, , this “cheat sheet” is a must read and will prove to be a valuable tool and guide to ensure that appropriate steps are taken.