Twelve years ago I was invited to present on #DNSSEC in Moscow. Quite the show actually: we had simulataneous translators (think: EU parliament) who translated my English to Russian and back for questions from the audience.
Imagine my surprise when I met @krisbuytaert there: he too had been invited to give a talk.
The stay was great: it allowed me to brush up on my Russian: I learned how to pronounce 'nyet'.
"Because of the lack of clear signals of general adoption of DNSSEC over three decades, is it time to acknowledge that DNSSEC is just not going anywhere? Is it time to call it a day for DNSSEC and just move on?"
There are add-on scripts to do this, and it’s not that hard to roll your own. But until automated key rollover is built in to major authoritative servers then IMO DNSSEC will remain stuck in neutral.
@iuvi Hi there, you can create accounts and access them through Tor! We even created a tutorial on YT which is available here: https://youtu.be/oXv3llPIfvo
This is quite rare - the C root-servers are out of sync with the rest of the world by 3 days. Since that time there have been no changes in the root zone, except for DNSSEC signature updates. It appears all C instances (operated by #cogent) are serving an outdated zone. For now this has no operational impact, but that might change #DNSSEC
Cogent is in the midst of three different peering disputes, with Tata, NTT, and HE, so their connectivity is pretty limited at the moment. Most people cannot reach https://http://c.root-servers.org for instance.
There's been a lot of conversation in different channels about whether this is sufficient to call their competency to run a root into question.
»Cloudflare-Alternative:
19 Cloudflare-Alternativen im Überblick«
Hat jemensch von euch Erfahrung mit eines diesen Alternativen oder gar sogar mit einer nicht aufgeführten? Wenn ja, welches könnt ihr aus welchen Argumente und Gründen empfehlen?
(Ich zweifle immer noch welches am "sichersten" und "daten sparsam" ist)
@kubikpixelhttps://www.keycdn.com/ hatte ich mal verwendet, ist aber schon sicher 5 Jahre her. Hat gut funktioniert. Kommt aber halt immer drauf an, was man will und benötigt. Alternative wäre ein VarnishCache, falls es nur um Caching geht.
"DNSSEC Bootstrapping allows the child zone operator to publish a signed copy of the child’s CDS/CDNSKEY records under a different name that has an existing chain of trust."
We have new KSK for the root!
Today a mega ceremony was held where new HSMs were introduced and a new root key was generated in them. This key will be pre-publicated at the end of this year, and the rollover will be at the end of 2026. It'll be the third in the history of the DNS. The first was in 2010 and the second in 2017. #dns#dnssec