DNSSEC Deployment in the IE ccTLD


Billy Glynn - IEDR

This presentation will give a brief update on DNS vulnerabilities from an Irish perspective and details of how DNSSEC mitigates many of the current risks inherent in the DNS protocol.

DNSSEC provides data origin authentication and data integrity verification to the DNS through the use of public key cryptographic signatures. Public key cryptography uses asymmetric key algorithms of mathematically related key pairs in the form of a secure private key and a published public key. The combination of the key pair enables the verification of the authenticity of a DNS message through the creation of a digital signature of the DNS data using the secure private key. These keys are used to sign zone data. The IE zone contains the entire list of Internet addresses ending in dot IE.

Since early 2010, IEDR have been running a DNSSEC test-bed, evaluating DNSSEC related hardware and software and building the IE DNSSEC infrastructure. This presentation will give an update on the deployment status of DNSSEC from around the globe along with details of the production deployment of DNSSEC in the IE country-code top-level domain (ccTLD).