13 Things to Consider Before DNSSEC

Speaker: John Kristoff

The domain name system (DNS), a key component upon which much of the Internet communications relies, has undergone intense scrutiny and analysis the past few years. DNSSEC, a suite of extensions that helps address some potential problems, has been gaining steam and is set to see a significant increase in deployment beginning this year. Yet, there are at least 13 things that organizations who rely on DNS, which is to say everyone, should consider with or without DNSSEC, but ideally before embarking on their own DNSSEC roll-out.

In this session, we will highlight 13 of the most important questions an organization should be asking about their own usage of DNS. While DNSSEC is an important technology, none of the answers require DNSSEC as the answer. The answers include all the types of things a proper DNS implementation should have even before DNSSEC. How well do you fare?

The 13 topic areas include:

1. Authoritative name server RRset size
2. Geographic and network diversity DNS servers
3. Parent and child delegation consistency
4. Open Resolvers
5. Answer spoofing protection
6. Domain name registration protection
7. Co-mingled services on DNS servers
8. DNS server administrative processes
9. DNS server physical resource limitations
10. TCP and DNS
11. Monitoring and auditing
12. Time synchronization
13. IETF RFC 2870