[dns-operations] DNSSEC deployment in Sweden
Stephan Lagerholm
stephan.lagerholm at secure64.com
Wed Dec 28 16:17:27 UTC 2011
Hi Kjetil and congratulations to this extraordinary achievement and for making the Internet a much safer place.
May I ask you to provide some additional information on your signing system in terms of performance and HW used? I envision that it takes quite some time to sign all those zones? Are you using the same key for all zones? What key sizes are you using? How do you handle updates? How often do you resign? Etc?
Tack på förhand /Stephan
> -----Original Message-----
> From: dns-operations-bounces at lists.dns-oarc.net [mailto:dns-operations-
> bounces at lists.dns-oarc.net] On Behalf Of Kjetil Jensen
> Sent: Wednesday, December 28, 2011 9:23 AM
> To: dns-operations at lists.dns-oarc.net
> Subject: [dns-operations] DNSSEC deployment in Sweden
>
> Hi,
>
> I have been idle in this list and below is a short presentation of
> myself.
>
> My name is Kjetil Jensen and works at Binero as Registry Manager. My
> daily work is to ensure that the infrastructure around the domains and
> DNS are functioning here and are also involved in development, such as
> DNSSEC projects.
>
> Since January 2010 we run Anycast DNS for providing stability, security
> and reduced response times for our customers' domains. Our main
> provider
> of Anycast services are UltraDNS.
>
> Today we became ready to sign a bunch of domains, just over 100,000. SE
> domains have been signed with DNSSEC.
>
> The process has gone very smoothly, we are running hidden-master with
> PowerDNS that is doing the signing part.
>
> Some bugs have been discovered and patched by our provider Atomia and
> the hall of fame for that should go to Jimmy Bergman
> (https://twitter.com/#!/jimmybergman) for solving those for us.
>
> http://wiki.powerdns.com/trac/changeset/2314
> http://wiki.powerdns.com/trac/changeset/2318
> http://wiki.powerdns.com/trac/changeset/2320
>
> When those bugs was discovered we had to disable DNSSEC for the domains
> we ran in our first batch, therefor the stats may look a little awkward
> :)
>
> https://www.iis.se/en/domaner/statistik/tillvaxt?chart=per-type
>
> I hope in the future that we will see similar deployments, I only know
> of few such as with .CZ etc and ACTIVE 24, s.r.o.
>
> And also big thanks to Mats Dufberg (TeliaSonera), Jakob Schlyter
> (Kirei), Patrik Wallström (.SE) and Marc Lampo (EURid), we could not
> have experienced such seamless process without you.
> --
> Kindest Regards
>
> Kjetil Jensen
> --------------------------------
> Binero AB
> E-mail: kjetil.jensen at binero.se
> Switchboard #: +46 771-24 08 00
> Direct #: +46 8-525 090 55 Ext: #1007
> Cell #: +46 76 83 80 300
>
> Follow Binero on twitter http://twitter.com/binero
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
More information about the dns-operations
mailing list