BIND 9.16 has improved DNSSEC support to the point where it can (finally) be called simple to use. This is excellent news for DNS administrators because it means there are now several options (viable alternatives being Knot DNS or PowerDNS) … Continue reading
Search Results for: DNSSEC
100’000 .ch domain names are secured with DNSSEC!
Imagine you want to visit your online banking website «www.example-bank.ch». Now, instead of getting the correct IP address your computer gets manipulated information and connects you to a website that is owned by a criminal. You wouldn’t notice but disclose … Continue reading
DNSSEC Usage in Switzerland is on the rise after widespread attacks on the Domain Name System
Attacks on the DNS System Cyber attacks on the DNS system are not new. Cache poisoning, Domain Hijacking and BGP injections of routes to public DNS resolvers happen regularly, but they usually don’t get much attention as they target the … Continue reading
Additional DNSSEC Training with PowerDNS on May 7 and 8
We announced 3 one day DNS trainings in the end of February and all three trainings where fully booked within 24 hours. We are happy to see so much demand for DNSSEC in Switzerland. We managed to add two more … Continue reading
DNSSEC training with PowerDNS in Switzerland
SWITCH is organising a one day DNSSEC training together with PowerDNS The training will be given at the following dates: 9.4. Zurich, SWITCH 10.4. Bern, Uni 11.4. Carouge HESGE The one day training will give you an introduction into DNSSEC … Continue reading
11th October 2017, DNSSEC key rollover of the root zone, be ready the key is here!
On the 27th September, ICANN announced the postponement for the KSK rollover. More information can be found here. written by Yves Bovard No, this is not a kind of secret message nor a new ice-cream. On 11th October 2017 the … Continue reading
DNSSEC Signing for .ch and .li on the Rise
The share of DNSSEC signed domain names in .ch and .li reached 1% for the first time in June 2017. While this is still a very low number compared to other ccTLDs, the number of DNSSEC signed domain names is … Continue reading
DNSSEC signing your domain with BIND inline signing
Update Dez 2020: We made an update for users with BIND 9.16. Update Nov 2017: DNSSEC zone signing as described here is outdated. We strongly recommend against the method described in this blog post. Newer BIND versions or other DNS … Continue reading
Taking Advantage of DNSSEC
According to measurements by APNIC’s Geoff Huston currently 16 percent of Swiss Internet users use a DNSSEC validating DNS resolver. If you want to benefit from the added security with DNSSEC in your network then I suggest you enable DNSSEC … Continue reading
SWITCH DNS/DNSSEC Audit
SWITCH is regularly assessing parts of the registry infrastructure in technical audits. The goal of these audits is to find operational or software vulnerabilities before attackers do. For 2013 we wanted to audit the DNS/DNSSEC related aspects of the registry … Continue reading
DNSSEC Deployment in .CH
It has now been three years since SWITCH officially signed the .CH and .LI ccTLDs. Since then adoption of DNSSEC for the .CH domains has been very slow. During the last few weeks we have seen a small increase, but … Continue reading
DNSSEC Signierungs-Algorithmus wechseln
Eine DNS-Zone zu signieren ist mit heutiger Software nicht mehr schwierig oder kompliziert. Die Schwierigkeiten im Betrieb von signierten Zonen sind selten angewendete Prozeduren, wofür teilweise noch die Software-Unterstützung fehlt, sei dies in der Signierungssoftware oder in Monitoring- und Debugging-Tools. … Continue reading
DNSSEC – Einführung zu DNS Security Extensions
Das Domain Name System (DNS) ist ein wichtiger Bestandteil des Internets. Aus Endbenutzersicht erscheint das Internet oft zusammengebrochen, wenn die Namensauflösung nicht funktioniert. In den letzten Jahren wurden Schwachstellen im Protokoll aufgedeckt, welche es erlauben, DNS-Antworten für einen DNS-Resolver zu … Continue reading
The .ch zone file will be published as open data
The Swiss Federal council adopted the lower laws to the telecommunicaiton act today. Amongst it is the Ordinance on Internet Domains that also regulates the ccTLD .ch. SWITCH-CERT welcomes the new ordinance and the smart regulation by the Federal Office … Continue reading
Growing support for open security standards in Switzerland
Open security standards are essential for a secure and resilient Internet in Switzerland and protect the privacy of Swiss Internet users. The adoption rate for Internet security standards like DNSSEC, DANE and DMARC in Switzerland is still low compared to … Continue reading