Linux Today: Linux News On Internet Time.

Open-source Project Aims to Makes Secure DNS Easier

Jul 31, 2009, 15:33 (0 Talkback[s])
(Other stories by Jeremy Kirk)

"With DNSSEC, DNS records are cryptographically signed, and those signatures are verified to ensure the information is accurate. Adoption of DNSSEC, however, has been held back by both the complexity of implementation and a lack of simpler tools, Dickinson said.

"To sign DNS records, DNSSEC uses public key cryptography, where signatures are created using a public and private key and implemented on a zone level. Part of the problem is management of those keys, since they must be refreshed periodically to maintain a high level of security, Dickinson said. A mistake in managing those keys could cause major problems, which is one of the challenges for administrators."

Complete Story

Related Stories: