As the Internet world moves slowly towards implementing DNSSEC, this session aims to start at the basics of DNSSEC and goes on to discuss implementation details as well as best practices, some of the most common mistakes that happen during and after deployments and finally what's in store for the near future.
Basics
Will discuss the following topics :
Introduction to DNSSEC
Why DNSSEC is needed
New RR records — DNSKEY, DS, NSEC and RRSIG
Keys
Relationship between the new RR records and keys aka Chain of Trust[demo]
Implementation
Things to consider before you implement
Setup at Mozilla, before and after
Commands
Config changes
Steps to switch
Verification [demo]
Possible issues to be aware of
Errors
Mistakes I made, Security Lameness and log levels
The Future
Where we stand with DNSSEC today
Possible issues that delay DNSSEC implementation
Data from Mozilla (before and after DNSSEC)
Possible changes to Firefox/Other Software
