Ulrich Wisser is a former DNS and EPP expert at The Swedish Internet Foundation.
Zone files contain an awful lot of TTL values, and sometimes it is good to take a step back to see if what you've set up is still meaningful. We took a deeper look at our TTL values and it seems an extreme TTL makeover is called for.
Two informative days has gotten The Swedish Internet Foundation acquainted with open source hardware security modules developed by CrypTech.
On the 16th of September the ICANN board made the final decision to go forward with the Key-Signing-Key (KSK) Rollover in the root zone. After an earlier roll got cancelled, it is now set in motion again.
Most probably by now you are tired of all the talk about rolling the root KSK. Yes, we are too! So, today we are not going to talk about that one.
No, of course we won't change the name of the TLD, just the hostname of some of the name servers serving the .nu zone.
At The Swedish Internet Foundation we are very security concious. We were the first TLD in the world to sign their zone with DNSSEC. Being on the forefront of things is a nice feeling, but sometimes you get to feel the pain of it. Having signed so early means that at the time there was only one algorithm to use, RSA-SHA1. The security of SHA1 has been discussed in the community for some time now and even though there is no need for panic, there are more secure alternatives available today.
Let's talk Root KSK Rollover! If you run your own resolver at home, or at the office, you need to act now. Let us show you how.
As preparation for the changing of keys used in the .se zone I have done some tests about packet sizes with different key sizes and algorithms. Currently the .se zone is signed by a 2048 bit Key Signing Key (KSK) and a 1024 bit Zone Signing Key (ZSK) both in RSA-SHA1 format.
In January 2017 The Swedish Internet Foundation started a new service "IIS Anycast". We offer our registrars a secondary DNS. We do this in cooperation with CIRA (the Canadian ccTLD Registry). Our secondary DNS is a DNS anycast network.
On my way back home from the IETF93 meeting in Prague I decided to do a small summer project. For a long time I have wanted to run my own DNS resolver. Lately I had considered to run it on my Synology NAS. But my NAS is already stretched by all the applications running. So I decided to use one of my Raspberry Pi's to do the job. Now, after some runs of the washing machine, I am ready to go.
I vårt nyhetsbrev kan du läsa mer om våra olika satsningar som exempelvis Internetkunskap, Internetmuseum och rapporten Svenskarna och internet. Mer kunskap helt enkelt!
I vårt nyhetsbrev kan du läsa mer om våra olika satsningar som exempelvis Internetkunskap, Internetmuseum och rapporten Svenskarna och internet. Mer kunskap helt enkelt!
