After weeks of extensive testing, The Swedish Internet Foundation has successfully completed a shift from NSEC3 to NSEC for the top-level domain .nu, being the first large operator to do so.
After extensive testing and research, DNS Labs at The Swedish Internet Foundation is the first large operator to successfully complete a shift from NSEC3 to NSEC for the top-level domain .nu.
Having been trusted with operations for the TLD .nu since 2013, The Swedish Internet Foundation is confident that the already well-known top-level domain will remain stable and reliable using NSEC.
– When The Swedish Internet Foundation took over operations of .nu we didn’t want to make too many changes at the same time. Therefore, we continued to use the same DNSSEC configuration as before. In 2017 we started to publish our zone files which makes the use of NSEC3 redundant, but no larger TLD has ever successfully completed a shift from NSEC3 to NSEC, says Ulrich Wisser, senior DNS specialist at The Swedish Internet Foundation.
Leading the way forward, again
This is not the first time that the Swedish Internet Foundation is pioneering the way forward with DNS solutions. As early as September 2005 the .se zone was signed with Domain Name System Security Extensions (DNSSEC), as the first TLD in the world. DNSSEC for domain holders within the .se zone has been available since February 2007.
Stability over functionality
In the past two years, several other European TLDs have experienced reliability issues with their NSEC3 chains. This prompted DNS Labs to research these issues further and find a feasible solution to the .nu TLD.
Prior to implementing the change, DNS Labs made sure to take several crucial steps, ensuring a successful transition.
– Since August 2020 we have run extensive tests on the NSEC3 to NSEC transitions and felt confident in our ability to guarantee a smooth transition in November. We are currently evaluating the data captured by the time of migration and aim to present our results and findings early next year, explains Ulrich Wisser.
Future plans for DNS Labs
DNS Labs is a new department within the Swedish Internet Foundation that focuses on research and development and new technologies. The vision is to contribute to an even more robust and secure internet, focusing on and around DNS. They are continuously pushing the field of DNS management forward and new opportunities are on the horizon.
– We are already working on some interesting projects even though we are a small team. For example, the NSEC migration mentioned in this article and an upcoming project implementing CDS/CDNSKEY for both .se and .nu. During the next year we will be growing our team with the best and most motivated research/DNS engineers. We will then be able to increase the scope of our work, says Nicklas Pousette, Head of DNS Labs at The Swedish Internet Foundation.