Can you say knee jerk reaction?
I know since the DNS vulnerability that was announced a while back a lot of people have been making plans to move to DNSSEC. Well now the government has set a mandate to move all the .GOV domains to DNSSEC.
I am all for DNSSEC because at this time it is the best working model to reduce the risk that threaten traditional DNS. My concern is how is this “mandate” going to be implemented? DNSSEC is not a simple task to deploy. I can’t imagine that anyone is claiming this won’t be a major undertaking. You have the RRSIG, the DNSKEY, the DS, and the NSEC which are all new records that need to be created and validated. In addition to the control of the private key used for signing.
InfoSecEvents has more about the top level .GOV domains moving to DNSSEC here. I would like to know if your company is considering going to DNSSEC so please post in the comments your views.
I really think DNSSEC is a good logical next step but I worry about this being more a “knee jerk reaction” rather then a well laid plan. I would like to know what your thoughts are on DNSSEC? Please post in the comments.
