/plushcap/analysis/cloudflare/dk-dnssec

Changing Internet Standards to Build A Secure Internet

What's this blog post about?

Cloudflare is working with registrars and registries in the IETF to make Domain Name System Security Extensions (DNSSEC) easier for domain owners. Starting with .dk domains, they will enable DNSSEC automatically over the next two weeks. DNSSEC verifies the integrity of DNS answers by signing every DNS answer so clients can verify if it has been manipulated during transit. The challenge is that for a domain to have the opportunity to enable DNSSEC, its DNS provider, registrar and registry all need to support DNSSEC and the same encryption algorithms. Cloudflare proposes a new model for how DNS operators, registries and registrars could operate and communicate to make specific user-authorized changes to domains. The .dk registry has also recognized the outdated model and provides users with a programmatic way of installing and updating DS records.

Company
Cloudflare

Date published
April 12, 2017

Author(s)
Dani Grant

Word count
660

Language
English

Hacker News points
None found.


By Matt Makai. 2021-2024.