exanames

As of today the DNS root zone has been signed with DNSSEC. Now that the root zone is signed you might want to make use of it. We give some example configurations for BIND and Unbound on how to do this.

Starting this week, we offer the Exanames (the product) to registrars. With Exanames, registrars can sell their customers DNSSEC as part of their products without the effort of implementing DNSSEC on their own.

Specifically, Exanames automates the processes involved in DNSSEC and simplifies its use drastically. Some key features include:

• Regular domain resigning for updated signatures.
• Automated Zone Signing and Key Signing key rollover.
• Public key submission at parent zone.

Product conditions and details can be found here: http://exanames.com/products/reseller

We are still in the first phase of this product, so we are very curious about your feedback. You can always send us a mail as indicated on the reseller page, or use the associated Get Satisfaction page.

As of the 31st of March 2010 we have published our DNSSEC key for the domain exanames.de into the DENIC DNSSEC testbed.

If you want integrated DNSSEC validation in your browser and are running Firefox, you can check out the DNSSEC Validator which puts a little key in your location bar for DNSSEC-validated sites. The page with the corresponding announcement (CZ) looks like this

Testing it with the usual suspects works flawlessly: nic.cz, iis.se, ripe.net, isc.org, pir.org

As of today around 18:00 UTC L-root, one of the 13 root-servers started serving the deliberately unvalidatable root zone. This is the first publicly visible step of the roadmap towards a fully signed root zone.