You are here

Evaluate DNSsec signing

Project ID: 
100
Current stage: 
Manager: 
Unit: 
Summary: 
Evaluate DNSsec implementation
What: 

We are already running (some) DNSSEC-validating resolvers. That side of things seems to bave gone through fairly straightforwardly.

The other side of the coin is for us to sign our zones. While that sounds simple enough in principle, there are sufficiently many knock-on implications for the way we do things that a full-scale evaluation should be done before we progress to an implementation, as we may be stuck with it for some time afterwards.

Why: 

Customer: All

Case statement: DNSsec is (finally) coming. The root, quite a few TLDs including uk, and ac.uk are all now signed, though ed.ac.uk isn't yet. It's time we took a proper look at it to see what would be involved in signing our own zones.

When: 

Status:

Timescales:

Priority:

Time:

How: 

Proposal:

Resources: Thinking time!

Plan: Read. Think. prototype. Test. Write.

Other: 

Dependencies: Becomes more pressing once ed.ac.uk is signed.

Risks: There aren't really any risks as such. The most likely risk if we don't do the project is that once ed.ac.uk is signed some external or research requirement comes along which would require inf.ed.ac.uk or some other of our zones to be signed. It'll happen sooner or later, so we should be ready beforehand.

Milestones

Proposed date Achieved date Name Description