Groesbeek, view of the 'National Liberation Museum 1944-1945' in Groesbeek. © Ton Kersten
Fork me on GitHub
Posts tagged as dnssec

pa1ton.nl secured with DNSSEC

2010-11-25 (79) by Ton Kersten, tagged as dnssec

Last week I wrote that I asked the .nl TLD maintainers to add the DS records for pa1ton.nl to the .nl zone.

And yesterday the big moment was there.

Have a look.

Secure DNS for pa1ton.nl

I just verified this with SIDN and I am number 7 on the list of DNSSEC secured domains in the Netherlands.

Wow, that's really quick! smiley

DNSSEC Update

2010-11-17 (78) by Ton Kersten, tagged as dnssec

Some time ago I blogged that my zones are signed and now it's possible to add the DS key to the .nl zone.

This still is a manual process, but I opted in with my pa1ton.nl domain. The .com TLD isn't signed yet, so the tonkersten.com is still to be done.

I also updated some scripts and things to make it work better smiley

First I need the ZSK and KSK and I generate them like this:

dnssec-keygen -e -a NSEC3RSASHA1 -3 -b 2048 -n ZONE pa1ton.nl
dnssec-keygen    -a NSEC3RSASHA1 -3 -b 2048 -n ZONE -f KSK tonkersten.com

This enables the NSEC3 options for the zone.

And signing the zones is done like:

dnssec-signzone           \
    -v 3                  \
    -3 34A3               \
    -A                    \
    -d keys               \
    -K keys               \
    -N unixtime           \
    -f pa1ton.nl.signed   \
    -o pa1ton.nl          \
    -S pa1ton.nl

It will take a couple of days for the DS keys to appear in the .nl TLD.

I will keep you posted.

DNSSEC for tonkersten.com and pa1ton.nl

2010-08-23 (65) by Ton Kersten, tagged as dnssec

Last night (Aug. 22 2010 at 00:25:47) SIDN signed the Dutch .nl zone and made it public. This is, of course, reason for a party and calls for the signing of my own zones. Unfortunately it's not possible to use secure delegation, but that's something for the future.

I do have two domains up and running and I signed them both.

Read more »