DNSSECReport.com
Free DNS Reports, Key Monitoring, Software and Alerts
Home of Expert Advice in securing infrastructure that serves Domains
Download today's globally trusted keys (SHA256+) (SHA1)
On September 8, 2010, the daily report updated a validated set of trusted keys that will bridge the gap while the root zone/TLD key chains are built. The root key is SHA256 and is now distributed with the SHA-2 keysets containing
RSA SHA 256/512 DNSKEYs for our report. Since Bind9.6.1-P3 and earlier will not load the new RSASHA256 algorithm, we must deliver two trusted keysets. Your upgrade should be scheduled soon to 9.6-ESV or better to handle root signing. We suggest after upgrade to combine both keysets for a while to ensure validation.
As of March 12, DNSSECReport.com supports the testing of SHA-2! Try Me.
DNSSECReport.com converts, validates, and publishes keys for Top Level Domains from iTAR and add verified anchors that enable DNSSEC in islands not participating in iTAR, including the root.
To dynamically read the iTAR and update the Bind trusted keys, click here.
For a Keyset format of the same keys, click here.
Insert the Bind keys in your named.conf file and allow your
recursive validator to validate your internet traffic.
Today's file(s) contain 1 root, 73 TLD and children KSKs, including 5 SHA-2 keysets.
Online DNSSEC primer courses available to architect, upgrade and manage DNS Validation
Free Monitoring of Keys, Zone signing, and Rollovers to be offered at DNSSECReport.com
DNSSECReport.com will be releasing an automated DNSSEC service that
will monitor, email notify, and assist domain managers with the complicated
task of keeping domains secure with DNSSEC.
Service is free, registration required to store email address for alerts.