.ORG now signed with DNSSEC

Today PIR and Afilias jointly announced that the .ORG zone is now signed with DNSSEC. Like .GOV, .ORG is also using the NSEC3 algorithm, which means that versions of BIND prior to 9.6.0 will have problems securely resolving names under .ORG. As Ram Mohan of Afilias noted in his message to the dnssec-deployment list, there are still significant hurdles in getting the actual registrations signed. Not many registrars accept DS records from customers yet.

IANA's Interim Trust Anchor Repository goes Beta

ICANN announced the IANA Interim Trust Anchor Repository as a not-quite-yet-production service today. The ITAR is useful to people running validating resolvers until the root zone gets signed. It currently includes trust anchors for three ccTLDs (BR, CZ, SE) and the eleven experimental IDN TLDs operated by ICANN. IANA's policy is to only publish DS records in the ITAR. BIND users won't be able to import the ITAR anchors file directly since BIND currently takes only DNSKEY's as trust anchors.

Request for Data Related to ". IN NS" DDoS Attack

OARC is coordinating collection of DNS packet captures to assist researchers and security groups increase our understanding of some recent DDoS attacks (against ISPrime in particular). We'd like your help. You can help out by running the following shell script on nameservers that are receiving spoofed queries:
# tcpdump-to-oarc.sh
# This script captures DNS packets related to an ongoing
# DDoS attack and uploads them to DNS-OARC.  Current
# version can be found at https://www.dns-oarc.net/node/171

# You can set FROM to whatever you like.

Mr. DNS Lives!

Great news everyone! Matt Larson and Cricket Liu are resurrecting their Ask Mr. DNS advice column as a podcast:
Sadly, after Acme’s acquisition by VeriSign in 2000, Mr. DNS began the downward spiral into dissolution and iniquity so familiar to those in the public eye. When Matt and Cricket tracked Mr.

TechCrunch Article: Who Protects The Internet?

In his Who Protects The Internet? article, Matt Rutherford mentions something near and dear to us as an example of hackers, er, citizens protecting the Internet:
Just look at Dan Kaminsky, a computer consultant who discovered a fundamental flaw in DNS, allowing him control over any website online. This flaw was astounding in what it gave access to – yet Dan Kaminsky didn’t turn to a government agency or organization, or abuse the hack himself.