05-18, 11:00–11:50 (UTC), Main Track
When you ask for the IP address for Google/Facebook/Amazon, how do you know you can trust the answer?
DNS was originally designed in the early 80's. Since then the internet has grown astronomically and many flaws and shortcomings in the original protocol have been discovered and fixed
One of the largest extensions to the DNS protocol are the DNS Security Extensions, or DNSSEC.
DNSSEC makes it possible for authoritative servers to sign their responses, and for recursive resolvers to authenticate those reponses.
I've worked at ISNIC, the .is domain registry since 2007.
We signed the .is zone in 2013 and in 2022 we migrated to a new infrastructure for signing and publishing the .is zone.