The Domain Name System Security Extensions (DNSSEC)
DNSSEC is a suite of Internet Engineering Task Force (IETF) specifications for securing certain kinds of information provided by the Domain Name System (DNS) as used on Internet Protocol (IP) networks. It is a set of extensions to DNS which provide to DNS clients (resolvers) origin authentication of DNS data, authenticated denial of existence, and data integrity, but not availability or confidentiality.
DNSSEC overview for .GLOBAL
|Field Name||Valid Values||Supported||Required|
|Key Tag||Inter between 0 and 65535||Y||Y|
|Algorithm||3, 5, 6, 7, 8, 10, 12, 13, 14||Y||Y|
|Max Signature Life||number >=1 default=3456000||N||N|
|Digest||1, 2, 3, 4||Y||Y|
|Digest Type||40 characters||Y||Y|
|Flags||0, 256, 257||Y||Y|
|Public Key||a base 64 value Spaces are not allowed||Y||Y|
- What version of DNSSEC is being implemented?
- Will the Registry require DS Data for DNSSEC?
- Yes, DS data is only required for domain registration should you wish to enable DNSSEC.
- Please confirm that DNSSEC zone file configuration of the domain is not required prior to sending DNSSEC EPP commands.
- No. It is NOT required.
- Please confirm that DNSSEC zone file configuration of the domain is not required prior to sending DNSSEC EPP commands. - If No, please provide a brief explanation.
- DNSSEC will work the same way it’s implemented for .info, .org
- Is the maxsiglife attribute enabled?
- What is the maximum number of DNSSEC records allowed per domain? Open-Ended Response
- If not supported at launch, please indicate when you expect to support DNSSEC. - Open-Ended Response
- Available at launch