Introduction to DNSSEC: Principles and Practice

Here are the materials for my DNSSEC talk at Networkshop on 1st April 2014.

I gave a beta test version of the talk as a Computer Lab Security Seminar on 25th February 2014, and as a UIS staff seminar on the 25th March. I revised the talk before Networkshop.

You can view the slides (pdf) although they are much less informative than the notes (pdf). The talk included two live demos: the two sets of slides between the Montparnasse train crash and "the most interesting man in the world" were contingency planning in case the demo failed.

The source code for the talk materials and the setup of the demo servers can be found on our git server.


This talk is a quick introduction to DNSSEC, the Domain Name System Security extensions. DNSSEC is interesting because it does more than just add tamper-proofing to the DNS: it is also a new public-key infrastructure.

The talk will describe the security features that DNSSEC adds (and does not add) to the DNS, and how the DNSSEC PKI can support other protocols such as SSL/TLS and SSH.

To be useful, DNSSEC needs to be widely deployed. The talks will demonstrate that switching on DNSSEC can be straight-forward, and will mention some of the traps and pitfalls that can catch the unwary.