SURFnet and security are like Cain and Abel. That’s obvious to anybody who has been the subject of DDOS attacks or has been in contact with SURFcert. From the beginning, SURFnet has always paid a lot of attention to security in connection with the Internet, the SURFnet network, and the networks of its connected institutions.
One of our goals with this blog has been to share what we have learned from our DNSSEC deployment with our constituency and the wider Internet community. Last month we performed a complicated operation on our DNSSEC signer deployment: we migrated from the existing signer setup to a completely independently running new signer. We had prepared this migration beforehand and the migration was a big success; all our signed domains were migrated safely while remaining secure.
Karl Kapp’s latest book offers best practices, design considerations, and pragmatic recommendations that will surely change the way you think about enhancing your learning initiatives through the use of games.
Bron: https://learningsolutionsmag.com/articles/915/book-review-the-gamificat…
VU-onderzoeksinstituut LEARN! organiseert een interessante lezing over de waarde van computerspellen voor de ontwikkeling en het leerproces van kinderen.
Today we published the Final report DNSSEC in SURFdomeinen describing our DNSSEC deployment. This will be the last post for a while on our DNSSEC deployment, we are going to continue later this year. In the mean time, I will try to post updates when I have interesting information available for instance about the validation rate as the year progresses.
One of the things we discovered while we were rolling out our deployment is that it is very important to monitor the availability of signed zones (see also this post by Migiel de Vos on monitoring). We have deployed default monitoring based on Nagios, with checks that verify if all signer components are running. One of the things we cannot check that way is whether signatures are valid for long enough. And that is a very important indicator of the status of the signer. Even if the signer daemon is running, that does not guarantee that it is actually resigning the zone correctly.
DNS is currently a “once it runs, never touch it again” infrastructure. This changes with the introduction of DNSSEC. Managing a DNSSEC signed zone involves a continuous effort of resigning zones and generating key material. Apart from that, DNS is a fundamental Internet protocol, thus the changes required to implement DNSSEC have an impact at many levels of the Internet infrastructure. In turn, DNSSEC is affected by many network elements. The result of this is that there are potentially some operational issues that might affect a DNSSEC signed zone.
