Exploring some insights of the #DNS root servers, and I discovered this small bump of NOTIMP repsonse codes of a.root-servers.net, operated by #Verisign. I checked other server instances with public statistics, and also k.root-servers.net, operated by #RIPE observed an uptick in REFUSED responses at around that time.
Does anyone have a clue what was going on last year shortly before the Christmas days?
Who Do You Trust? Exploring the Transitive Trust Graph of Delegated TLDs
Matthew Thomas (#VERISIGN) demonstrates how mapping resolution dependencies reveals fragile points in DNS infrastructure.
State of PQC for DNSSEC
Joe Harvey (#VERISIGN) surveys current measurement studies and challenges as the community prepares for post-quantum cryptography in DNSSEC.
A Break in the Case of Old J-Root Query Traffic
Duane Wessels (#VERISIGN) revisits a 20+ year mystery: why do resolvers still send hundreds of queries per second to J-root’s old IP? Hear how a long-standing bug was rediscovered.
I am just wondering, and this is a question to the #infosec community:
Can't you migrate a #TLD from one server to another including #DNSSEC by first testing your setup with a #canary zone? #Cloudflare speaks about challenges in having RSA/SHA256 on #Verisign's end, but ECDSA P-256 on their end.
I am just thinking, can't you kick this off by constructing a canary zone with similar parameters and test the migration & key-roll-over prior to touching any relevant zones?
Alternatively, sample the zone into chunks and migrate chunk by chunk?
Just a few thoughts on how to reduce risk of #DNSSEC during the migration from zones.
In January 2023, #Cloudflare replaced #Verisign in providing #DNS #registry services for the .gov #TLD. Besides the registry, they also run the authoritative #nameservers.
Verisign ran it for 12 years, and cost the #US #government apparently just half as much as Cloudflare charges ($7.2M).
Cloudflare is to take over registry services for the US government's .gov domain, ending Verisign's 12-year run. It seems .gov manager CISA, the Cybersecurity and Infrastructure Security Agency, opened the contract up for bidding last August and awarded it to Cloudflare in mid-December. The deal is worth $7.2 million, Cloudflare said in a press release
Företagen som äger internets toppdomäner är inte många. I alla fall är de företag som äger många toppdomäner väldigt få. Toppdomäner är bland annat de olika ländernas domäner som exempelvis .dk eller .se liksom domäner som .com och ,org. Väldigt många av dem ägs av ett litet antal företag. De företag som äger toppdomäner kallas registry-företag vilket skiljer sig från registrars som är företag som säljer domäner till företag, föreningar och personer.
https://blog.zaramis.se/2025/06/16/foretagen-som-ager-internets-toppdomaner/
Max Resing
DNS-OARC
Yonhap Infomax News
Anders_S
Newsramp
uhuru