2023-09-05 (Updated: 2023-09-06 )

Verisign, the operator of the registries for the COM, NET, and EDU top level domains, is rolling the cryptographic algorithm used to DNSSEC sign all three of their registries.

2023-01-05 (Updated: 2023-01-05 )

I’ve seen more than a few questions on mailing lists and on chat servers about migrating DNSSEC-signed zones between different server software. These are the steps I used to migrate a number of signed zones to Knot from BIND.

2009-06-02 (Updated: 2009-06-02 )

The .org TLD has been DNSSEC signed! And I got to flip the switch.

2009-02-22 (Updated: 2010-02-15 )

It’s generally accepted in the DNS community that using a stateful load balancer in front of DNS servers is a bad idea. Here I present one alternative that doesn’t require running routing daemons on the servers themselves.