DNS topics at RIPE 88
Category: Tech matters
Blog home
RIPE 88 was held in May 2024 at Krakow, Poland. Here’s a summary of some of the DNS topics presented at that meeting that I found to be of interest.
How can you start a DNSSEC relationship between the parent and delegated child zone in a simple, robust, and fully automated fashion? RFC 8078 describes a way to automate the management of the parent-side DS record by using CDS/CDNSKEY records in the child zone, but the essential trust element that allows the parent to authenticate the CDS/CDNSKEY is DNSSEC itself. Once a DNSSEC relationship between parent and child has been set up, it can work effectively. However, the question remains as to how can this trust relationship be established for the first time?
An approach being proposed by deSEC’s Peter Thomassen is to use the nameservers that serve this unsecured zone. The assumptions are that:
/cdn.vox-cdn.com/uploads/chorus_asset/file/25544672/Jones_drives_the_solar_car_across_the_finish_line_at_the_Portofino_Hotel.jpg)
