Effective 31 October 2005, PIR will have available a
DNS Security (DNSSEC) testbed for the .ORG registry.
DNSSEC is an addition to the DNS protocols; it is designed to thwart specific
types of attacks against your DNS, such as DNS cache poisoning. DNSSEC provides
-
origin authentication of DNS data;
-
data integrity; and
-
authenticated denial of existence.
Registrars are invited to connect to the DNSSEC testbed EPP server using the
standard EPP port (700) and submit .ORG domain registrations into the DNSSEC
testbed. Registrars will not be billed for these names. In addition, these
names will not appear anywhere except within this testbed system. Registrars
will have the ability to perform all EPP transactions in the testbed, including
updates and deletions.
The name and IP address of the name server to be used to test the zone within
the testbed will be provided to registrars on 24 October 2005. Registrars will
be able to point DNSSEC-aware resolvers at the testbed name servers to gain an
understanding of how their .ORG domain names are affected by the DNSSEC
protocols. PIR will propagate registrars' OT&E EPP credentials to the testbed.
Once accounts are set up, these will not change, even if account changes are
made in the OT&E system, unless a specific request is made to PIR technical
support by the registrar.
Below is a link to the registrar toolkit (RTK) and frequently asked questions,
along with resources on how to integrate the RTK with your systems. Please
remember that the .ORG DNSSEC testbed is an experimental RTK and should not be
used to attach to the OT&E or production systems.
-
DNSSEC RTK (download the
zip or tar
folder)
-
DNSSEC FAQ
-
DNSSEC.NET
-
DNSSEC
Deployment Initiative
We look forward to your participation in this project and to receiving feedback
from you on this initiative.