DNS security extensions now available for Debian's zone entries

May 12th, 2011

The Debian Project is pleased to announce that its domains debian.org and debian.net are now secured by the DNS Security Extensions (DNSSEC). The corresponding DNS records have recently been added in the .net and .org zones.

This enables users with security aware DNS resolvers to securely retrieve information from the domain name system such as IP addresses, or for those who have shell accounts on debian.org machines, SSH host key fingerprints. Any tampering with DNS replies would be detected by a user's resolver, says Peter Palfrader, member of Debian's System Administrator Team. DNSSEC is an important step in securing the Internet's name resolution infrastructure.

To our knowledge, Debian is the first large Linux distribution who has secured its zones using DNSSEC with a valid trust chain from the IANA root zone says Peter.

Usage of Domain Name Security Extensions

Probably the easiest way to use DNSSEC is the usage of the unbound package as resolver. Please see wiki page for details on how to use unbound and DNSSEC.

About Debian

The Debian Project was founded in 1993 by Ian Murdock to be a truly free community project. Since then the project has grown to be one of the largest and most influential open source projects. Thousands of volunteers from all over the world work together to create and maintain Debian software. Available in 70 languages, and supporting a huge range of computer types, Debian calls itself the universal operating system.

Contact Information

For further information, please visit the Debian web pages at http://www.debian.org/ or send mail to <press@debian.org>.