Monitoring DNSSEC
The incident that occurred with the ccTLD “.de” on May 5th, 2026 brought a problem to the attention of a broad public that people more deeply involved in DNS and DNSSEC already knew: It is a well-known fact that DNS is a crucial resource for everything that uses the Internet, and, almost unnoticed by many, this is the case for DNSSEC as well. But while DNS usually fails in a containable way, a DNSSEC failure at the wrong place – such as in a ccTLD – can quickly wipe out a large part of the domains in a country, or even worldwide. It should be obvious that getting rid of DNSSEC is not the solution. One solution – or at least part of the solution is, not surprising for a talk at OSMC, monitoring DNSSEC. This talk provides a short introduction into DNSSEC, a summary of what can (and did) go wrong, and demonstrate a plugin that can be used to monitor many aspects of DNSSEC to make sure that at least some of the issues will be noticed – ideally before it’s too late.
Speaker
-
Peter EckelPeter started working in the IT world in the early 1990s and became a freelancer in 1994. His field of work includes the planning, monitoring and automation of IT infrastructure, preferably using open source software wherever possible. He will not do Windows. Ever.