Monitoring DNSSEC

The incident that occurred with the ccTLD “.de” on May 5th, 2026 brought a problem to the attention of a broad public that people more deeply involved in DNS and DNSSEC already knew: It is a well-known fact that DNS is a crucial resource for everything that uses the Internet, and, almost unnoticed by many, this is the case for DNSSEC as well. But while DNS usually fails in a containable way, a DNSSEC failure at the wrong place – such as in a ccTLD – can quickly wipe out a large part of the domains in a country, or even worldwide. It should be obvious that getting rid of DNSSEC is not the solution. One solution – or at least part of the solution is, not surprising for a talk at OSMC, monitoring DNSSEC. This talk provides a short introduction into DNSSEC, a summary of what can (and did) go wrong, and demonstrate a plugin that can be used to monitor many aspects of DNSSEC to make sure that at least some of the issues will be noticed – ideally before it’s too late.

Speaker

  • Peter Eckel
    Peter Eckel

    Peter started working in the IT world in the early 1990s and became a freelancer in 1994. His field of work includes the planning, monitoring and automation of IT infrastructure, preferably using open source software wherever possible. He will not do Windows. Ever.

Date

Nov 18 - 19 2026