Research
Our primary goal is to support the Internet's development in Chile. We have supported several research experiences, counting academical research projects and development of high innovation prototypes. Check more details of our Research projects:- Projects
DNSSEC
in
In 2008 we began studying the DNS Security extensions (DNSSEC) and its future implementation at NIC Chile (.cl).
The study tries to evaluate the technical impact of implementing such extensions on the current DNS platform at NIC Chile. Therefore, we evaluated both, technical changes in the physical platform and operational changes in the life-cycle of DNS records; with the restriction of not compromising NIC Chile's current Quality of Service.
NIC Labs has implemented an experimental platform for DNSSEC using the following servers:
- BIND DNSSEC Authoritative Server for .cl zone using NSEC
- BIND DNSSEC Authoritative Server for niclabs.c using NSEC
- Unbound DNSSEC Authoritative Server for niclabs.cl using NSEC3
- BIND DNSSEC Resolver Server using NSEC
- Root server configured using the .cl data zone redirected to the server with the signed .cl zone (this made for a complete functionality of the resolver)
Another significant development was a set of experiments to study the adoption costs. These experiments were tested using the server infrastructure explained before. We evaluated several variables that may interfere on the key digital signing process, in particular the cost of signing (where cost is measured as time, space, consumed resources, etc). We designed several tests to check the differences when signing several zone files, with increasing numbers of registers (from 10.000 to 2.000.000). We also evaluated the difference of using several key sizes for KZK or ZSK (form 512 bits to 4096 bits)
We also defined a technical group working on the Roadmap of DNSSEC at NIC Chile. With the analysis of these experiments, the working group defined upper bounds of resources needed for NIC Chile to implement DNSSEC, without decreasing the current Quality of Service (QoS) level.
In the future we plan to contribute to the community with a set of tools which support the adoption of DNSSEC on both an Authoritative Server and a Resolver Server.
Further information on the development of DNSSEC at NIC Labs: http://dnssec.niclabs.cl