For engineers and administrators

DNS is an open system based on shared responsibility. This has been an important prerequisite for the rapid spread of the internet across the globe. But it also entails that the quality of the service is dependant on each and everyone who is operating DNS servers on the internet. At IIS, we strive for a robust internet infrastructure with a high-quality domain name system.

In order to help engineers and administrators to increase quality in their part of the system IIS has, among other things, developed Zonemaster. We also perform a health check of the .se domain every year and produce a report on this. Furthermore, we actively work for spreading DNSSEC, the security extensions to DNS which stops abuse like cache poisoning.

In the subsections here, DNS Operators can find useful information and tools that help you maintain a high service quality.

Zonemaster

Together with Afnic, IIS has developed the DNS testing tool Zonemaster. The goal is that the partnership will result in Zonemaster becoming the de facto standard for DNS tests.

Zonemaster is a program designed to help people to control, measure and hopefully better understand how the DNS, domain name system, works.

How it works

Zonemaster consists of three main parts: The engine (the code that performs all tests), command line interface (CLI) and web interface. When a domain (also called zone) is sent to Zonemaster, the program then examines the domain’s state of health through traversing the DNS from the root (.) to the TLD (top level domain, for example .NET) and finally the DNS servers that contain information about the specific domain (for example, zonemaster.net). Zonemaster also performs many other tests which are documented here: Test Requirements document.

Integrity

Zonemaster is accessible to everyone and it is possible for anyone to check your domain and also see the test history for your domain. However, there is no way to see who has run a test since the only thing logged is the date when the test was performed.

International cooperation

Zonemaster is the result of a cooperation betweenIIS (Registry for the TLDs .se and .nu) and AFNIC (Registry for the TLD .fr and the smaller TLDs belonging to France).  https://zonemaster.net.

 

Administer DNSSEC

The DS record (Delegation signer) is a hash of a public key, a DNSKEY, and is what is stored in the parent zone while the DNSKEY itself is stored on the name server of the domain name holder. Contact the registrar for your domain for help on how to manage your DS records.

Subscribe to important information

You can subscribe to important information from dnssec-announce@lists.iis.se, including key changes and other important DNS news for .se and .nu.  To subscribe, visit: http://lists.iis.se/mailman/listinfo/dnssec-announce

Testing

Via the Zonemaster service IIS gives everyone interested the possibility to test their domains with DNSSEC. You find the service here: https://zonemaster.iis.se/

Contacts for DNSSEC

If you have further questions regarding DNSSEC, please contact IIS Registry, Phone: +46-8-452 35 80, e-mail: registry@iis.se