Deploying and Monitoring DNS Security (DNSSEC)
Source: Colorado State University
SecSpider is a DNSSEC monitoring system that helps identify operational errors in the DNSSEC deployment and discover unforeseen obstacles. It collects, verifies, and publishes the DNSSEC keys for DNSSEC-enabled zones, which enables operators of both authoritative zones and recursive resolvers to deploy DNSSEC immediately, and benefit from its cryptographic protections. This paper presents the design and implementation of SecSpider as well as several general lessons that stem from its design and implementation.