DNSSEC @ Mozilla

Presentation: DNSSEC @ Mozilla Presentation 1 [PDF]
Average rating: ****.
(4.67, 3 ratings)

As the Internet world moves slowly towards implementing DNSSEC, this session aims to start at the basics of DNSSEC and goes on to discuss implementation details as well as best practices, some of the most common mistakes that happen during and after deployments and finally what’s in store for the near future.


Will discuss the following topics :

  • Introduction to DNSSEC
  • Why DNSSEC is needed
  • New RR records – DNSKEY, DS, NSEC and RRSIG
  • Keys
  • Relationship between the new RR records and keys aka Chain of Trust[demo]


  • Things to consider before you implement
  • Setup at Mozilla, before and after
  • Commands
  • Config changes
  • Steps to switch
  • Verification [demo]
  • Possible issues to be aware of


  • Mistakes I made, Security Lameness and log levels

The Future

  • Where we stand with DNSSEC today
  • Possible issues that delay DNSSEC implementation
  • Data from Mozilla (before and after DNSSEC)
  • Possible changes to Firefox/Other Software
Photo of Shyam Mani

Shyam Mani

Mozilla Corporation

Based out of Singapore, Shyam [pronounced sha-am] is a systems administrator on the Mozilla IT team and gets to break most things at work. A geek at heart, he’s a part time Gentoo developer, loves photography, biking as well as motorsport and was a race official in the 2010 Formula 1 Singapore Grand Prix and the 2011 Formula 1 Australian Grand Prix.