DNSSEC is a mechanism to protect the integrity of DNS records and protect end-users against DNS cache poisoning attacks. However, operating a DNSSEC signing infrastructure requires a lot of investment and effort for the maintenance and to ensure the security of the signing service. There is also a need to maintain a proper key management life-cycle. This project is about operating a DNSSEC signing service for external parties (any network operator).
We envisage it to be a container-based infrastructure, where a new container is spun every time a new operator enrols into this service. Each signer will have their isolated environment for e.g. running on a Docker and keys will be stored in a soft-HSM. There will be a web portal allowing the users to activate their service and get the configuration to setup zone transfers for signing between master and slave servers.
Keywords: DNSSEC, Docker, SoftHSM, web development, security
|Number of Students/Interns required||Duration|
|Key deliverables||Skills required|