DNSSEC Available to Test on Cloud DNS

[cloud-dns-announce]

In 2013, Google Public DNS (8.8.8.8) became the largest public DNS resolver to support DNSSEC (DNS Security Extensions), doubling the number of Internet clients protected by DNSSEC validation. Today, we are excited to announce that fully-managed DNSSEC is available as an invitational Alpha-release feature in Google Cloud DNS. You may fill out this form to request an invitation.

DNSSEC helps mitigate the risk of DNS hijacking and man-in-the-middle attacks by cryptographically signing DNS records. Validating DNS resolvers, such as Google Public DNS, accept and relay to Internet users only authentic data from signed domains. This prevents attackers from misdirecting browsers to nefarious websites, for example, by issuing fake DNS responses.

DNSSEC in Google Cloud DNS is designed for ease of use. Follow a few simple steps, then sit back, relax, and enjoy the added security benefits. Advanced users may choose to use different signing algorithms and denial-of-existence types. We support several sizes of RSA and ECDSA keys, and both NSEC and NSEC3. For more details, please refer to the instructions that will come along with the invitation.

This is an Alpha release. Access to the feature is by invitation only, and only intended for testing purposes. If you are interested in trying it out, please request an invitation by filling out this form. We will contact you with details on how to get started. At this moment, DNSSEC is only available to Google Cloud DNS users participating in this Alpha release. Google Domains users, please stay tuned!

Richard Woodbury, on behalf of the Cloud DNS team.

[Richard Woodbury]

On Tuesday, September 5, 2017 at 1:35:51 PM UTC-4, Ronald McCormick wrote:

I suspect it IS...  It took about a week before I got added (just recently)

Yes, the Alpha is very much still open. We add users in batches, so don't expect an immediate invite after filling out the form.

 

 WARNING: The directions that they sent me were incorrect...  They have you add a repository for a gcloud component.... (DONT DO it...  It breaks a few things as it reverts the API to an ancient version)

The instructions are correct (tested myself last week), and this is the expected usage. Please let me know what are the "few things" that break for you, so this can be addressed.

 

The commands will be available once they add you to the permissions, but they are actually in the standard beta section (you will have to install the beta component).

It may be possible to use the Beta commands, but as the product hasn't entered Beta yet, this is not the prescribed method.

[Richard Woodbury]

I will add that you don't have to bother with gcloud if you want to use the Cloud Console. There are only a few advanced features unavailable in the UI, but it has all the functionality necessary to get setup with DNSSEC.