Duane Wessels

Duane Wessels

Distinguished Engineer at Verisign
Joined on July 16, 2008
Total Post Views: 72,842


Duane Wessels is a distinguished engineer at Verisign, where he focuses on data analysis and Domain Name System Security Extension (DNSSEC) projects. He brings over 15 years of experience working in the data analysis and research fields.

Prior to joining Verisign in 2010, Duane was the director of the Domain Name System Operations Analysis Research Center (DNS-OARC), where he developed tools and services, organized workshops, and recruited new members.

Duane is an active participant in various Internet Corporation for Assigned Names and Numbers (ICANN) multi-stakeholder community groups, including the Root Server System Advisory Committee (RSSAC), the Root Zone Evolution Review Committee (RZERC) and the Root Server System Governance Working Group (RSS-GWG). Duane is also an active member of the Internet Engineering Task Force (IETF) DNS Operations working group, the North American Network Operators Group (NANOG) and the DNS-OARC. He has also served on the board of directors for both the NANOG and the DNS-OARC and has co-authored several internet Request for Comments (RFCs).

Duane holds a Master of Science in telecommunications from the University of Colorado and a Bachelor of Science in physics from Washington State University.

Except where otherwise noted, all postings by Duane Wessels on CircleID are licensed under a Creative Commons License.

Featured Blogs

Unexpected Effects of the 2018 Root Zone KSK Rollover

March 22, 2019, saw the completion of the final important step in the Key Signing Key (KSK) rollover - a process which began about a year and half ago. What may be less well known is that post rollover, and until just a couple days ago, Verisign was receiving a dramatically increasing number of root DNSKEY queries, to the tune of 75 times higher than previously observed, and accounting for ~7 percent of all transactions at the root servers we operate. more

A Closer Look at Postponing of the Root Zone KSK Rollover Decision

On Sept. 27, Internet Corporation for Assigned Names and Numbers (ICANN) announced that the first root zone Key Signing Key (KSK) rollover - originally scheduled to take place on Oct. 11 - will be postponed. Although this was certainly a difficult decision, we fully agree that erring on the side of caution is the best approach to take. In this blog post, I want to explain some of the involvement Verisign has had in KSK rollover preparations, as well as some of the recently available research opportunities which generated data that we shared with ICANN related to this decision. more

A Great Collaborative Effort: Increasing the Strength of the Zone Signing Key for the Root Zone

A few weeks ago, on Oct. 1, 2016, Verisign successfully doubled the size of the cryptographic key that generates DNSSEC signatures for the internet's root zone. With this change, root zone DNS responses can be fully validated using 2048-bit RSA keys. This project involved work by numerous people within Verisign, as well as collaborations with ICANN, Internet Assigned Numbers Authority (IANA) and National Telecommunications and Information Administration (NTIA). more

Increasing the Strength of the Zone Signing Key for the Root Zone, Part 2

A few months ago I published a blog post about Verisign's plans to increase the strength of the Zone Signing Key (ZSK) for the root zone. I'm pleased to provide this update that we have started the process to pre-publish a 2048-bit ZSK in the root zone for the first time on Sept. 20. Following that, we will publish root zones with the larger key on Oct. 1, 2016. more

Increasing the Strength of the Zone Signing Key for the Root Zone

One of the most interesting and important changes to the internet's domain name system (DNS) has been the introduction of the DNS Security Extensions (DNSSEC). These protocol extensions are designed to provide origin authentication for DNS data. In other words, when DNS data is digitally signed using DNSSEC, authenticity can be validated and any modifications detected. more

Verisign’s Perspective on Recent Root Server Attacks

On Nov. 30 and Dec. 1, 2015, some of the Internet's Domain Name System (DNS) root name servers received large amounts of anomalous traffic. Last week the root server operators published a report on the incident. In the interest of further transparency, I'd like to take this opportunity to share Verisign's perspective, including how we identify, handle and react, as necessary, to events such as this. more

Topic Interests

DNSCybersecurityCyberattackDDoS AttackNetworksThreat IntelligenceDNS SecurityICANN

Recent Comments

Not a Guessing Game
Not a Guessing Game
Not a Guessing Game
Not a Guessing Game
Not a Guessing Game

Popular Posts