A new domain signs on with DNSSEC

Security spreads wider on the Internet

The .info top-level domain, the Internet’s seventh largest TLD with more 6.5 million registered domains within it, was digitally signed on Sept. 1 to enable use of the DNS Security Extensions. The delegation signer records have been published in the DNS Root to enable validation of signatures on Domain Name Service query responses.

The signing is part of an effort by Afilias Ltd. of Dublin, a provider of Internet registry and back-end services, to deploy DNSSEC to 13 additional TLDs by year end. There will be a “friends and family” period during which the signatures will be used within a handful of .info domains before it is rolled out to the entire registered population.


Related coverage:

Need t o deploy DNSSEC? NIST publishes its how-to

How DNSSEC provides a baseline of Internet security

Affiias to deploy DNSSEC to 16 TLDs this year


The Domain Name System maps domain names to IP addresses and underlies nearly all Internet activities. DNSSEC enables digital signatures on DNS data and query responses so they can be authenticated with public cryptographic keys, making them harder to spoof or manipulate. This will help to combat attacks such as pharming, cache poisoning, and DNS redirection that are used to commit fraud and identity theft and to distribute malware.

To be fully effective, DNSSEC must be deployed throughout the Internet’s domains. The Internet’s 13 root zone DNS servers have been digitally signed since May. On July 15, the signed root zone was made available and a trust anchor was published with cryptographic keys that will allow users to verify the authenticity of DNS address requests. The publication of the trust anchor for the Internet root means it now is possible to begin linking together the “islands of trust” that have been created by the deployment of DNSSEC.

The Office of Management and Budget mandated the deployment of DNSSEC in the .gov domain, which contains about 4,000 domains, last year. Agencies have begun signing second-tier domains, such as gsa.gov. The largest top-level domain to deploy DNSSEC to date has been .org, which contains about 8 million domain names. The Internet’s largest domain, .com, with around 80 million registered domain names, is expected to be signed next year.

In the meantime, Afilias has announced its Project Safeguard, which is intended to expand the implementation of DNSSEC from 26 to 39 TLDs this year. This effort, along with the signing of .com, could help to push DNSSEC to critical mass, creating a demand for Internet service providers to enable DNSSEC on their networks so that digitally signed DNS query responses can be validated for customers. Use of DNSSEC signatures is expected to be available to more than 100 million domains, or nearly half of the Internet, by the end of 2011.

Afilias is the registry for .info, meaning that it maintains the domain names that are sold by the registrars within that domain. The domain was created in 2001as the first generic TLD launched since .com.

Afilias also will be enabling DNSSEC in another 12 TLDs that it supports by providing back-end services.

Participants in the “friends and family” period for familiarizing users with DNSSEC within .info will include afilias.info, info.info, shinkuro.info, Comcast.info and 19 other domains within Comcast.

About the Author

William Jackson is a Maryland-based freelance writer.

Featured

  • FCW PERSPECTIVES
    sensor network (agsandrew/Shutterstock.com)

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

  • FCW Illustration.  Original Images: Shutterstock, Airbnb

    Should federal contracting be more like Airbnb?

    Steve Kelman believes a lighter touch and a bit more trust could transform today's compliance culture.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.