SIDN, the organisation that manages the .nl zone and ENUM NL, is today launching a Friends and Fans programme for DNSSEC. The programme offers registrants who already have experience with DNSSEC (DNS Security Extensions) the option of publishing the ‘public keys’ for a small number of domain names.
SIDN will then include these keys in the .nl zone file, so that both the registrants in question and SIDN will be able to gain practical experience with DNSSEC. The first signed .nl domain names to be included in the .nl zone file are sidn.nl, gigaport.nl and surfnet.nl. The launch follows just days after the public key for the .nl zone was published in the root, thus completing the ‘chain of trust’ for .nl.
DNSSEC
DNSSEC is an extension to the existing DNS (Domain Name System), which enables providers to check whether incoming DNS data can be trusted. Vulnerabilities in the existing DNS protocol mean that it does not provide full protection against threats such as cache poisoning and anonymous ‘man-in-the-middle’ attacks. With DNSSEC, internet users ask DNS servers to attach digital signatures to any ‘referrals’ that they send. That way, any user whose ISP operates a DNSSEC resolver can be sure that the DNS data received are authentic. This is important, because the falsification of DNS data can mean that internet users are led to forged websites or that e-mail is diverted into the wrong hands. By preventing such abuses, DNSSEC increases the reliability of the DNS. However, it is not a total security fix. It cannot prevent typosquatting or phishing, for example. So internet users still have to be alert to the possibility of malpractice.
Registrars
Registrants that are already familiar with DNSSEC can now arrange for their DNS trust anchors to be included in the .nl zone file. Addition of the anchors to the file will be supported by a number of manual processes. It won’t immediately be possible for registrars to manage their DS records using the Domain Registration System (DRS), since that will require major modifications to the DRS.
Security
SIDN’s CEO Roelof Meijer commented, ‘At the end of August, we introduced DNSSEC for .nl. That step made the .nl domain – the world’s fourth-biggest country-code domain and already one of the securest anywhere – even safer for internet users. The Friends and Fans programme is the next step towards the introduction of DNSSEC for all .nl domain names. That goal should be achieved by the end 2011. Over the last few months, we have seen market interest in DNSSEC really start to take off: about sixty TLDs (top-level domains) are now signed, compared with just twenty at the start of the year. In March 2011, .com is going to be signed as well, and we fully anticipate still greater interest in DNSSEC before the year is out.’
To register your .nl domain name check out EuroDNS here .
- Follow us on :
