VeriSign DNS fix paves way for safer Internet

DNSSEC faces long path to full adoption, but VeriSign's move is a step toward better Internet security

VeriSign, the administrator of the .com domain, announced on Thursday that the company had deployed the domain-name system (DNS) security extensions to that popular top-level domain. In addition to .com, the other major top-level domains have been signed, including .edu, .gov, .net, and .org.

DNSSEC adds another layer of cryptographic authentication to domain names, making certain types of DNS hacks, such as cache-poisoning and man-in-the-middle attacks, easier to detect. The DNS forms the underpinnings of the Internet, relating human readable server names to numerical Internet addresses. Attackers that control DNS responses can send victims to a malicious server rather than, say, infoworld.com.

The widespread adoption of DNSSEC would be a boon to other Internet infrastructure providers. The recent attack on certificate authority Comodo, for example, would have amounted to nothing if the DNS was authenticated and secure, claims Comodo CEO Melih Abdulhayoglu.

"The key here is untrusted DNS," he says. "We have to change that. We have to create security in DNS."

To be useful, however, domains using DNSSEC must have a fully authenticated domain chain, so the top-level root domains need to be fully signed. So far, less than a quarter of the 306 top-level domains have been signed, but with 90 million registrations under .com, its signing under DNSSEC is arguably the inflection point in adoption.

The Internet Corporation for Assigned Names and Numbers (ICANN), which has spearheaded much of the drive to DNSSEC, has its work cut out for it, however. A recent survey by Internet infrastructure firm Internet Identity found that half of system administrators had not heard of, or had little grasp of, DNSSEC. Moreover, only 5 percent of respondents to the survey said their company had deployed DNSSEC, with another 16 percent of firms planning to implement the technology.

"Those who have familiarity with DNSSEC seem to understand its key benefits and current challenges, which is promising for eventual adoption," IID president and CTO Rod Rasmussen, said in a statement.

This article, "VeriSign DNS fix paves way for safer Internet," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest business technology news, follow InfoWorld.com on Twitter.

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies