« XSS Watch, PA Primary Special Edition | Main | Jobs.com Says Profiles Are Permanent »
April 24, 2008
.arpa, .org and .uk Soon to Go DNSSEC
Huh:
“ICANN officials said the organization plans to add DNSSEC to its .arpa Internet domain servers, and that the .org domain servers (run by PIR) as well as the .uk servers also will go DNSSEC soon. Country domains .swe (Sweden), .br (Brazil), and .bg (Bulgaria ) already run the secure version of DNS for their domain servers.
“DNSSEC, which stands for DNS Security Extensions, digitally signs DNS records so that DNS responses are validated as legitimate and not hacked or tampered with. That ensures users don’t get sent to phishing sites, for example, when requesting a legitimate Website. DNS security increasingly has become a concern, with DNS prone to these so-called cache poisoning attacks, as well as distributed denial-of-service (DDOS) attacks like the one last year that temporarily crippled two of the Internet’s 13 DNS root servers. (See DNS Attack: Only a Warning Shot?, DNS Attack: Possible Botnet Sales Pitch , and DNS Servers in Harm’s Way.)
“But DNSSEC adoption has been slow in coming, mainly due the complexity of managing the keys. Converting .arpa — a domain mostly relegated to Internet research sites — to DNSSEC isn’t quite the same as securing .com, but it could signal that DNSSEC is finally ready for prime time, experts say. Still, DNSSEC isn’t completely useful unless all domains have deployed it.
“ICANN says its latest DNSSEC move doesn’t signal an all-out move to DNSSEC, but it’s a start. ‘Every time another top-level domain signs on, that’s progress,’ says Richard Lamb, an engineer with ICANN who helped build its DNSSEC testbed. ‘Whether it means the DNS root servers [will go DNSSEC] in the near future, I don’t know.’”
Charlie’s also worth reading on DNSSEC in general:
(Link)
Posted by mhall at 8:40 PM | Add Comment
Leave a comment