RSS Alerts

Share

More services

Related Links

Related Stories

  • Comcast will transition to DNSSEC
    Following an 18-month testing period, giant US ISP Comcast has announced plans to transition to the DNSSEC secure DNS standard by the end of next year.
  • Secure DNS server launched
    Secure64 Software has released a DNS cache server that is designed to protect against cache poisoning attacks.
  • Google launches DNS service
    Google is hoping to beef up the web's security by providing its own domain name service (DNS). The search engine giant is asking companies to point their computers at its own DNS servers to get extra protection from DNS attacks, and to speed up their browsing.
  • DNSSEC encrypted domain technology gets welcome boost
    Things appear to be moving ahead for DNSSEC, the encrypted domain technology designed to protect the domain name system from spoofing and other hacks. Nominum, which supplies DNS systems, announced new capabilities in its products designed to eliminate barriers to DNSSEC deployment.
  • EURid announces completion of 'chain of trust' for DNSSEC
    EURid, the registry for the .eu top-level domain, has announced that the .eu. element of the Domain Name System Security Extensions (DNSSEC), an Internet security standard, is now one of the most secure in the world.

Top 5 Stories

News

Root zone switches to DNSSEC

07 May 2010

The last of the internet's 13 root servers has been switched to a secure version off the Domain Name System (DNS). This means that the entire root zone for the internet is now operating using DNSSEC.

The move, which has been happening gradually since the end of January, sees the j.root-servers.net server switch over to a signed version of the DNS protocol, which makes it much harder to spoof DNS queries and mount other attacks on the system. C

Changing the entire root zone to DNSSEC is significant, because these 13 services sit at the top of the hierarchy for the DNS system, which is used to translate web domains such as Infosecurity-US.com to the underlying IP address that locates the destination server. The DNS system works in a hierarchy, in which requests are sent to DNS servers to translate these domain addresses. If the DNS server does not have the answer, it asks another server further up the chain. This process repeats until the root server eventually comes into play.

The process of changing over to a secure DNS root zone is still not complete, however. The signatures served by the root servers cannot yet be validated, because the public key has not yet been disclosed. This key is due to be published in early July, after a key ceremony involving representatives from different countries. "The deployment of the signed root zone is happening now, with some of the root servers already providing signed responses," said root-servers.org, the site responsible for documenting root zone operations. "Although not yet useful for validation purposes, these signed responses are larger than unsigned responses and this may have an operational impact for resolvers."

The implementation of DNSSEC in the DNS root zone is a joint effort between the Internet Corporation for Assigned Names and Numbers (ICANN), VeriSign and the US Department of Commerce.

This article is featured in:
Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012