Only 13% of major hosts have deployed secure DNS security extensions

Although relatively new in internet terms, DNSSEC is a protocol that is billed as verifying and validating name server responses from the bottom up through a chain of trust, so making DNS – the name/IP address lookup system – more secure against web traffic interception attacks.

Under the protocol, digital signatures are attached to DNS data (signing) meaning that the origin and integrity of this data can be verified as it crosses the internet.

According to the report – an overview of DNSSEC deployments worldwide – only 37 (13%) of the world's 283 active TLDs have enabled DNSSEC to varying extents.

The research, which was conducted in September and October of this year notes that DNSSEC-enabled TLDs include .biz, .gov, .info and and .uk.

Marc Van Wesemael, EURid's general manager, said that the report shows that, although the DNSSEC deployment momentum is slowly building, it still needs to gather pace.

"As more TLDs join in, DNSSEC enablement will become standard and automatic. This is essential to make the Internet a safer place", he explained.


What’s Hot on Infosecurity Magazine?