Posts Tagged ‘DNSSEC’


“DNSSEC Update from ICANN 42 in Dakar”

Posted November 30th, 2011

As posted to by Ram Mohan: “While the global rollout of Domain Name System Security Extensions (DNSSEC) continues at the domain name registry level — with more than 25% of top-level domains now signed — the industry continues to focus on the problem of registrar, ISP and ultimately end-user adoption. At the ICANN meeting in Dakar in late October, engineers from some of the early-adopting registries gathered for their regular face-to-face discussion about how to break the “chicken or egg” problems of secure domain name deployment.”

Click HERE to read the full article.

Tags: ,
Posted in DNSSEC, ICANN by  


What You Need To Know About DNSSEC – An Interview With Dr. Richard Lamb

Posted August 26th, 2011

Cybercrime is on the rise and Domain Name System Security Extensions (DNSSEC) has been one of the hottest security topics this year.  Created as a response to a flaw in the DNS, the intention of DNSSEC is to prevent users from experiencing redirection to fraudulent web sites and similar forms of cybercrime. There is a debate within the community as to whether DNSSEC is truly necessary. Some feel it is not comprehensive in its current form, while others believe it is an important brand protection tool.

Like many Internet security issues, DNSSEC is sometimes misunderstood by those outside the technical community so we sat down with Dr. Richard Lam, DNSSEC Program Manager for ICANN, to get his perspective on what you really need to know about DNSSEC.


Tags: , ,
Posted in DNSSEC, ICANN, Interviews by  


“ICANN Security Chief Urges Widespread Adoption of DNSSEC”

Posted August 8th, 2011

As posted to “Jeff Moss, ICANN’s Vice President and Chief Security Officer, told the Black Hat Technical Security conference on 3 August that now is the time for corporations and organizations to embrace DNSSEC (Domain Name System Security Extensions).

“If you only call us after the house is on fire, you have very few options,” Moss told the conference, a premiere venue for elite security researchers. He emphasized the need for businesses to prioritize online security, including adoption of DNSSEC.”

Click HERE to read the full press release.

Tags: ,
Posted in DNSSEC, ICANN by  


“DNSSEC Baby Steps Reported at ICANN 41″

Posted July 29th, 2011

As published to the Afilias blog: “The Internet is slowly beginning to adopt the new DNSSEC domain names standard, but significant challenges remain. That was the main takeaway from a four-hour workshop on the technology held during the recent ICANN 41 public meeting in Singapore, which heard from many domain registries, registrars and other infrastructure providers.

July 15, 2011, was the one-year anniversary of ICANN signing the DNS root system with DNSSEC. While enormous strides have been made since then, such as the signing of key top-level zones, the standard is now entering what may prove to be its trickiest phase of deployment — encouraging usage by domain registrants and the support of the registrars that, in most cases, will act as their gatekeepers.”

Click HERE to read the full post.

Posted in DNSSEC, ICANN by  


“Nominet Pilots Domain Security Pump-Up”

Posted July 25th, 2011

As reported by “Dot-UK registry Nominet has started piloting a free service designed to help UK businesses boost the security of their websites’ domains.

The DNSSEC Signing Service “will allow registrars to quickly and easily implement DNSSEC by relying on Nominet to manage the cryptographic signing process, management of keys and publishing records to nameservers and zone files,” Nominet said.”

Click HERE to read the full story.

Tags: , ,
Posted in DNSSEC by  


Deployment of DNSSEC in the Root Zone: Impact Analysis

Posted April 14th, 2011

According to ” In 2010 ICANN commissioned a study from DNS-OARC to examine the impact of DNSSEC deployment in the root zone, and in particular the effects on clients from the large DNS responses resulting from the use of a Deliberately Unvalidatable Root Zone (DURZ).

The DNS-OARC study drew upon the results of a coordinated data collection exercise by root server operators, with each data collection window timed to coincide with a transition by one or more root servers from serving an unsigned root zone to serving the DURZ.

ICANN is publishing this report in order to share its findings with the wider DNS community.”

Click HERE to read the report.

Tags: ,
Posted in DNS, DNSSEC, ICANN by  


Whois, DNSSEC and Domain Security: An Interview With Garth Bruen of Knujon

Posted April 1st, 2011

As we are gearing up for major innovation in the domain space, questions of Internet security loom large.

Whois, DNSSEC and New gTLD issues were on the front burner at ICANN 40, so we sat down with Garth Bruen, Internet security expert and creator of Knujon to discuss these topics and more.


Tags: , , , ,
Posted in cybercrime, DNS, DNSSEC, Enforcement by  


DNSSEC Deployment Reaching Critical Mass

Posted March 23rd, 2011

As reported by Ram Mohan: “Less than nine months after the DNS root was signed, the rollout of DNSSEC across the Internet’s top-level domains is approaching the tipping point. Thanks to the combined efforts of registries around the world, the new security protocol will soon be available to the majority of domain name registrants in almost a quarter of all TLDs.

As a reminder, DNSSEC — Domain Name System Security Extensions — is a trust upgrade to the decades-old DNS protocol. Using DNSSEC, resolvers are able to ensure that no one or nothing has tampered with DNS messages by validating their cryptographic signatures. The technology goes a long way in protecting Internet users from attacks, like cache poisoning, that have the potential to undermine the trust we all place in electronic commerce.”

Click HERE to read the full article.

Posted in DNSSEC by  


ICANN Reports Milestone for the Internet

Posted June 21st, 2010

From ICANN News Alerts

On June 16, in the small town of Culpeper, Virginia, ICANN technical staff played host to an unusual and somewhat arcane event. Volunteers from over ten countries made their way by plane, train and automobile to witness and participate in the generation of the cryptographic key that will be used to secure the root zone of the Domain Name System using DNSSEC for the first time.

During the ceremony, participants were present within a secure facility and witnessed the preparations required to ensure that the so-called key-signing-key (KSK) was not only generated correctly, but that almost every aspect of the equipment, software and procedures associated with its generation were also verified to be correct and trustworthy. The ceremony was conducted with the goal of ensuring that there is widespread confidence throughout the technical Internet community that the root zone, once signed, can be relied upon to protect users from false information.

Ceremony participants referred to an extremely detailed checklist and were able to confirm that every aspect of the process was executed exactly as planned. The entire event was video-recorded simultaneously by three separate cameras, and ICANN arranged for the whole system to be subject to a SysTrust audit, a process supported by the archived, unedited video footage and the legal attestations of key participants.

The path down the long road to Culpeper has required considerable effort and investment by ICANN, and has benefited from an extremely productive collaboration between staff at ICANN, VeriSign and the US Department of Commerce. ICANN, with the help of some talented consultants, has designed processes that are thought to surpass those of many commercial Certificate Authorities not only in the degree of openness and transparency in their design and execution, but also in terms of the security engineering involved.

The design of the overall system requires ICANN to execute a ceremony like this one four times per year. The next ceremony is scheduled to take place on July 12 in El Segundo, California, where ICANN has built a second facility intended to ensure continuity for the DNS (and hence Internet users world-wide) in the event of a serious disaster in one location.

All design documentation for the ceremony will be published by ICANN, not only to promote transparency in the process for the root zone, but also to act as a valuable reference to any other organization that needs to build similar systems to support DNSSEC in top-level domains, enterprises, or anywhere else. The deployment of DNSSEC in the root zone of the DNS will hence not only act as a catalyst for global DNSSEC deployment because of the special nature of the root zone, but also because of the design and engineering investment ICANN is giving back to the wider community.

Tags: , ,
Posted in ICANN, Internet Security by  


ICANN to Work with US Gov and VeriSign on Interim Solution to Core Internet Security Issue

Posted June 5th, 2009

From ICANN News Alert

ICANN will work with the U.S. Department of Commerce’s National Telecommunications and Information Administration (NTIA), the National Institute of Standards and Technology (NIST) and VeriSign on the goal of an operationally Signed Root Zone as soon as feasible in 2009.

In a letter agreeing to participate, ICANN recognizes the urgency surrounding the issue of electronically signing the Internet’s “root zone” but stresses the need for this process to be interim.

“We’ve been working towards a signed root for more than three years. In fact, ICANN has operated a root zone signing test bed for more than two years. So ICANN is aware of the urgency around signing the root to enhance stability and security” Paul Twomey, President and CEO of ICANN said.

“ICANN has agreed to work with VeriSign and the Department of Commerce to first test, and then have production deployment of DNS Security Extensions (DNSSEC) as soon as feasible without prejudice to any proposals that may be made for long term signing processes” said Twomey.

“There will of course need to be consultations with the Internet technical community as the testing and implementation plans are developed” he added.


Tags: , , , , , , ,
Posted in ICANN, Internet Security by