Home / Blogs

July 2010: The End of the Beginning for DNSSEC

  • Jul 16, 2010 10:07 AM PST
  • Comments: 0
  • Views: 3,249
Print Comment
By Ram Mohan
Ram Mohan

July 15, 2010 (yesterday) marked the end of the beginning for DNSSEC, as the DNS root was cryptographically signed. For nearly two decades, security researchers, academics and Internet leaders have worked to develop and deploy Domain Name System Security Extensions (DNSSEC). DNSSEC was developed to improve the overall security of the DNS, a need which was dramatized by the discovery of the Kaminsky bug a few years ago.

If researchers have been working on this for years, one might ask: why is this only the "end of the beginning?" The answer is, of course, that "overnight changes" usually occur only after a decade or more of hard work. Until recently, DNSSEC was often criticized as a solution in search of a problem. However, the now famous "Kaminsky bug," a cache poisoning exploit that DNSSEC fixes, changed all that in a hurry.

DNSSEC deployment first became real when .SE (Sweden) announced in 2007 that it had signed its zone. Another DNSSEC leader, .ORG, managed by the Public Interest Registry, opened its DNSSEC testbed in the same year. Soon thereafter, the number of countries and other operators deploying DNSSEC in their infrastructure started to swell.

Yesterday, ICANN, VeriSign and the NTIA, after months of careful work, completed the signing of the Root zone, fully enabling DNSSEC queries to be validateable down the "chain of trust." For the first time ever, it became possible to have a DNS query for a signed zone completely validated from an end-user's computer all the way to the root of the DNS.

The seal of trust that DNSSEC now delivers at the root level of the Domain Name System is a testament to an idea whose time has come — an idea chaperoned by scores of engineers, technicians and policy makers, and executed by operators of networks and names. As DNSSEC deployment enters its next phase, let us take a moment to salute the work done by all those who have come before us, and all those who are in this with us.

July 15, 2010 marks the end of the beginning for DNSSEC, and the opening of a new chapter in the task of securing the core infrastructure on which the global Internet relies. We are now in the era of DNS 2.0.

By Ram Mohan, Executive Vice President & CTO, Afilias

Related topics: DNS, DNSSEC, Security

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:
Print Comment

Comments

To post comments, please login or create an account.

Related Blogs

What Does It Take To Repair Trust? What Will It Take ICANN To Win Back "Trust"? (Part I)

  • Feb 08, 2012
  • Comments: 0

Is ICANN Opening up Public Comment Periods in Bad Faith?

  • Feb 07, 2012
  • Comments: 1

Phish or Fair?

  • Feb 07, 2012
  • Comments: 4

The FBI and Scotland Yard vs. Anonymous: Security Lessons

  • Feb 06, 2012
  • Comments: 0

World Notices That Verisign Said Three Months Ago That They Had a Security Breach Two Years Ago

  • Feb 02, 2012
  • Comments: 2
View More

Related News

DNSChanger Trojan Still Running on Half of Fortune 500s, US Govt

  • Feb 02, 2012
  • Comments: 0

Public-Private Cooperation Policy for Cyber Security Suggested by Commissioner Kroes

  • Jan 31, 2012
  • Comments: 0

DDoS Attacks Increased by 2000% in Past 3 Years, Asia Generating Over Half of Recent Attacks

  • Jan 31, 2012
  • Comments: 0

NASA Website Blocked Due to DNSSEC Error

  • Jan 25, 2012
  • Comments: 0

Websites Go Dark Protesting SOPA and PIPA, Senators Change Course

  • Jan 18, 2012
  • Comments: 0
View More

Topics

Access ProvidersLaw
BroadbandMalware
CensorshipMobile
Cloud ComputingMultilinguism
CyberattackNet Neutrality
CybercrimeP2P
CybersquattingPolicy & Regulation
Data CenterPrivacy
DNSRegional Registries
DNSSECRegistry Services
Domain NamesSecurity
EmailSpam
EnumTelecom
ICANNTop-Level Domains
Internet GovernanceVoIP
Internet ProtocolWeb
IP AddressingWhite Space
IPTVWhois
IPv6Wireless
View More

Industry Updates – Sponsored Posts

.ORG COO Discusses Priorities With DailyVista, Pursuit of .NGO Domain

  • By PIR
  • Views: 328

StarHub to Acquire '.starhub' New Top-Level Domain

ARI Registry Services Signs 21 Contracts in the First Week of New TLD Applications

MarkMonitor to Exhibit at Internet Tech Policy Exhibition and Reception to be Held on Capitol Hill

Sedari Signs With Dot Moscow Bidders

.ORG, The Public Interest Registry Welcomes Nancy Gofus As Chief Operating Officer

  • By PIR
  • Views: 697

Minds+Machines Works with .bayern

Verisign to Award New Infrastructure Research Grants

Being a .PRO When Choosing a Registry Services Partner

UK Cabinet Office Looks to BlueCat Networks' Expertise and Best Practices for Securing PSN

dot Brand Makes Its Debut: Afilias Advises Companies to Act Now for Successful TLD Applications

BlueCat Networks Helps Organizations Transition to IPv6 with HP

BlueCat Networks to Host Webinar on DNS, DHCP and IPAM Featuring Independent Research Firm

Facets of gTLD Registry Technical Operations - Registry Services

Technology and Finance Industries to Dominate New gTLD Applications

Nixu SNS 2.5 Series Gives Fresh Views on DNS

Afilias Says "No" to SOPA

Breaking the DNS: Another Look at How SOPA Could Be Destructive

  • By Dyn
  • Views: 1,378

IPAM and DHCPv6 Shake Hand in Nixu NameSurfer 7.1 Series

2011: A Year in Review, from the Yes2DotAfrica Campaign

View More

Hot Topics

Minds + Machines

Top-Level Domains

Sponsored by
Minds + Machines
Verisign

Security

Sponsored by
Verisign
Afilias

DNSSEC

Sponsored by
Afilias
Neustar UltraDNS

DNS

Sponsored by
Neustar UltraDNS
dotMobi

Mobile

Sponsored by
dotMobi
View More