Home / Blogs

July 2010: The End of the Beginning for DNSSEC

Ram Mohan

July 15, 2010 (yesterday) marked the end of the beginning for DNSSEC, as the DNS root was cryptographically signed. For nearly two decades, security researchers, academics and Internet leaders have worked to develop and deploy Domain Name System Security Extensions (DNSSEC). DNSSEC was developed to improve the overall security of the DNS, a need which was dramatized by the discovery of the Kaminsky bug a few years ago.

If researchers have been working on this for years, one might ask: why is this only the "end of the beginning?" The answer is, of course, that "overnight changes" usually occur only after a decade or more of hard work. Until recently, DNSSEC was often criticized as a solution in search of a problem. However, the now famous "Kaminsky bug," a cache poisoning exploit that DNSSEC fixes, changed all that in a hurry.

DNSSEC deployment first became real when .SE (Sweden) announced in 2007 that it had signed its zone. Another DNSSEC leader, .ORG, managed by the Public Interest Registry, opened its DNSSEC testbed in the same year. Soon thereafter, the number of countries and other operators deploying DNSSEC in their infrastructure started to swell.

Yesterday, ICANN, VeriSign and the NTIA, after months of careful work, completed the signing of the Root zone, fully enabling DNSSEC queries to be validateable down the "chain of trust." For the first time ever, it became possible to have a DNS query for a signed zone completely validated from an end-user's computer all the way to the root of the DNS.

The seal of trust that DNSSEC now delivers at the root level of the Domain Name System is a testament to an idea whose time has come — an idea chaperoned by scores of engineers, technicians and policy makers, and executed by operators of networks and names. As DNSSEC deployment enters its next phase, let us take a moment to salute the work done by all those who have come before us, and all those who are in this with us.

July 15, 2010 marks the end of the beginning for DNSSEC, and the opening of a new chapter in the task of securing the core infrastructure on which the global Internet relies. We are now in the era of DNS 2.0.

By Ram Mohan, Executive Vice President & CTO, Afilias. Mr. Mohan brings over 20 years of technology leadership experience to Afilias and the industry.

Related topics: DNS, DNS Security, Security

 
   
WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Industry Updates – Sponsored Posts

MarkMonitor Partners with CYREN to Deepen Visibility into Global Phishing Attacks

Verisign Named to the Online Trust Alliance's 2016 Honor Roll

Dyn Partners with the Internet Systems Consortium to Host Global F-Root Nameservers

Verisign Q1 2016 DDoS Trends: Attack Activity Increases 111 Percent Year Over Year

Is Your TLD Threat Mitigation Strategy up to Scratch?

Domain Management Handbook from MarkMonitor

i2Coalition to Host First Ever Smarter Internet Forum

Encrypting Inbound and Outbound Email Connections with PowerMTA

Resilient Cybersecurity: Dealing with On-Premise, Cloud-Based and Hybrid Security Complexities

What Holds Firms Back from Choosing Cloud-Based External DNS?

Verisign Releases Q4 2015 DDoS Trends - DDoS Attack Activity Increasing by 85% Year Over Year

Best Practices from Verizon - Proactively Mitigating Emerging Fraudulent Activities

Neustar Data Identifies Most Popular Times of Year for DDoS Attacks in 2015

The Framework for Resilient Cybersecurity (Webinar)

Data Volumes and Network Stress to Be Top IoT Concerns

DKIM for ESPs: The Struggle of Living Up to the Ideal

Computerworld Names Afilias' Ram Mohan a Premier 100 Technology Leader

Verisign Mitigates More Attack Activity in Q3 2015 Than Any Other Quarter During Last Two Years

Protect Your Privacy - Opt Out of Public DNS Data Collection

Verisign & Forrester Webinar: Defending Against Cyber Threats in Complex Hybrid-Cloud Environments

Sponsored Topics

Afilias

DNS Security

Sponsored by
Afilias
Verisign

Security

Sponsored by
Verisign
Port25

Email

Sponsored by
Port25
Afilias - Mobile & Web Services

Mobile

Sponsored by
Afilias - Mobile & Web Services