Home / Blogs

Three Reasons Why It Makes Sense to Deploy DNSSEC Now

As many of you may know, today .ORG announced that all of its 8.5 million domains are now able to be fully DNSSEC signed — the largest set of domain names in the world so far that has access to this key security upgrade. We congratulate Public Interest Registry (PIR) on this landmark event, and are pleased that NamesBeyond is the first domain name registrar to support full DNSSEC signing for all of these domains.

A few years ago, Dan Kaminsky widely exposed a nasty hole on the Internet. Long known as cache poisoning, a problem the domain name system community was familiar with, Dan demonstrated a way of modifying DNS records in a way that would be widespread, catastrophic and not curable by the end-user. Working with security vendors, DNS software companies and operating system creators, a temporary workaround was found for this cache poisoning problem. Of course, at the end of this saga, cache poisoning became forever known as the "Kaminsky bug."

The widespread publicity that the Kaminsky bug got around the world vindicated a decision made in several companies to invest time, effort and money into deploying DNSSEC. The community was split on the value of the DNSSEC effort — many thought the deployment was quixotic, while a few others thought it was appropriate.

Reason 1: DNSSEC is part of the future Internet

With more and more of the world's economy and transactions depending on the Internet, the Domain Name System (DNS) which underpins the Internet is now an essential and required global resource. Business owners expect that service providers such as registrars, registries, and ISPs invest in strong security measures. They also desire a system that is easy to understand, quickly usable and easily manageable. A more secure namespace is going to be the reality for the future.

For over a decade, engineers have been working on implementing DNSSEC. In this process, these engineers have had to explain why they were implementing this technology. As recently as 2007, it became clear that one of the important technologies in the deployment of DNSSEC, called NSEC, needed to be upgraded. Our customers have no interest and really, not much desire to understand why the upgrade was needed; they only wanted to know that it was implemented.

For the registrar, registry and network provider universe, DNSSEC is clearly an essential component of the future of the Internet. What is now a trickle is likely to soon become a flood.

Reason 2: Security can be a differentiator

Dan Kaminsky recently said, "It is in fact possible to have registrars that have much more attention paid for security and treat that as a competitive advantage." The fact, however, is that very few registrars in the marketplace actually leverage these principles in their own practice.

As the marketplace has evolved, the need to guide corporate behavior based on the online safety and well-being of business people and individuals. Three core values: safety, quality and stability, are essential for the proper functioning of the DNS marketplace.

These values can be part of the domain name ecosystem. While registrars, registries and ISPs have to necessarily compete in the overall marketplace on values more than the three above, in the past few years, the biggest element of competition has been price. Volume flows to those who offer among the lowest prices online.

There are those who are building mechanisms that enhance security. It is clear that their hope is to realize a higher value for such services as a result.

Reason 3: Companies will move to a more secure model

As the Internet becomes essential to the success or failure of companies, a move to a more secure model is inevitable. After all, this has already happen in the world of e-commerce, with trust in online transactions being secured by SSL. Companies willingly pay hundreds of dollars to provide enhanced security for their customers.

Once companies understand that their own domain names can be upgraded with DNSSEC so that DNS spoofing becomes impossible, then they will adopt this technology. Especially if this technology is implemented in a way that its benefits are easy to understand, it is easy to access the upgrade, and it is possible to downgrade if necessary.

Dan Kaminsky predicts there will soon come a time where registrars are engaged in a "race to the top", where higher quality and better security becomes the norm. Those who believe in this concept are those who are likely to invest in DNSSEC.

By Uma Murali, President & CEO

Related topics: DNS, DNS Security, Domain Names, Registry Services, Security, Top-Level Domains

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

Bauer Media Joins Minds + Machines as a .fishing Pioneer

New .vote TLD Used for Arizona Voters

First Premium .yoga Domains Up for Auction

Afilias Releases 160,000+ Names Across 8 New TLDs

Deal Yourself In: .POKER Names Now Open to All

Verisign OpenHybrid for Corero and Amazon Web Services Now Available

Lou Andreozzi to Lead New .Law Top-Level Domain

ICANN Business Constituency Elects Elisa Cooper of MarkMonitor as Chair

PIR Releases Report Detailing Steady Growth of .org Domain in 2014

Afilias Supports the CrypTech Project - Ambitious Hardware Encryption Effort to Protect User Privacy

.film to Provide New Home Online for the Film Industry

.VOTE Solves Presidential Candidate Ted Cruz's Domain Name Problem

.green Now in General Availability

ICANN's Registry Audits Begin Next Week. Are You Prepared?

Sunrise Period Begins for .NGO and .ONG

.study & .courses to Launch with Support of ARI Registry Services

We Know This .Sucks

ARI Registry Services Expands Middle East & Africa Operations

Radix Assumes Full Ownership of .online

IBCA Presentation to ICANN GAC on Protection of Geographic Names in New gTLDs

Sponsored Topics

dotMobi

Mobile

Sponsored by
dotMobi
Verisign

Security

Sponsored by
Verisign
Afilias

DNS Security

Sponsored by
Afilias
Minds + Machines

Top-Level Domains

Sponsored by
Minds + Machines