Most Internet users know of the ever-present scams that pass across e-mail and lurk in malicious Web sites. But a much more fundamental security flaw resides in the Internet’s core routing architecture, DNS.
Many Internet experts believe that DNSSEC is the solution to the famous Kaminsky flaw. Enterprise Networking Planet hears from officials at .Org and ICANN about their progress implementing DNSSEC, and what some of the challenges will be for ISPs.
The march to secure the Internet’s core DNS
Since at least the summer of 2008, when security researcher Dan Kaminksy disclosed a critical vulnerability in DNS, the global Internet domain routing ecosystem has been moving to implement DNSSEC, which provides is a digitally signed mechanism to authenticate the integrity of DNS information, secure the system and prevent attacks.
Among the first generic Top Level Domains (gTLD) to first announce its plan to adopt DNSSEC was .Org back in September 2008. This week, .Org announced that its rollout of DNSSEC is now on track for deployment in June 2010. On a global basis, ICANN (Internet Corporation for Assigned Names and Numbers) reported that DNSSEC adoption in the root zone of the Internet is also going according to plan.
“We are extremely pleased to witness the gaining momentum in DNSSEC development and adoption, “.Org CEO Alexa Raad told InternetNews.com. “All actors within the chain of trust — registrars, ISPs and application providers — now have a known lead time for development, and zero uncertainty about the future of DNSSEC.”