Afilias' specialized technology makes Internet addresses more accessible and useful through a wide range of applications, including Internet domain registry services, Managed DNS and award-winning mobile Web services.
With the latest “DNSpionage” attack, ICANN astutely prompted domain name holders to fully deploy DNSSEC on their names. Afilias absolutely supports this and encourages the same. In this post, I remind you of why DNSSEC is important and our continued role.
Afilias has a long history in the development and advocacy of DNSSEC. In 2007, we partnered with Public Interest Registry to help found dnssec-deployment.org - an organization designed to advance the operational deployment of DNSSEC (also known as the DNSSEC Consortium). This organization conducted a technical review and outreach necessary to develop DNSSEC best practices and the process for singing the root. The activities of DNSSEC Consortium were transitioned to the Internet Society and merged with their Deploy 360 Programme, where advocacy for DNSSEC continues today.
In 2009, Afilias launched our initial DNSSEC services, two years before the root was signed. The DNSSEC Practice Statement (DPS) for all TLDs has evolved since then to align with RFC 6841 (published in January 2013). Afilias deployed DNSSEC in Public Interest Registry’s .org in 2009, the largest TLD to do so at the time, which was more than one year before the root was signed. To facilitate the adoption, we actively engaged with select registrars to test the deployment of signing second level domain names and partnered with Public Interest Registry to develop and present multiple webinars to explain DNSSEC to registrars.
For those of you still wondering if you should deploy DNSSEC, let me explain why you should. DNSSEC solves a real security problem: integrity and authentication of DNS information. From the user perspective, this means ensuring a website, email or server location is the one you expect it to be. From the domain registrant perspective, without DNSSEC you are at risk for name server hijacking and cache poisoning and you may not get the traffic you desire, if any at all.
When you have enabled DNSSEC, your DNS information cannot be altered. Here’s how you do it:
If manipulated data is detected, your customers will be taken to an error page – and never to a fake site. Now that is peace of mind!
Today, DNSSEC is opt-in. But with the rise in DNS exploits, it is hard to imagine why anyone would not take this step to ensure trust in their digital identity. Afilias is continuing to explore ways to promote adoption and make it easier for our customers and their registrants to take advantage of this important technology, including easing the deployment process.