VeriSign, NeuStar and others team on DNS security

Coalition of top-level domain operators seeks protection against the Kaminsky bug

The Public Interest Registry announced plans to deploy DNSSEC in June, prior to the discovery of the Kaminsky bug. Since then, the nonprofit has been trying to educate its 600 channel partners around the world about the need for DNSSEC. It has signed up five registrars for a DNSSEC test that will take place in early 2009.

The Public Interest Registry initated the DNSSEC Industry Coalition because it wants to share its experiences with DNSSEC deployment and simplify the upgrade process for registrars.

"It's not just important that .org implement DNSSEC, but DNSSEC needs to be seen as an infrastructure upgrade to the entire DNS because of all the applications that ride on DNS today and all the applications that will ride on DNS in the future," Raad says. "This cannot be done by one organization alone."

NeuStar says it has enabled its registry platform to support DNSSEC. NeuStar provides the underlying DNS resolution services for 2 million .biz domain names and 1.4 million .us domain names. Now NeuStar is encouraging DNSSEC deployment among companies like GoDaddy, Enom and Network Solutions that sell domain names to businesses and individuals.

"We're doing everything we can to work with our customers to go through the process of supporting DNSSEC," Joffe says. "They may or may not understand the urgency. From our point of view, this is not something that is going to be delayed. It is the single most important thing that needs to be done to try and maintain public trust in the Internet."

The DNSSEC Industry Coalition hopes to drive adoption of DNSSEC across all registries and registrars around the globe. The group includes two country code top-level domains -- .se for Sweden and .uk for the United Kingdom -- along with Internet security companies such as Shinkuro, NL Net labs and Secure64 Software. The group's members say DNSSEC is the best known mechanism for thwarting a variety of attacks including cache poisoning, DNS redirection and pharming that are used to commit fraud and personal identity theft.

The DNSSEC Industry Coalition is creating implementation manuals and educational materials designed to make it easier and less costly for the domain name industry to adopt DNSSEC.

"My hope for the DNSSEC Industry Coalition as its chair is to help encourage collaborative efforts to make for a safer and more secure DNS," says Lauren Price, senior marketing manager for The Public Interest Registry. "We're trying to find ways to streamline the implementation of DNSSEC across all of the DNS registries...We're trying to take the burden off the registrars."

The main goal of the DNSSEC Industry Coalition is to speed up deployment of this security standard, but leaders admit that they can't fix DNS security until the U.S. government signs the DNS root.

"The domino that starts everything is the root being signed," Raad says. "Even with a very well-intentioned industry coalition, it is unrealistic for us to set a particular date for DNSSEC deployment without the root being signed....That's why we're urging the signing of the root using the best technical solution that is the most expedient."

There were 174 million domain names registered across all of the top-level domains as of September 30, VeriSign says. The DNSSEC Industry Coalition members represent 112.5 million or 65 percent of all domain names.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.


More about AfiliasEducauseNeuStarSpeedVeriSign AustraliaVIA

Show Comments