Search DNSSEC Blog


Tuesday, June 9, 2009

ICANN Calls on UK and Global Broadband ISPs to Adopt DNSSEC

The Internet Corporation for Assigned Names and Numbers (ICANN), which manages the Domain Name System (DNS), has called on ISPs around the world to start moving towards adoption of Domain Name System Security Extensions (DNSSEC). DNS translates IP addresses into human readable form (e.g. becomes but it is flawed, which can result in legitimate website addresses being diverted to malicious sites by hackers.

To solve this problem DNSSEC was developed, which uses a combination of encryption, origin authentication of DNS data, data integrity and authenticated denial of existence checks to prevent hackers from easily being able to hijack websites and domains from legitimate servers. It won't stop Distributed Denial of Service (DDoS) attacks, where a server is bombarded by masses of requests and ultimately crashes, but it will prevent most current hacks.

This is clearly a very important step towards making the Internet more secure. However ICANN admits that without support from both ISPs and application developers around the world then it may not succeed. ICANN is now pushing for full adoption of DNSSEC but notes that it will initially result in a two-tier Internet between users of secure and unsecure platforms:
The CEO of ICANN, Paul Twomey, told ZDNet UK : "[IT IS] important to get the application-layer community involved and to recognise that DNSSEC should move through all applications.

It's going to take some time to deploy and further discussions, as there are a lot of implementation issues for ISPs in how they support DNSSEC. [USERS] will have to have access to both signed and unsigned roots. It's not like we can turn DNSSEC on tomorrow."DNSSEC itself is nothing new and ICANN has reportedly been pushing for it since 2005, although political squabbles over who manages the Internet have held up progress. Happily agreements have now been reached and ICANN are finally in a position to push forward, although much like moving to IPv6 - it could still take many years to fully deploy.

To the average broadband consumer this will seem like little more than techno-babble that has no bearing on their experience. In reality it's a bit like putting an immobiliser and alarm in a car that previously had neither.

Source: MarkJ, ICANN Calls on UK and Global Broadband ISPs to Adopt DNSSEC, Retrieved on 9 June, 2009 from

No comments:

Post a Comment