The 13 name servers operating the root zone of the Internet's Domain Name Servers (DNS) are now digitally signed with DNSSEC, or the Domain Name Server Security Extensions protocol. This will help prevent or at least make it much more difficult to mount attacks that exploit the trust-based nature of the domain name resolution process.
Ken Silva, senior vice president and chief technology officer at VeriSign, elaborated on the significance to InternetNews.com, "The milestone is crucial because it means that administrators of recursive name servers--the servers that look up Internet addresses using data from the Domain Name System (DNS)--can in most cases enable validation of DNS data by configuring just the root's public key."
Of course, the hierarchical nature of DNS means that it has to be employed at every level to the individual ISPs to be truly effective. As such, it might be some time yet before DNS is properly secured, though this is certainly an important and necessary start.
Source: Retrieved on July 21, 2010 from fiercecio.com/techwatch/story/dnssec-fully-deployed-dns-root-servers/2010-07-20
Share
No comments:
Post a Comment