DNSSEC is being rolled out quickly in top-level domain registries around the world, but there's still some way to go to encourage other Internet stakeholders to adopt the new security technology. That was one of the key takeaways from a day-long, comprehensive session on Domain Name System Security Extensions implementation worldwide, held during ICANN's public meeting in Cartagena, Colombia, last week.
What were you doing this week back in 1985? Answer: Probably watching the debut of Back to the Future, a early Steven Spielberg movie which incorporated novel uses of technology to travel in time. During that same time in 1985, however, another innovative use of technology was also making its debut—one with much greater implications for improving our lives on a global scale.
The board resolved on Friday to dedicate its two-day retreat in September entirely to working on the issues that remain outstanding in the Draft Applicant Guidebook. The current version of the DAG, the fourth, is expected to be the final draft before applications become open to potentially hundreds of prospective new TLD registry operators.
Attendees at the public ICANN meeting in Brussels today heard from over two dozen companies that have implemented or are planning to support DNSSEC, the next-generation standard protocol for secured domain names. It is clearer than ever before that DNSSEC is becoming a reality.
The barriers to DNSSEC adoption are quickly disappearing. There are nearly 20 top-level domains that have already deployed DNSSEC including generic TLDs like .org and .gov. This July, the DNS root will also be signed, and will begin validating DNSSEC queries. At this point, the decision for remaining TLDs to deploy DNSSEC is really no longer a question. In fact, as it stands today, all new TLDs approved by ICANN will be required to have DNSSEC deployed at launch.
The deployment of Domain Security Extensions (DNSSEC) has crossed another milestone this month with the publication of DURZ (deliberately unvalidatable root zone) in all DNS root servers on 5 May 2010.
While this change was virtually invisible to most Internet users, this event and the remaining testing that will occur over these next two months will dictate the ultimate success of DNSSEC deployment across the Internet.
You may have seen media reports a few weeks ago describing how servers behind the so-called Great Firewall of China were found delivering incorrect DNS information to users in the rest of the world, thereby redirecting users to edited Web pages. Reports indicate that this apparently occurred due to a caching error by a single Internet Service Provider. While the problem was fairly limited in scope, it could have entirely been prevented in a world where DNSSEC was fully deployed.
Afilias will be exhibiting at this year's DNSSEC Pavilion at the FOSE show. Stop by booth #2012 to learn about DNSSEC implementation from our experts!
