As reported previously by Infosecurity, DNSSEC is a suite of Internet Engineering Task Force (IETF) specifications aimed at securing certain kinds of information provided by the domain name system seen on the internet.
Essentially it is a set of extensions to DNS that provide to DNS clients (known as resolvers) the origin authentication of DNS data, authenticated denial of existence, and data integrity.
The idea behind DNSSEC is that users of web sites using the security technology can be assured of the integrity of the site, and that their internet session is not being re-routed to a third-party site without them knowing.
Marc Van Wesemael, EURid’s general manager, told Infosecurity that the new DNSSEC signing service automatically signs .eu domain names and maintains re-signing and key rollovers.
This management aspect of the service, he explained, removes much of the complexity and administrative work often associated with implementing the DNSSEC protocol.
The big question facing the internet industry, he says, is how to educate the internet arena about the advantages that DNSSEC brings to the internet.
“We have taken the decision to get the message out to the registrars, who will then educate the users – the registrants of the .eu domain – about the advantages that DNSSEC offers them. By adding a facility that makes it very easy for registrars to offer this feature to users, it all helps to raise the security of the web generally”, he explained.
Van Wesemael went on to say that, at .eu, he encourages the adoption of DNSSEC and the new .eu DNSSEC signing service means that registrars can now easily offer enhanced security to their customers.
“With this new service, we expect that more registrars will implement DNSSEC and sign more .eu domain names, which will benefit everyone who uses .eu and improve the collective security of the .eu top-level domain”, he said.
DNSSEC, he adds, adds extra layers of security to the domain name system by verifying and validating name server responses from the bottom up through a chain of trust, thereby making the DNS more secure.
Digital signatures, he explained, are attached to DNS data – a process known as signing – so that the origin and integrity of this data can be verified as it crosses the internet.