Domain Name System Security Extensions (DNSSEC) is an enhanced level of Internet security that allows authentication to be added to domain name records to ensure they are correct and not tampered with. This prevents hackers from falsifying DNS records in an attempt to re-direct people to fake, phishing or criminal sites.The NRO acts as a coordination point for cross-RIR work on DNSSEC.

How Does DNSSEC Work?

DNSSEC helps protect the Internet by digitally ‘signing’ data in DNS records to assure validity. In order for DNSSEC to scale, each step in the lookup needs to be secured, from the root zone all the way down to the to the final domain name that is managed by the registrant. While DNSSEC does not encrypt data, it does attest to the validity of the domains that consumers visit. DNSSEC does not change any existing Internet addressing system protocols. It merely incorporates a chain of digital signatures into the DNS hierarchy with a signature-generating key at each level.

How Does this Secure the Internet for Users?

DNSSEC will ensure that end users are actually connected to the sites they visit and the services associated with them. While this will not solve all Internet security issues, it protects the directory lookup, which is a critical piece. This level of protection complements other technologies such as Secure Sockets Layer (SSL) that lets client/server applications further validate the end site and additionally communicate without eavesdropping, and it opens the door for further developments in Internet security.

Where Can I Find Out More About DNSSEC?

While DNSSEC is a cross-RIR project, each RIR provides specific information for the Internet community within its respective region. Find out more: AFRINIC | APNIC | ARIN | LACNIC | RIPE NCC



Last modified on 31/07/2018