auDA to trial DNSsec in .au

By on
auDA to trial DNSsec in .au

Updated: Four month test.

The .au Domain Administration will kick off a trial of Domain Name System Security (DNSsec) to cryptographically sign and secure the .au domain zone.

DNSsec is a set of security extensions that provide for authentication of domain name system queries.

The chief executive of auDA, Chris Disspain, told iTnews the layer of security that is introduced can be built upon, and forms part of the chain of trust in the DNS.

"Once validation is ubiquitous business and users can take advantage of this trust by having the confidence that the website they are viewing is as intended by the domain name owner," Disspain said.

"Business and end user data is captured, viewed and stolen everyday. This is done through attacks such as cache poisoning, man-in-the-middle-attacks or via malicious resolvers," he said. 

"Confidence in online transactions has been reduced over the last decade as more and more sophisticated methods of attack have emerged."

auDA said while DNSsec adds a layer of security and trust through authenticated and verified queries and responses, it also carries risks to operators.

Errors in signed DNS zones can cause problems including making the zone appear offline or look bogus to validating resolvers, auDA said.

The trial comes after the auDA spent 18 cautious months testing on multiple systems in preparation for signing the .au zone.

Testing of the DNSsec deployment will continue in April, when the .au zone will be signed. auDA warned the .au zone would be considered experimental, and Delegation Signer records would not be added to the top-level root DNS zone right away.

For that reason, auDA said it was not suitable to generate and use an .au trust anchor in production enviroments while the testing takes place over the next four months.

After the trial, auDA is looking at submitting the DS records to the Internet Assigned Numbers Authority (IANA) to be included in the DNS root zone.

Disspain said that end-users don't have to do anything to take advantage of DNSsec, as it should become transparent with wider deployment.

auDA has set up a web page that details the .au DNSsec deployment, with an indicative timeline for its introduction this year.

Copyright © . All rights reserved.

Most Read Articles

Log In

|  Forgot your password?