UK domain gets DNS Security Protocol protection

By Richard Thurston, ZDNet UK, 2 March, 2010 15:18

NEWS

Internet registry Nominet has begun introducing DNS Security Extensions, or DNSSEC, a security protocol that should help protect the UK's domain-name system from malicious misdirections.

On Monday, the company began applying the protocol to the top-level .uk domain. DNSSEC, also known as encrypted DNS, uses digital signatures to guarantee to name servers that the DNS data they receive has not been intercepted or tampered with. In this way, it is meant to help stop hackers who try to redirect traffic from genuine websites to their own spoof websites.

"It's a very symbolic day for us. It shows we're very serious about this," Simon McCalla, director of IT for Nominet, told ZDNet UK. "It's a step towards creating a safer UK internet."

The registrar has started the implemention on five of the 11 UK nameservers, which will be specially monitored for a week. The DNSSEC keys will be obscured during this time, and DNSSEC information will not be validated. On 8 March, if all goes according to plan, the obscured keys will be replaced by real keys, and the protocol will be rolled out to all the .uk name servers, Nominet said.

The .uk domain is used by organisations such as the armed forces, the police, universities and the government. While second-level domains are not included in this initial rollout, Nominet said it intends to bring in the eight million .co.uk domains in a separate project in early 2011. DNSSEC protection will extended to .org.uk, .ltd.uk and .me.uk in the future, the company added.

Businesses do not need to take any direct action because of Nominet's DNSSEC rollout, McCalla said.

Without DNSSEC, it is possible for a hacker to use techniques such as cache poisoning to redirect traffic from a genuine site to their own fake site, although many organisations have deployed patches to stop such attacks. These attacks have existed for around a decade: one was demonstrated amid much publicity at the BlackHat conference in 2008 by researcher Dan Kaminsky.

While there have been no serious DNS-based incidents in the UK, one South American bank had been hit, McCalla said. "As e-commerce grows, this will be an area that people will try to exploit, so we want to fix it now," he said.

DNSSEC has been in development for years, having been bogged down by discussions at standardisation body the Internet Engineering Taskforce.

The inventor of DNS, Paul Mockapetris, acknowledged the weaknesses of the system some time ago, saying more emphasis had been placed on getting it off the ground than building in security. He has recommended the implementation of DNSSEC.

The protocol has already been introduced for the top-level .org domain, and .com is expected to have it added in 2011.

Post your comment

In order to post a comment you need to be registered and logged in

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy. Questions about membership? Find the answers in the Community FAQ

ZDNet UK Live

omg!!!! I been using read hat linux for a while sience 1998 and i recently got tire of that distor and tryed slackware 13.1.... i no longer want...

4 hours ago by OpenSourceLinux on Slackware Linux 13.1

omg!!!! I been using read hat linux for a while sience 1998 and i recently got tire of that distor and tryed slackware 13.1.... i no longer want...

4 hours ago by OpenSourceLinux

About time too!

5 hours ago by Tezzer on Govt to review US extradition treaty

Speaking purely from observation, I've seen only a handful of people actually using netbooks (and have one myself). None of them were running...

5 hours ago by Tezzer on While PC shipments will grow to a million per day, netbooks are in decline

Imagine how stupid ZDnet must feel considering it takes about 10-30 seconds to load their stupid webpage filled with ads from other sites. While...

5 hours ago by WasteOfTime on Google’s Buckyballs doodle costs people money, drives users away

Unfortunately AnAmericanFellow you seem to be in the minority. ;)

6 hours ago by SeanTheMac on Google’s Buckyballs doodle costs people money, drives users away

@manek - No, I'm saying that there are concrete statements from netbook manufacturers and REPUTABLE analysts that indicate the Linux share of the...

7 hours ago by J.A. Watson on While PC shipments will grow to a million per day, netbooks are in decline

Mary : Being familiar with both Windows and Linux extensively, I would be curious to know what kinds of learning issues there were with Linux...

7 hours ago by apexwm on While PC shipments will grow to a million per day, netbooks are in decline

I always thought that Wave was ideal for machines and lousy for humans...

7 hours ago by sbisson on Forcing Things Social

Any news on when we'll see the putative benefits? It would be nice to see an uninterrupted data connection - even a 2G one - on a a train journey I...

7 hours ago by manek on Ofcom pumps up the volume for 3G networks

So you're saying that some 25 percent of netbook buyers throw away a copy of Windows they've paid for and install Linux instead. If netbook users...

7 hours ago by manek on While PC shipments will grow to a million per day, netbooks are in decline

Jamie, you bring up a good point. There hasn't been much news regarding netbooks in a while, especially on what they are running. Jack doesn't...

9 hours ago by apexwm on While PC shipments will grow to a million per day, netbooks are in decline

On behalf of all Americans, I would like to apologise for the twit that insisted on the American spelling of 'realized'. Some of us are aware of...

10 hours ago by AnAmericanFellow on Google’s Buckyballs doodle costs people money, drives users away

IE 7? It uses all that CPU just to open a tab. Really, I saw those claims, really, most of them are, simply put, just full of BS. My machine isn't...

11 hours ago by feaband

Mmm. Google could do with something like this. It would be brave of them - in fact, they could call it Google Brave. Or Cave. Or something like that.

11 hours ago by Rupert Goodwins on Forcing Things Social

"Linux being a disastrous failure in the netbook marketplace. (Linux went from 100% market share to less than 5%" Obviously untrue. Here is...

12 hours ago by J.A. Watson on While PC shipments will grow to a million per day, netbooks are in decline

> just want my default browser to load quickly so I can then as effortlessly as possible type > the URL I do want to go to and be done with it. In...

12 hours ago by Chris Rankin on Google’s Buckyballs doodle costs people money, drives users away

I always use Google as a home page for any PC I work on as I just want my default browser to load quickly so I can then as effortlessly as possible...

12 hours ago by eldridgep on Google’s Buckyballs doodle costs people money, drives users away

Yes! This just in... (if I had known this when I wrote the original article, I would have included it, of course). The very bright people on the...

13 hours ago by J.A. Watson on Samsung N150 Plus Netbook - Fedora, Mandriva, Ubuntu Maverick and Jolicloud

Dell goes from bad to worse. You would think with their numbers and share price in the toilet that they would want any business they could get. I...

13 hours ago by dellception on What happened to Dell?

Featured white papers