Friday, December 17, 2010

only '.org' and '.net' domains under DNSSEC protection till now, WHAT ABOUT YOU

Are you protected with DNSSEC:
[] in mid-2010, DNSSEC got deployed over 'root-DNS-server' and '.org' domain
[] on 10-Dec-2010, Verisign deployed DNSSEC in '.net' zone too
   {securing more than 13million registrations online}
[] preparations are up to sign the '.com' zone in first quarter of 2011

Verisign has even launched a cloud based DNSSEC implementation service to ease its implementation in organisations.
Refer to
For those who are not much familiar with DNSSEC, its a security layer standardized to be implemented over traditional DNS services... it will help the users counter DNS vulnerabilities exposed by researchers like 'Dan Kaminsky' including DNS poisoning attacks.
Refer to

Its implementation would require more processing power, bandwidth usage and more storage needs as it uses intensive encryption mechanism over all DNS traffic.

Though, I was surprised hearing initially of its implementation over root DNS server as its alterantive DNSCURVE (suggested by Dan Kaminsky) was conceptually better in security and easy on resources too. Don't know it was fair selection or just another political/community-biased decision.

=begin :footer
# waited about a week to have time doing this post in detail... 
# but more delay would deny its usability... so its here
=end :footer  

No comments:

Post a Comment