[news release] .au Domain Administration (auDA) announced this week it will introduce DNSSEC into the .au domain namespace in an experimental capacity in the coming months. Deployment on production servers will commence during April and will be trialed for four months. During this period auDA will:
- Test and monitor production load on the .au servers
- Perform two zone signing key rollover events
- Perform one key signing key rollover
- Liaise with the Second Level Domain (2LD) operators and facilitate the addition of their DS records into the .au zone
- Finalise the DNSSEC Practice Statement (DPS).
DNSSEC is a technology that was developed to protect against DNS-based attacks and hijacks by digitally signing data so you can be assured it is valid. In order to eliminate this form of vulnerability from the Internet, DNSSEC must be deployed at each step in the DNS lookup process from root zone to final domain name. Importantly, DNSSEC does not encrypt data. It just attests to the validity of the address of the site you visit. In auDA’s test, the .au delegation signer records will not be added to the root zone during this period and auDA notes that operators should not create or implement trust anchors for .au in their production environments. A mailing list has been created for discussions related to .au DNSSEC. auDA will make all announcements about key rollover periods, outages and any other relevant DNSSEC information via the DNSSEC mailing list. Further information about the implementation of DNSSEC in .au is available from auDA. There is also an FAQ available. This announcement was sourced from the ARI Registry Services website here.