[news release] SIDN, the company behind .NL, has today implemented DNSSEC in its domain name registration system (DRS). DNSSEC (âDomain Name System Security Extensionsâ) adds an additional layer of security to the existing DNS, which has vulnerabilities that can be exploited by criminals. Implementation of the new protocol means that .NL registrants can now have their domain names secured with DNSSEC.
DNSSECâs global rollout is a major operation, whose outcome depends on registrants, registrars and internet service providers (ISPs) cooperating to create a continuous chain of trust. The involvement of registrars is essential for the continuity of the chain. The implementation of DNSSEC in the DRS means that registrars are now able to set up automated systems that customers can use to get their domains signed with DNSSEC. Once that happens, acceptance of DNSSEC can grow. âSIDN is committed to making the internet more secure. And we regard DNSSEC as an important tool for achieving enhanced DNS security,â said Roelof Meijer, SIDNâs CEO. âWe are one of the indispensable links in the DNS hierarchy needed to make DNSSEC available. So too are the registrars, DNS operators and resolvers such as ISPs. The ball is now in their court. Nine registrars are immediately offering DNSSEC to end users. SIDN is very pleased with their involvement in the introduction of DNSSEC and their willingness to invest in the extra security it provides. Although the adoption of DNSSEC by registrars is no small matter, we expect the number of .NL registrars offering DNSSEC to increase rapidly, because the Netherlands has always been at the forefront of internet innovation. SIDN will continue to stimulate demand for DNSSEC in various ways.â
âBy offering DNSSEC to our customers, we hope to give impetus to the adoption of this standard in the Netherlands,â commented Ewout de Graaf of Mijndomein, who is also chairman of the Registrarsâ Associationâs Technology Committee. âIf more people start using DNSSEC, the internet really will be more secure. And the more domain names there are that are signed with DNSSEC, the more attractive it is for ISPs to operate DNSSEC resolvers.â
Alex Bik, Technical Director at BIT, the business isp, is also backing the new protocol. âConsumers and businesses expect to be able to use the internet safely, without worrying about the security of the data they send and receive. SIDNâs implementation of DNSSEC is an essential step towards making that possible. The benefit of DNSSEC will be felt only if it is implemented all along the chain. We at BIT are very pleased that, by working with SIDN, we can now offer signed domain names to end users. We firmly believe that DNSSEC will make the DNS a lot more secure against malicious threats.â
As the internetâs roadmap, the DNS has always been vulnerable to criminal threats such as cache poisoning and âman-in-the-middleâ attacks by unidentified parties. The perpetrators of such attacks can divert internet users to fake websites or intercept e-mail, even though the correct domain name is used. These vulnerabilities were underestimated until 2008, when Dan Kaminsky demonstrated that the DNS was easy to manipulate. Kaminskyâs revelations gave urgency to the worldwide rollout of DNSSEC, which had been in progress for some time. DNSSEC addresses the problems identified by Kaminsky. It provides a method for ascertaining whether an incoming DNS response is authentic and originates from the right source. The practical outcome of that is that the DNS is more reliable. In July 2010, ICANN signed the root zone and a month later SIDN followed suit by signing the .NL zone with DNSSEC. Once that had been done, early adopters had the opportunity to have trust anchors added to the .NL zone file during a Friends & Fans phase.
This SIDN news release was sourced from:
To register your .NL domain name, check out Europe Registry here.