SIDN Announces DNSSEC Protection Now Possible For .NL Domain Names

[news release] SIDN, the company behind .NL, has today implemented DNSSEC in its domain name registration system (DRS). DNSSEC (“Domain Name System Security Extensions”) adds an additional layer of security to the existing DNS, which has vulnerabilities that can be exploited by criminals. Implementation of the new protocol means that .NL registrants can now have their domain names secured with DNSSEC.

Promoting acceptance
DNSSEC’s global rollout is a major operation, whose outcome depends on registrants, registrars and internet service providers (ISPs) cooperating to create a continuous chain of trust. The involvement of registrars is essential for the continuity of the chain. The implementation of DNSSEC in the DRS means that registrars are now able to set up automated systems that customers can use to get their domains signed with DNSSEC. Once that happens, acceptance of DNSSEC can grow. “SIDN is committed to making the internet more secure. And we regard DNSSEC as an important tool for achieving enhanced DNS security,” said Roelof Meijer, SIDN’s CEO. “We are one of the indispensable links in the DNS hierarchy needed to make DNSSEC available. So too are the registrars, DNS operators and resolvers such as ISPs. The ball is now in their court. Nine registrars are immediately offering DNSSEC to end users. SIDN is very pleased with their involvement in the introduction of DNSSEC and their willingness to invest in the extra security it provides. Although the adoption of DNSSEC by registrars is no small matter, we expect the number of .NL registrars offering DNSSEC to increase rapidly, because the Netherlands has always been at the forefront of internet innovation. SIDN will continue to stimulate demand for DNSSEC in various ways.”

“By offering DNSSEC to our customers, we hope to give impetus to the adoption of this standard in the Netherlands,” commented Ewout de Graaf of Mijndomein, who is also chairman of the Registrars’ Association’s Technology Committee. “If more people start using DNSSEC, the internet really will be more secure. And the more domain names there are that are signed with DNSSEC, the more attractive it is for ISPs to operate DNSSEC resolvers.”

Alex Bik, Technical Director at BIT, the business isp, is also backing the new protocol. “Consumers and businesses expect to be able to use the internet safely, without worrying about the security of the data they send and receive. SIDN’s implementation of DNSSEC is an essential step towards making that possible. The benefit of DNSSEC will be felt only if it is implemented all along the chain. We at BIT are very pleased that, by working with SIDN, we can now offer signed domain names to end users. We firmly believe that DNSSEC will make the DNS a lot more secure against malicious threats.”

Authentic response
As the internet’s roadmap, the DNS has always been vulnerable to criminal threats such as cache poisoning and ‘man-in-the-middle’ attacks by unidentified parties. The perpetrators of such attacks can divert internet users to fake websites or intercept e-mail, even though the correct domain name is used. These vulnerabilities were underestimated until 2008, when Dan Kaminsky demonstrated that the DNS was easy to manipulate. Kaminsky’s revelations gave urgency to the worldwide rollout of DNSSEC, which had been in progress for some time. DNSSEC addresses the problems identified by Kaminsky. It provides a method for ascertaining whether an incoming DNS response is authentic and originates from the right source. The practical outcome of that is that the DNS is more reliable. In July 2010, ICANN signed the root zone and a month later SIDN followed suit by signing the .NL zone with DNSSEC. Once that had been done, early adopters had the opportunity to have trust anchors added to the .NL zone file during a Friends & Fans phase.

This SIDN news release was sourced from:

Europe Registry logoTo register your .NL domain name, check out Europe Registry here.