Tag Archives: auIGF

What Was Involved In Making .AU More Secure With DNSSEC

The .au (Australian) ccTLD implemented DNNSEC at the end of 2014, joining the vast majority of TLDs, including all new gTLDs. Adam King, auDA‘s Chief Technology Officer, spoke at theAustralian Internet Governance Forum(auIGF) in Melbourne, Wednesday, which is organised by the .au policy and regulatory body. Adam was on a panel speaking about DNSSEC and online security in Australia. I spoke to Adam on the sidelines of the auIGF after his presentation on auDA’s experiences in implementing DNSSEC.DG: In December 2014 auDA implemented DNSSEC – What was the reason for introducing this new security?
AK: We needed to sign DNSSEC to enable .au to move forward and become a more secure namespace. So far all the ccTLDS of OECD member countries are signed with DNSSEC, so from both a security perspective and to remain competitive with other ccTLDs, it needed to happen. And of 1071 TLDs, 908 including all new gTLDs as mandated by ICANN, are currently signed.DG:How was the process?
AK: The technical side of signing wasn’t the difficult part. The difficult and time consuming part was developing the policies and processes for signing the zone and how auDA would manage the cryptographic keys. That’s because you’re now dealing with private key information and you’re using it to create a layer of trust, so this information must be kept secure.DG:What’s the difference for domain registrants?
AK: At the moment not too much because it’s not ubiquitous, but auDA needed to sign .au to create the opportunity for registrants to be able to sign their own domain names. But it’s a process with several steps.To make the service widely available, hosting companies need to start making DNSSEC signing services available to their customers. DNSSEC validation is on by default in all the current versions of name server software therefore any ISP (or business operating their own resolver) running the latest versions are performing validation – unless they are using a Windows resolver or have explicitly turned validation off. For hosting companies it is a little more involved, they need to replicate the processes auDA went through (generating key pairs, developing policy and signing procedures to protect their private keys) but obviously on a larger scale as they may have hundreds or thousands of zones to be signed. It’s certainly possible, Comcast in the USA were able to achieve this. Comcast provide validation for 17.8 million residential customers and have signed all 5,000 domain names under their management.DG:When all this is done, what will the benefits be to .au domain registrants and internet users?
AK: Once it’s enabled everywhere, as long as the ISPs or corporate resolver has DNSSEC validation enabled, it will perform all the validation checks to protect internet users from two of the main DNS attack vectors – cache poisoning and man-in-the-middle attacks. The checks occur without the end user doing anything. It all goes on behind the scenes and is so quick the user doesn’t even realise it’s happened. It guarantees that the answer to the question asked, that is the domain name requested, has not been modified or tampered in transit from the authoritative server to the ISP’s resolver.What it doesn’t do is that it doesn’t provide encryption, so what one looks up and visits is still visible in the DNS, and it doesn’t protect from viruses or DDOS attacks.So it’s not a silver bullet for protection online, but what it does protect against, it does so very well. And internet users are much safer as a result.auDA is the host of the auIGF each year and announcements on the 2016 security focused panels will be announced at the start of the year. You can register to hear more about how to get involved by emailing auigf@auda.org.au to be added to the mailing list.

Second Round Of New gTLD Applications On ICANN Board Agenda: auIGF Discussion

The prospect of a second round of applications for new gTLDs is on the agenda for ICANN, with discussions likely to take place at an upcoming board meeting, possibly as early as September.

“The board will soon start discussing the possibility of opening a second round of applications for new gTLDs, said ICANN board member and auDA CEO Chris Disspain at the Australian Internet Governance Forum Wednesday in a discussion on new gTLDs focussing on the upcoming .melbourne.

The earliest possibility for discussions is an ICANN board retreat, scheduled for early to mid-September.

The conference was preceded by the announcement of the winners of the Australia and New Zealand Internet Awards (ANZIA), a collaboration between auDA and InternetNZ, that recognise organisations, businesses and individuals who excel in delivering accessible, innovative, informative and secure resources to a diverse and wide community on the Internet.

“The concept of the ANZIAs came from discussions between Keith Davidson (the then CEO of InternetNZ) and me over several glasses of red wine,” said Disspain. “We wanted to be able to reward those organisations, individuals and businesses we had seen develop incredible online resources, for the benefit of all Australians and New Zealanders. The Internet is a place where everyone is able to exchange ideas and communicate, on a level playing field. The ANZIAs are a way to acknowledge the world-class initiatives that are created, in both of our countries.”

There were winners in six different categories:

  • Diversity: Cultural Infusion
  • Innovation: ARTS:LIVE – The Song Room
  • Information: Policy Online (APO)
  • Access & Digital Skills: Get Up To Speed Program – The Training Collective
  • Security & Online Safety: RealMe – New Zealand Department of Internal Affairs
  • The Leonie Dunbar Memorial Award for Community Websites: Apollo Bay Community Website Inc

A full list of winners and those highly commended is available at www.internetawards.org.au

The upcoming launch of the .melbourne gTLD was also the focus though of one session. Questions were raised about the cost, due to the $50 wholesale premium being charged to registrars. But ARI Registry Services CEO Adrian Kinderis, who will provide registry services, justified the cost for three reasons – respect for the Australian country code .au, preventing cybersquatting and that it’s expensive to run a TLD, so with less names, costs have to be higher to pay the bills.

Kinderis also believes that the use of a city gTLD such as .melbourne will also help internet users find their desired destination.

If you’re searching for Melbourne, the results for .melbourne will be ranked higher, Kinderis believes. The same with brands. Searching for a brand will rank websites using the brand gTLD higher than other sites.

But for registrants using domains in more generic TLDs, Kinderis believes they will in the main not be ranked highly in search results.