DIC: Domain Name Registries to Promote DNSSEC

Dec 04, 2008

The DNSSEC Industry Coalition (DIC) was founded in the U.S. with the goal to drive further development and acceptance of the DNSSEC security protocol. The consortium includes a half dozen top Domain Name Registries and software developers that are currently laying out an action plan.

Despite regular crises in the Domain Name System (DNS) and weaknesses of relevant software, such as shown by recent DNS attacks, the DNSSEC protocol has had a slow adoption rate. According to a recent survey by the Measurement Factory, among the estimated 11.9 million existing nameservers only a minute proportion use DNSSEC. The coalition intends to address this issue.

Certain registries have found common ground. Among them are the ones for the top domains .org, .info, .edu, .com, .net, and for country specific ones like .se, .uk, .tv and .cc. Add to these software providers such as ISC and BIND, which is by far the greatest provider of nameserver software.

In their announcement, the members of the DNSSEC Industry Coalition promise to develop common tools and applications to make DNSSEC easier to adopt. They also intend to set an example. The effect this will have on users outside the big ISPs is still to be seen. Technical solutions for DNSSEC have existed for a long time, but top name registries have been reluctant to adopt them up to now.

Related content

  • Security Lessons: DNSSEC

    One of the largest holes in the Internet is finally plugged.


    Some Internet exploits target name resolution servers. DNSSEC uses cryptography to protect the name resolution service.

  • Local DNS with Unbound

    You don't have to be satisfied with your ISP's slow and cumbersome DNS server. Your own Unbound server could improve performance as well as security.

  • 25C3: Dan Kaminsky Invokes DNSSEC

    Dan Kaminsky, front man of the DNS attacks band the middle of 2008, has delivered a retrospective at the 25th annual Chaos Communication Congress (25C3) on the background and process of DNS vulnerability. But he also set his sights on the future. And outside-the-box thinker Dan J. Bernstein also had a thing or two to say.

  • ISC Begins BIND 10 Development

    After 10 years the industry-independent Internet Systems Consortium (ISC) is embarking on a completely new BIND implementation with BIND 10. Its patrons and sponsors should ensure that the market leader in DNS implementation is more secure, flexible and highly scalable, although developers are keeping the details close to their chests at present.

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More