Nominet will give .uk domain owners a DNSSEC service to prevent hackers spreading counterfeit addresses
Nominet, gatekeeper to the .uk kingdom, is attempting to make its part of the Internet safer by promoting a secure version of the Internet’s directory – the domain name system (DNS).
Nominet is offering a free trial of the DNSSEC (DNS Security Extension), a secure version of the DNS protocol, designed to prevent hackers from “poisoning” the Internet’s directory system with false entries that can trap the unwary.
The Internet’s ‘Yellow Pages’
The domain name system (DNS) is essentially the Internet’s phone book, translating human language domain names into numerical Internet addresses.
DNSSEC, which was approved for use in the US by ICANN last year, is designed to guarantee users that the DNS information returned in a query is valid, from the correct source and its integrity has not been breached during transmission.
The secure protocol can specifically protect against two types of attack known as “cache poisoning” and “man-in-the-middle attacks” that can be used to distribute malicious software and commit fraud by directing users to phony sites.
Back in December 2009, for example, the DNS (Domain Name System) settings for Twitter.com were hijacked, resulting in the redirection of around 80 percent of site traffic to a site purporting to be under the control of the Iranian Cyber Army.
However, the secure DNS extensions have not been taken up rapidly as they are complex to administer. By offering a free pilot trial, Nominet wants to get the ball rolling, before later offering a paid-for service, in which it is expected that DNSSEC extensions will cost about 50p per user per year in 2013.
Trial is for testing only
Nominet says the trial means registrars who are its customers “can quickly and easily start offering DNSSEC as a security product to their customers with very few overheads and without significant and costly infrastructure development.”
However, this public pilot is really only for testing, as Nominet says on its website: “We are currently offering a public pilot of the DNSSEC Signing Service. This system interacts with live DNS data and theoretically can be used to DNSSEC sign live zones. We strongly recommend that you thoroughly test your use of this service and in the pilot stage it is only used for testing.”
Nominet has published details of the service.
Approved in the US
DNSSEC was approved for use by ICANN in the US one year ago and it was said at the time that will eventually allow Internet users to know with certainty that they have been directed to the website they intended to reach in the first place.
ICANN also believes that once DNSSEC is fully deployed, it will help prevent criminals from redirecting users to fake websites that can be used to perpetrate cyber crimes.
The domain name system stores the world’s Internet addresses and its security is vital. It was speculated last year that the domain name system is consulted up to a trillion times each day by the world’s 1.8 billion Internet users, a figure which has surely grown since.