Skip Links

Tighter security coming for .org names

The Public Interest Registry to offer DNSSEC services in June

By , Network World
March 11, 2010 09:49 AM ET

Network World - The Public Interest Registry will add an extra layer of security known as DNS Security Extensions (DNSSEC) to the .org domain in June -- a move that will protect millions of non-profit organizations and their donors from hacking attacks known as cache poisoning.

Comcast launches first public U.S. trial of advanced DNS security

In a cache poisoning attack, traffic is redirected from a legitimate Web site to a fake one without the Web site operator or end user knowing. Cache poisoning attacks are the result of a serious flaw in the DNS that was disclosed by security researcher Dan Kaminsky in 2008.

DNSSEC is an emerging Internet standard that prevents cache poisoning attacks by allowing Web sites to verify their domain names and corresponding IP addresses using digital signatures and public-key encryption

The Public Interest Registry announced Thursday that it will support DNSSEC for first and second-level .org domain names. With nearly 8 million registered domain names, the .org domain is one of the Internet's largest generic top-level domains to deploy DNSSEC.

"When we first announced last year the signing of our zone, we showed that DNSSEC was not a utopian vision, but that it was needed for the future of the Internet," says Alexa Raad, CEO of The Public Interest Registry. "Everything runs on DNS. If you believe that there are going to continue to be more and more applications that run on DNS, then you have to think about DNSSEC."

Raad expects operators of .org Web sites to rapidly deploy DNSSEC.

"There are credit unions that use .org…and there are non-profit organizations that are in fundraising and have been targets for attacks, some of them quite public," Raad says. DNSSEC "will allow our customers who require security to have it."

The Public Interest Registry and its back-end services provider Afilias have been testing DNSSEC since last summer. They are working with 10 registrars to sign DNS queries. Several high-profile Web sites including www.ietf.org run by the Internet Engineering Task Force and www.isoc.org run by the Internet Society are signing their domains as part of the .org domain's ongoing DNSSEC trial.

"There have not been any significant problems," says Jim Galvin, director of strategic partnerships and technical standards with Afilias. "Testing has done for us what it's supposed to do. We've been engaging with all of the parties in terms of deploying DNSSEC and ensuring that it's ready for the broader community."

DNSSEC is being deployed across the Internet infrastructure, from the root servers at the top of the DNS hierarchy to the servers that run .org and other top-level domains, down to the servers that cache content for individual Web sites. All of these pieces must be in place for DNSSEC to protect an individual Web site.

The timing of .org's deployment of DNSSEC is ideal, given that the Internet's root zone will be signed on July 1.

Other top-level domains that are in the process of deploying DNSSEC or have already done so include the U.S. federal government's .gov domain and country code top-level domains operated by Sweden, Puerto Rico, Bulgaria and Brazil.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News