About Us Membership Resources OTA Members Login

Anti-Malvertising  l   Data Breach   l   DNSSEC  l   Email Authentication    I    EV SSL Certs   l    Messaging Ecosystem Security 

DNSSEC RESOURCES     

 Implementation Tools & Resources        Adoption Reports        News & Headlines

The Domain Name System (DNS), the Internet’s addressing system, is the most critical component of the Internet infrastructure. Without it, the Internet could not function. Email cannot be received and users would be unable visit web sites.   As with the majority of internet services, the DNS was not securely designed.  As a result, it is vulnerable to man-in-the-middle (MITM) attacks and cache poisoning. These threats use forged data to redirect Internet traffic to fraudulent sites and unintended addresses.

Domain Name System Security Extension (DNSSEC) adds security to the DNS. It is designed to help address MITM attacks and cache poisoning by authenticating the origin of DNS data and verifying its integrity while moving across the Internet.  Today DNSSEC is an Internet Engineering Task Force (IETF) set of specifications that secures communication between DNS name servers and clients.  

DNSSEC mitigates the risk of customers becoming the unwitting victims of cyber crimes when they attempt to access a resource. It is vital for organizations with a large online presence, e-commerce operations, and high-value brands.  By strengthening DNS security, DNSSEC increases trust for a multitude of Internet activities, including e-commerce, online banking, email, VoIP, and online software distribution. The more widely it’s deployed, the greater the benefits of DNSSEC for the global Internet community.

Recognizing the Federal government's reliance on the internet, in August 2008, the Office of Management and Budget (OMB) issued a memo directing all Federal agencies to deploy DNSSEC. According to the OMB, "DNSSEC provides cryptographic protections to DNS communication exchanges, thereby removing threats of DNS-based attacks and improving the overall integrity and authenticity of information processed over the Internet." Today adoption is growing with upwards of 70% of the top 50 government sites fully DNSSEC compliant. 

When DNSSEC is used in conjunction with other best practices including use of Extended Validation Secure Sockets Layer (SSL) certificates, Email Authentication and a comprehensive data stewardship and a data loss readiness plan, users and online brands protection from online threats can be maximized.  

Status
The root zone is signed for .org, .net and .gov today.  .com will be fully supporting DNSSEC by the end of March.  OTA recommends businesses should begin planning for DNSSEC deployment today.

  • .gov - Currently enabled

  • .org - Currently enabled.

  • .net - Currently enabled

  • .com - Currently enabled

 

 

To recommend additional links to this site, please email staff@otalliance.org

Revised March 26, 2011