DNS Security Extensions
As the largest distributed look-up system on the Internet and an essential protocol for every Internet interaction that uses names in identifiers (email, web, SIP VoIP, web services, spam filtering, internet messaging, etc.), DNS, which stands for Domain Name System, was originally designed in 1983 for resiliency and scalability of computer networks rather than security. As one of the foundations of the Internet, DNS plays the key role in making sure we can find what we are looking for on the Internet. DNS translates a more usable name for a computer or website, such as a domain name, into an IP address used by network equipment to route traffic and data to the correct computers, servers, and other hardware.
The original DNS standard did not include security, which has become a focal point in today’s internet world. The design of the Domain Name System Security Extensions standard, known as DNSSEC, is to deal with the security shortfalls and vulnerabilities of DNS, such as cache poisoning, "man in the middle"' attacks, and data modification in authoritative servers. DNSSEC essentially protects the DNS by validating the authenticity and integrity of the DNS messaging system. From the Root to TLDs and SLDs, a series of encryption keys are handed off and authenticated, creating a chain of trust. If the keys don't match, DNSSEC will be able to notify of the mismatch and prevent the transaction from going through, rather than routing to bogus servers.
The DNSSEC Root was signed by VeriSign and readied for validation in July 2010. Working towards the building of a secure online experience, several ccTLDs and the .ORG Registry have been signed. .COM is scheduled for the first half of 2011, and the entire Internet user population is expected to be using DNSSEC by the end of 2011.
Security of our networks and our customers’ online experience is very important to 101domain. We are fully committed to supporting the DNSSEC security standard. We are currently working with industry leaders in the field of DNSSEC and Domain Name Security to ensure that we remain at the forefront of the technology and its development. In the end, the workings of DNSSEC will be transparent to the end user and will ultimately support a more secure and reliable worldwide internet.