VeriSign Warns of DNS Security Risks
The CSO of VeriSign discusses his concerns about domain collisions and the risks they entail.Danny McPherson, the chief security officer of VeriSign, is worried about the future security of the Domain Name System (DNS), which his company helps to keep stable and secure. Among the biggest risks is the continued stability of DNS in an era where domain name collisions are growing. The DNS risks that VeriSign sees are outlined in a 33-page report titled "SSR3: Security, Stability, Resiliency Update: Operational Foreshocks" that has not yet been publicly published by VeriSign. A domain name collision occurs when a publicly reachable top-level domain has the same name as a privately addressable name on a company or carrier network. For example, if an enterprise network has a .domain (dot-domain) name space in its own network, it would be considered a collision if there was also a .domain (dot-domain) top-level domain that is publicly reachable over the Internet. With the increase in new top-level domains in 2014, there has been an increase in domain name collisions. "There have been domain name collisions that have resulted in network interruptions for enterprises," McPherson told eWEEK. "There have also been cases where confusion and usability with the new top-level domains have led to phishing attacks."
One of the reasons why the Internet has been successful is because DNS provides a stable navigation anchor, according to McPherson. VeriSign helps operate some of the root DNS servers that enable the modern Internet to function. VeriSign is also the manager of the popular dot-com and dot-net domain registries, which it operates under contract with the Internet Corporation for Assigned Names and Numbers (ICANN).
"If you type a domain name into a Web browser, you expect to get predictable results," McPherson said. "One of the biggest concerns we have is that if people are not adequately prepared for new generic top-level domains (gTLDs) or if the root DNS server systems become unstable in some manner, it could lead to the fragmentation of the Internet."