Afilias and Neustar are teaming with the Internet Systems Consortium to push support for the consortium’s DNSSEC Look-aside Validation registry.
The consortium, commonly called ISC, created DLV to help domain holders secure their domain information. An extension to the DNSSECbis protocol, DLV is designed to aid early DNSSEC adoption by simplifying the configuration of recursive servers. The DLV provides a safe way to look up the validity of DNSSEC information until the root zone is signed.
Domain Name System Security Extensions (DNSSEC) are a suite of specifications for securing certain kinds of information provided by the Domain Name System (DNS) as used on Internet Protocol networks.
There has been a lot of buzz about DNSSEC adoption, in particular since the publicity surrounding researcher Dan Kaminsky’s DNS bug. As a result, DNSSEC adoption is gaining steam, said Ram Mohan, executive vice president and chief technology officer at Afilias.
“While we expect full adoption will likely take several years, more than 12 countries and major TLDs [top-level domains] such as .org and .gov have now implemented it,” he said. “What is now needed is for other members of the ‘chain of trust’-those downstream in the DNS hierarchy that use DNS information in Internet applications and provide access to end users-to implement policies and procedures to handle DNSSEC and consider implications for their organization.
“In particular, ISPs, operating system vendors, and browser software and router providers need to closely examine how they handle DNS information and their transport protocols, the amount of packet size they can handle, bandwidth limitations, and updates required for DNS resolvers and applications that handle DNS responses,” he added.