DNSSEC improves Internet security

23/10/2006

The DNSSEC standard can significantly improve Internet security by protecting the critical domain name system (DNS). The standard is relatively easy to introduce. This is shown in a report by the National Post and Telecom Agency (PTS).

DNS, the Internet's 'address book', is critical for enabling e-mail to reach the right recipient and users to get to the right website. An increase in the number of users of services such as IPTV and IP telephony will also increase the dependence of society on DNS. The system is, however, vulnerable – an infected DNS may result in a hidden attacker being able to redirect e-mail, steal information via false websites or interfere with financial transactions and communications using the system.

Swedish top domain is first with new standard

The Swedish top domain .se, administered by the II Foundation, will be the first in the world to introduce DNS Security Extensions (DNNSEC) – a more secure technology for name searches on the Internet. DNNSEC works with digital signatures and consequently the system, and thereby the Swedish part of the Internet will become much more secure.

However, in order for DNNSEC to be able to function in Sweden, technology must also be introduced at the lower levels of DNS – among other things for name servers managed by undertakings, authorities and Internet operators.

Test shows that the system is easy to use

PTS has commissioned an installation test for DNSSEC. This shows that the introduction of the standard is generally easy for name server operators to implement. However, some automated and standardised tools are missing as is the introduction of support for DNNSEC on all types of platforms. PTS hopes that the report can also be used as a handbook for those name server operators who want to introduce DNSSEC.

PTS has submitted reports to the Government on two occasions regarding a strategy for improved Internet security in Sweden. The report 'Increased trust in the Internet through improved security of the domain name system' represents part of this work.

The report (summary in English)

For more information:
Anders Rafting, Network Security Department, +46 (0)708-11 40 68