Last Week The Internet Corporation for Assigned Names and Numbers (ICANN), the organization in charge of the internet’s Domain Name System (DNS) infrastructure has issued an warning for all domain name owner and DNS service provider to migrate to DNSSEC as soon as possible. ICANN said it “believes that there is an ongoing and significant risk to key parts of the Domain Name System (DNS) infrastructure,”
DNSSEC stands for Domain Name System Security Extension, is a suite of Internet Engineering Task Force (IETF) specifications for securing certain kinds of information provided by the Domain Name System (DNS) as used on Internet Protocol (IP) networks. DNSSEC allows domain owners to digitally sign DNS records. Digitally signing DNS records can prevent unauthorized users from accessing and modifying DNS entries without a private DNSSEC signing key which should be in possession of the legitimate domain owner.
The warning from ICANN comes in the backdrop of increasing reports of malicious activity targeting the DNS infrastructure. Various public reports indicate that there is a trend of multifaceted attacks utilizing different methodologies. Some of the attacks target the DNS, in which unauthorized changes are made in DNS records (usually replacing the legitimate records by server address in control of the attackers). ICANN officials said DNSSEC would have prevented the recent DNS hijacking attacks that have made headlines in the past two month. In the beginning of this year US cyber security firm published a report of an attack by an Iranian hacker who intruded into domain name registrar accounts and changed DNS records of private and government entities. US department of homeland security issued an warning about the attack and advised all domain owners to review their DNS records to ensure legitimacy.
Recommending domain owners to switch to DNSSEC, ICANN said “ICANN has long recognized the importance of DNSSEC and is calling for full deployment of the technology across all domains. Although this will not solve the security problems of the Internet, it aims to assure that Internet users reach their desired online destination by helping to prevent so-called “man in the middle” attacks where a user is unknowingly re-directed to a potentially malicious site.” Though DNSSEC protocol has been in place since two decades, a very little interest has been seen among domain owners to utilize it. So far DNSSEC adoption has yet to reach to 20%, more than 80% registered domain names still remains at the blink of vulnerability against any malicious interest.