DNSSEC is a protocol designed to help secure the DNS against attacks by cache poisoning. The purpose of such attacks is to capture and divert requests without users realising it, the risk being that users may disclose personal data in the belief that they are on the legitimate site.
Since the disclosure of the “Kaminsky flaw” in 2008, a number of registries have agreed to accelerate the work already underway on implementing DNSSEC. The root of the DNS was signed in July 2010. To date, a dozen registries have already signed their TLDs and this figure will increase in coming months.
In the next few days, the public key associated with the .fr TLD will be published in the root servers. As of next week, AFNIC will start consultations with the registrars, in order to set up the system enabling them to publish the signature information for domain names under .fr, such as afnic.fr.
The work of AFNIC will then continue with the set-up of training and assistance services for registrars and DNS server administrators wishing in turn to deploy DNSSEC. For their benefit, AFNIC is also publishing a comprehensive issue paper devoted to DNSSEC issues and operation, with the questions to ask in order to prepare its deployment.
Finally, from September 20th, onwards, AFNIC will be releasing version 3 of “ZoneCheck”, its DNS configuration test tool, a free software tool that integrates DNSSEC configuration tests, and is available on www.zonecheck.fr.
The real challenge facing the success of DNSSEC depends on its adoption by the registrars, ISPs and all the structures managing their own DNS servers. Without that wide-scale acceptance, the chain of trust will not be established and DNSSEC will only have a limited impact.
As a DNS expertise centre, AFNIC intends to make that transition as easy as possible by sharing and transferring its know-how.
Download the issue paper “DNSSEC : Domain Name Sytem Security Extensions” (2,3 Mo).
Further information about issue papers already published by AFNIC.
(Association Française pour le Nommage Internet en Coopération )
Non-profit organization, AFNIC is in charge of the administrative and technical management of the .fr (France) and .re (Reunion Island) Internet domain names.
AFNIC brings together public and private members: representatives from the French government, Internet users and Internet Service Providers (Registrars).