DNSSEC is a protocol designed to help secure the DNS against attacks by cache poisoning. The purpose of such attacks is to capture and divert requests without users realising it, the risk being that users may disclose personal data in the belief that they are on the legitimate site.
Since the disclosure of the “Kaminsky flaw” in 2008, a number of registries have agreed to accelerate the work already underway on implementing DNSSEC. The root of the DNS was signed in July 2010. To date, a dozen registries have already signed their TLDs and this figure will increase in coming months.
In the next few days, the public key associated with the .fr TLD will be published in the root servers. As of next week, AFNIC will start consultations with the registrars, in order to set up the system enabling them to publish the signature information for domain names under .fr, such as afnic.fr.
The work of AFNIC will then continue with the set-up of training and assistance services for registrars and DNS server administrators wishing in turn to deploy DNSSEC. For their benefit, AFNIC is also publishing a comprehensive issue paper devoted to DNSSEC issues and operation, with the questions to ask in order to prepare its deployment.
Finally, from September 20th, onwards, AFNIC will be releasing version 3 of “ZoneCheck”, its DNS configuration test tool, a free software tool that integrates DNSSEC configuration tests, and is available on www.zonecheck.fr.
The real challenge facing the success of DNSSEC depends on its adoption by the registrars, ISPs and all the structures managing their own DNS servers. Without that wide-scale acceptance, the chain of trust will not be established and DNSSEC will only have a limited impact.
As a DNS expertise centre, AFNIC intends to make that transition as easy as possible by sharing and transferring its know-how.
Download the issue paper “DNSSEC : Domain Name Sytem Security Extensions” (2,3 Mo).
Further information about issue papers already published by AFNIC.
(Association Française pour le Nommage Internet en Coopération )
Non-profit organization, AFNIC is in charge of the administrative and technical management of the .fr (France) and .re (Reunion Island) Internet domain names.
AFNIC brings together public and private members: representatives from the French government, Internet users and Internet Service Providers (Registrars).
Afnic is the acronym for Association Française pour le Nommage Internet en Coopération, the French Network Information Centre. The registry has been appointed by the French government to manage domain names under the .fr Top Level Domain. Afnic also manages the .re (Reunion Island), .pm (Saint-Pierre and Miquelon), .tf (French Southern and Antarctic Territories), .wf (Wallis and Futuna) and .yt (Mayotte) French Overseas TLDs.
In addition to managing French TLDs, Afnic’s role is part of a wider public interest mission, which is to contribute on a daily basis, thanks to the efforts of its teams and its members, to a secure and stable internet, open to innovation and in which the French internet community plays a leading role. As part of that mission, Afnic, a non-profit organization, donates 90% of its profits to its Foundation for Digital Solidarity. Afnic is also the back-end registry for the companies as well as local and regional authorities that have chosen to have their own TLD, such as .paris, .bzh, .alsace, .corsica, .mma, .ovh, .leclerc and .sncf.
Established in 1997 and based in Saint-Quentin-en-Yvelines, Afnic currently has 80 employees.