DNSSEC: there's still a long way to go


We warned last week that only around half (53 per cent) of global top level (TLD)domains are ‘secure’ – meaning they have been signed with domain name system security extensions (DNSSEC). Despite the Internet Society correctly lauding the 50 per cent milestone for DNSSEC TLD adoption as having been hit earlier this month, the fact remains that over three years on from DNSSEC having been introduced, 47 per cent of TLDs remain open to malicious tampering.




There are many dangers with unsecured top level domains, not least that the DNScan be spoofed and potentially direct Internet users straight into the hands of cyber criminals via fake websites that often look just like the real thing. However, as BobTarzey, analyst/founder at QuoCircapoints out in this SC Magazine articleDNS is known to be one of the easiest things to target in a distributed denial of service (DDoS) attack.




Securing the TLD is just one (but very necessary) step. But the attention should also be on individual website owners to also sign their domain.Last year, Google stated that just seven per cent of queries from the client side are DNSSEC enabled. Whilst this has no doubt increased since then, the fact remains that DNSSEC adoption generally is very low and there is a long way to go before we can claim to have a safer Internet.