DNSSEC deployment to commence in .au
.au Domain Administration (auDA) today announced the launch of a phased plan for the deployment of Domain Name System Security Extensions (DNSSEC) in the .au domain.
The plan, developed in conjunction with the .au registry operator, AusRegistry Pty Ltd, outlines a five-stage process to introduce DNSSEC into .au and its second-level zones (com.au, net.au etc)
The implementation plan, scheduled to commence in September, allows for:
- experimentation and testing of core systems
- the gradual “signing” of second level .au domains and the .au TLD
- a trial implementation for .au domain registrants
- full production rollout to registrants.
At the end of each stage, a review will be undertaken by auDA’s independent Security and Stability Advisory Committee (SSAC), chaired by Professor Bill Caelli from the Queensland University of Technology.
DNSSEC is a security extension that facilitates the digital signing of internet communications, helping to ensure the integrity and authenticity of transmitted data. Once fully implemented, DNSSEC offers additional protection against a range of vulnerabilities such as cache-poisoning, man-in-the-middle attacks and the Kaminsky exploit.
"When the Internet was first developed, it was designed to be massively scalable, not inherently secure” said auDA’s CEO, Chris Disspain. “DNSSEC can provide an extra level of security to help ensure that Australian Internet users will be directed to the website or service they expect when they enter a domain name into their browser.”
Given DNSSEC operates via a chain-of-trust, it will be most effective once every element between the Internet’s core infrastructure and the end user is DNSSEC-enabled. Accordingly, the fifth stage of the implementation plan will be the active encouragement of Australian ISPs and domain name registrants to adopt DNSSEC.
“Once the .au zone and its second level zone are signed, it will be up to ISPs, registrars and corporate entities with a significant web presence to extend the reach of DNSSEC to the end user” said Disspain.
“Given there are no immediate commercial incentives for them to do so, auDA believes that the Australian Government will play an important role in helping to deliver the message about the importance of DNSSEC for the security of Australia’s internet infrastructure.”
Jenelle Backman (Public Affairs Officer)
Ph 03 8341 4111
Paul Szyndler (General Manager, Public Affairs)