New Zealanders will be able to better secure their web presence from today, thanks to a major technical security deployment by InternetNZ subsidiaries .nz Registry Services (NZRS) and the Domain Name Commission (DNCL).
Following more than two years of behind-the-scenes work, the DNSSEC (Domain Name System Security Extensions) protocol has been implemented across New Zealand’s un-moderated second level domain space, including the widely used .co.nz. The next few months will see DNSSEC progressively adopted across all moderated second level domains, including .govt.nz.
DNSSEC is a security protocol that sits atop the Domain Name System (DNS). Developed early in the history of the Internet, the DNS maps IP addresses to human readable domain names. However, the original security built into DNS was weak and hackers have developed ways to 'spoof' DNS data and redirect legitimate traffic. DNSSEC combats this vulnerability.
Domain Name Commissioner Debbie Monahan says now that DNSSEC has been deployed across the top level and open second level .nz domain space New Zealand website owners can make use of the protections it offers.
“DNSSEC is akin to a driver knowing that the road sign they are looking at is pointing them in the right direction and not leading them astray,” she says. “Once website owners implement DNSSEC, visitors to their site can be guaranteed they are reaching a legitimate site. This will be highly attractive for banking institutions or other organisations or individuals wanting to transact securely with their customers.”
Monahan describes DNSSEC as a milestone in the security of New Zealand’s Domain Name System. It is one of the key building blocks to securing a web presence and an important tool in mitigating against malicious online activity involving domain names.
NZRS DNS Specialist Sebastian Castro designed and managed the implementation of DNSSEC in .nz. He says enabling DNSSEC is the first step to supporting a new set of security services and extensions such as DANE, that rely on the ability to securely authenticate and verify DNS data.
“We are proud of the open process the Domain Name Commission and .nz Registry Services followed for this project, and recognise the important involvement of New Zealand’s technical community. This approach sets an example to other countries regarding technical policy development and innovation,” he says.
Already, over 50 countries have deployed DNSSEC and adoption is expected to rapidly pick up over the next few years, both in other country code domains and amongst infrastructure and service providers.
More information about DNSSEC in New Zealand is available at www.dnc.org.nz/dnssec. Included is key information on how people can set up DNSSEC on their .nz domain names.