[news release] SIDN, the company behind .nl, announced today that the Dutch country-code domain now has more DNSSEC-signed domain names than any other domain on the internet. In the space of a few short weeks, the number of DNSSEC domain names under .nl has increased from a few hundred to more than 355,000. The growth has propelled .nl ahead of the Czech top-level domain .cz and Brazil’s .br, which were until recently home to the most DNSSEC domain names.
“DNSSEC offers real security benefits, but it can only really deliver them if everyone in the chain, from the registry and the end user, goes over to using it,” explained SIDN’s CEO Roelof Meijer. “We are therefore investing heavily to encourage people to adopt DNSSEC. One of the things we’re doing is giving a discount on signed domain names to registrars that support DNSSEC. So our registrars are able to claw back much of what it costs them to make DNSSEC available to their clients. And the strategy is clearly working: about 130 of our registrars, including several of the very biggest, have already started using the new security extension. What we are seeing now is a snowball effect: as more registrars offer DNSSEC as a security add-on, others are following suit in order to make sure that their service packages match what their competitors are offering.”
Olaf Kolkman of NLnet Labs, the company that helped to get DNSSEC off the ground, is encouraged by the figures. “It’s good to see the rollout of DNSSEC gaining real momentum,” he said. “As well as securing one of the critical elements of the infrastructure, DNSSEC paves the way for much-needed innovation in the field of internet security. That innovation depends on DNSSEC being adopted by a significant percentage of the market. The financial incentive that SIDN is providing and the recent addition of DNSSEC-support to PowerDNS – a software product used by many Dutch registrars – are together creating a perfect storm.”
“DNSSEC represents the biggest change to the DNS ever, and the technology is still quite new. We are proud that the Netherlands has sufficient expertise in this field to support the speedy but controlled rollout of this vital security enhancement within the registrar sector,” commented Bert Hubert, of the Dutch company PowerDNS.
Steve Crocker, Chairman of the Board of Directors, ICANN: “I applaud SIDN’s creative initiative and noteworthy results. I particularly like the constructive effect of the friendly competition among the ccTLDs leaders.”
“When the Registrars’ Association and SIDN discussed the promotion of DNSSEC, we were confident that substantial growth could be achieved, but the level of interest has been amazing,” was the response from the Association’s Vince van Domburg. “This demonstrates just what can be achieved through close cooperation and communication between registry and registrars at both the strategic and technical levels. It’s great to see the .nl zone leading the world – that’s something to be proud of!”
As the internet’s roadmap, the DNS has always been vulnerable to criminal threats such as cache poisoning and ‘man-in-the-middle’ attacks by unidentified parties. The perpetrators of such attacks can divert internet users to fake websites or intercept e-mail, even though the correct domain name is used. These vulnerabilities were underestimated until 2008, when Dan Kaminsky demonstrated that the DNS was easy to manipulate. Kaminsky’s revelations gave urgency to the worldwide rollout of DNSSEC, which had been in progress for some time. DNSSEC tackles the problems identified by Kaminsky. It provides a method for ascertaining whether an incoming DNS response is authentic and originates from the right source. The practical outcome of that is that the DNS is more reliable. In July 2010, ICANN signed the root zone and a month later SIDN followed suit by signing the .nl zone with DNSSEC. Once that had been done, early adopters had the opportunity to have trust anchors added to the .nl zone file during a Friends & Fans phase. On 15 May 2012, SIDN implemented DNSSEC in its Domain Registration System, making it possible for .nl registrars to automate the processes of signing domain names. Detailed information about DNSSEC is available from www.dnssec.nl (in Dutch only).
This SIDN news release was sourced from: