The number of .nl (Netherlands) domain names protected by DNSSEC is approaching half (46%) of all registrations, but there are two sectors in particular that are lagging according to a recent support from the .NL registry SIDN. The banking sector with only 6% and ISPs with 22% of registrations are lagging behind other sectors when it comes to protecting domain names with DNSSEC.
A previous inventory in 2014 found that financial service providers, listed companies, government organisations and internet service providers were lagging a long way behind other sectors. Since then, the number of signed domain names in all the underperforming sectors has risen, but most remain disappointing compared with the pace-setters. Government organisations form an exception, however: they are doing much better than three years ago, rising from 11% of government websites being secured to 59% today, putting the government third in the sector league table.
Over the last two years, various new safety applications have been rolled out, which piggy-back on the DNSSEC infrastructure. As a result, DNSSEC has gone from being a technology-driven expense to being an enabler for key security applications designed to tackle phishing, spamming, spoofing and other email abuses.
In addition, the obstacles in the way of secure domain name transfers have recently been resolved. SIDN has developed a method that enables registrars all over the world to transfer domain names securely, by following a uniform procedure based on EPP (the Extensible Provisioning Protocol). Last week, the new method was formally adopted as a global standard by the Internet Engineering Task Force (IETF).
“Against that backdrop, it’s hard to think of any good reason for not implementing DNSSEC protection,” continues Meijer. “We believe that it’s now up to the big internet service providers to act. It’s really important that they get behind DNSSEC, because the protocol is only effective if ISPs commit to validating domain names’ digital signatures. Late last year, XS4ALL took the plunge and became the first national internet service provider to enable DNSSEC validation.”
For the DNSSEC Inventory 2017, SIDN analysed more than seven thousand domain names in four general sectors: financial services, the public sector, internet and telecom service providers, and listed companies. The analysis made use of the DNSSEC Portfolio Checker developed by SIDN labs.
DNSSEC involves the cryptographic protection of domain name information. It makes the internet’s ‘signpost system’ more secure and more reliable. If a domain name is secured with DNSSEC, people who want to visit the associated website are protected against being misdirected to a fraudster’s IP address. Without DNSSEC, there’s a risk that, despite entering the right domain name, people will end up on a fake site set up to trick them. DNSSEC also forms the basis for new applications, such as systems for making e-mail safer and easily sharing cryptographic keys for securing internet communications.