Real Progress for DNS Security; Internet Systems Consortium, NL.net Labs and RIPE NCC Begin Interoperability Work.Business Editors/High-Tech Writers AMSTERDAM--(BUSINESS WIRE)--Jan. 28, 2004 Internet Systems Consortium In January 2004 the projects, assets and staff of Internet Software Consortium were transferred to a new company, Internet Systems Consortium. The new company is a US Federal 501c(3) public-benefit, non-profit corporation. , Inc. (ISC (1) (Internet Systems Consortium, Redwood City, CA www.isc.org) An organization founded by Paul Vixie, Carl Malamud and Rick Adams in 1994 and later sponsored by UUNET and other Internet companies. ) together with NL.net Labs and the RIPE NCC NCC See National Clearing Corporation (NCC). sponsored a workshop last week resulting in real progress on the long awaited DNS (Domain Name System) A system for converting host names and domain names into IP addresses on the Internet or on local networks that use the TCP/IP protocol. For example, when a Web site address is given to the DNS either by typing a URL in a browser or behind the Security standards. "The goal of this workshop was to test if the Internet drafts were complete enough to base interoperable implementations on that can be deployed outside test labs," stated Olaf Kolkman, Scientific Programmer at the RIPE NCC. The Internet drafts have recently moved to "last call" status as they make their way through the formal process of the IETF See Internet Engineering Task Force. IETF - Internet Engineering Task Force , the standards body responsible for defining global Internet protocols and policies. The Domain Name System (DNS) translates domain names in email and web addresses, such as isc.org, into IP addresses. As such it enables the functioning of email, the web, and other Internet services. It has become increasingly critical as the Internet has grown. However, security for the DNS has not kept pace with its importance, leaving nameservers vulnerable to a number of attacks that can cripple the ability of a nameserver to provide data, or allow an attacker to provide false data. Domain Name System Security, 'DNSSEC' in the technical community, is a major step towards addressing these shortcomings A shortcoming is a character flaw. Shortcomings may also be:
Suzanne Woolf, Software Engineering Manager at ISC, commented, "We were pleased to be able to co-sponsor an event that moves DNSSEC (DNS SECurity) A set of extensions to the DNS system that are designed to prevent attacks agains the DNS system as well as DNS hijacking, which directs the user to an erroneous Web site. DNSSec uses a digital signature to ensure that the correct IP address is used. a step closer to becoming a reality. ISC will have a version of BIND that supports DNSSEC ready concurrent with the final release of the standard." BIND, and its derivatives, is the most popular software implementation of the DNS protocol running on over 75% of the nameservers on the Internet. Interoperability is key to the success of any standard. Workshop co-sponsor NL.net Labs spokesperson, Ted Lindgreen stated, "Real progress was made. We were able to test DNSSEC on different software implementations of the protocol, our own NSD NSD Nairobi sheep disease. and ISC's BIND. Collaboration is the key." NSD is in use by two root servers and several ccTLDs. RIPE NCC, the Regional Internet Registry A regional Internet registry (RIR) is an organization overseeing the allocation and registration of Internet number resources within a particular region of the world. Resources include IP addresses (both IPv4 and IPv6) and autonomous system numbers (for use in BGP routing). serving Europe, the Middle East, Central Asia and Northern Africa, was the third co-sponsor of the workshop. Olaf Kolkman, workshop attendee and spokesperson for the RIPE NCC added, "DNSSEC is a technology that will secure one of the Internet's core protocols which, when deployed, will make the Internet a more secure place for businesses and individuals. From that perspective, we have an interest in moving the process along." While DNSSEC will not become an official, documented Internet standard until it completes the protocol cycle through the IETF, this workshop and collaborative efforts of all who attended moves the process along significantly. The official report to the IETF was released by Suzanne Woolf and can be found at: http://ops.ietf.org/lists/namedroppers/namedroppers.2004/msg00065.html Additional reports and information can be found at www.isc.org, www.nlnetlabs.nl and www.ripe.net. |
|
||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion