<h1>
Internet takes DNSSEC on board
</h1>
<div id="article_subtitle"><a href="http://www.networkworld.com/news/2010/071510-internet-takes-dnssec-on.html?hpg1=bn">http://www.networkworld.com/news/2010/071510-internet-takes-dnssec-on.html?hpg1=bn</a><br>
<br>Root servers get assigned
security standard</div>
<div id="article_author">
By Maxwell Cooter, TechWorld <br> July 15,
2010 10:21 AM ET
</div>
<div id="sharetop" class="storytools"></div>
<p class="first">The Internet is set to get a
whole lot safer, the security standard DNSSEC is set to be assigned to
the Internet's 13 root
servers from later today.
</p>
<p>It makes the end of a long trail; DNSSEC has been some years in its
implementation yet <a href="http://news.techworld.com/security/116607/companies-still-shy-away-from-dnssec/">has
still failed to penetrate the wider market</a>, despite the efforts of
IETF, the Internet registries and the US government.
</p>
<div class="incontent_ata"><a href="http://www.accelacomm.com/jaw/nwwlib/7/51030950/&SOURCE=00008550001112NWW4U4PB3CGRK">Re-Inventing
Network Security: Download now</a></div>
<p>Naming registry ICANN has been working with Verisign and the US
department of commerce for some time to make DNSSEC a more
integrated part of the Internet infrastructure. ICANN's DNS director,
Joe Abley, said that the rollout of DNSSEC to the root
servers had been a long one. "We Started rolling it since January -
it's a slow rollout,. We've taken 6 months to do this
- it's not like in enterprises where you trial something and go live
next week.
</p>
<p>According to Daniel Karrenberg, chief scientist with European
regional Internet registry RIPE-NCC, the assignation of DNSSEC
to the root servers is going to take away a considerable burden from
ISPs as it will eliminate a big maintenance headache.
"Once DNSEC is assigned to the root servers, there's no longer any
need for ISPs to do any configuration, they'll be able
to verify DNS right from the top," he said. With this technology,
Internet users will be able type a website address and be
confident that the website being displayed is coming from an
authorised server. He warned that the average users wouldn't
notice much difference "There'll be no padlocks suddenly appearing on
browsers, or anything like that," he said but he added
that life should now be easier for service providers and T
departments.
</p>
<div id="related_content"></div>
<p>Both Abley and Karrenberg warned that it might not be plain sailing.
"Anytime you make a change to an established system,
it's been well understood - there's an instilled knowledge how this
will work, "said Abley. "With something new, you always
get a risk - we're trying to manage that risk"
</p>
<p>The DNSSEC move doesn't mean that the Internet is automatically
secure said Kevin Hogan, director at Symantec Security Response.
"It's a start and a very big start. However, any expectation that
this milestone marks the date that the Internet suddenly
becomes safe is exaggerated. To be effective, DNSSEC needs to be
implemented down the whole DNS chain, from the root down
to your ISP or company, so there are still many more milestones to be
achieved before DNSSEC can achieve some of its promise,
even if cyber criminals don't identify ways around the signed
response safeguard," he said.
</p>