Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

DNSSEC is about creating a “chain of trust,” adds Ram Mohan, CTO of Afilias, which has been working to help the Public Interest Registry handle its deployment. There are many places where DNSSEC must be switched on in order for the chain of trust to flow unbroken from the user to a website. Once a top-level domain (such as .org or .com) implements DNSSEC, any website under that domain can choose to turn on DNSSEC as well, which is an important link in the chain. Since Internet service providers such as Comcast have started supporting DNSSEC, Mohan says, it’s becoming possible for some website visits to fall largely under the protection of DNSSEC.

Paul Vixie, president of the Internet Systems Consortium, which maintains BIND, the software most commonly used to process DNS messages, expects the move toward DNSSEC to snowball. “With .gov and .org signed, there’s finally a market for DNSSEC technology and services,” he says. “Now that some others are implementing DNSSEC, many others will want to be in the business of providing DNSSEC solutions, and that will in turn make it possible for a lot of fence-sitters to finally climb down and join us.”

Kaminsky himself was initially neutral on DNSSEC as a possible solution to the flaw that he discovered with DNS. He now sees DNSSEC as a good solution, but cautions that work still needs to be done to help it scale up. Most important, he says: other root domains, which are at the core of all DNS transactions, need to use DNSSEC. Although DNS was never designed to be at the heart of authentication on the Internet, “it is, and it’s time we start treating it that way,” Kaminsky adds.

Mohan says that he’s hopeful that more domains will implement DNSSEC soon. “It’s about damn time that DNS got more secure,” he says. “The integrity of DNS traffic is starting to be questioned with the advent of phishing and botnets and stuff like that. Here is a concrete thing that can be done that is proven to eliminate a clear problem.”

2 comments. Share your thoughts »

Credit: Technology Review

Tagged: Computing, Web, security, Internet, Internet infrastructure, Internet protocols, DNSSEC, DNS flaw

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me