IEDR launches DNSSEC in '.ie' domain name space


IEDR, the Irish Domain Registry, has announced that it will enable registrars and registrants to submit Domain Name System Security Extensions (DNSSEC) data in the ‘.ie’ domain name space in early 2015 using the IEDR online systems. IEDR deployed the first DNSSEC zone in the ‘.ie’ namespace in November 2014 and interested parties could submit requests for DNSSEC, but only via encrypted email. DNSSEC offers ‘.ie’ domain name holders, their customers and general internet users an additional level of security.

DNSSEC was designed and implemented as a response to address the inherent security vulnerabilities in the way that the Domain Name System operates. Due to these inherent vulnerabilities, it is possible to divert internet users away from their intended website destinations and to redirect them to third-party websites without their knowledge. This can result in the dissemination of computer viruses, malware and even theft of sensitive financial and personal data.

DNSSEC seeks to mitigate this situation by introducing an additional level of security at the level of the domain name servers which will ensure that internet users will be alerted to any possible re-direction to a third-party website that is not their intended destination.

The purpose of this additional layer of security is to protect websites associated with ‘.ie’ domain names from online attacks. These online attacks can take the form of ‘DNS spoofing’, where a hacker gains access to the domain name servers (DNS) where a domain name is hosted in order to redirect visitors to a website of the hacker's choosing, or ‘DNS hijacking', where a hacker can modify DNS data to gain control of the complete DNS information of the domain name.

Moreover, online attacks can also be used to try and obtain users' personal information, such as bank details. This type of fraudulent activity is not only a serious threat to users, but can also have a detrimental effect for the domain name holder and their online business. Such fraudulent activity can result in a loss of revenue as well as a loss in consumer confidence in relation to the online business in question. Thus, DNSSEC aims to build a "chain of trust" between users and the websites they visit.

Billy Glynn, the IEDR DNSSEC programme manager, has been quoted as saying: "We’re delighted to have pushed out our first DNSSEC signed zone. We’ve been signing the ‘.ie’ zone in parallel systems for over two years now and we feel this is a good time to deploy in production."

CIRA, the Canadian Internet Registration Authority, also announced that it would begin implementing DNSSEC in the ‘.ca’ domain name space. Thus the recent announcement by IEDR is another demonstration that, as the global domain name world continues to change and expand, the need for domain name security is becoming ever more important.

David Taylor and Tony Vitali, Hogan Lovells LLP, Paris

Get unlimited access to all WTR content