Swedish hosting provider Binero has DNSSEC-signed all customer .se-domains, increasing the total amount of signed .se-domains from 5000 to more than 100 000. Nearly one in ten Swedish domains are now validated against attacks with manipulated dns-information, like pharming. Binero offers the DNSSEC-validation free of charge and becomes the second largest provider in the world for DNSSEC-signed domains. The aspiration is for more actors to follow this example in order to secure the entire .se-zone.
– DNSSEC-validation will not gain general acceptance as long as it is offered by few, often at an additional cost. At Binero we want to do better than that, so we offer all our customers DNSSEC-validation free of charge for domains registered through us. We hope our industry colleagues will follow our example, said Binero founder and CEO, Anders Aleborg.
It has long been possible to manipulate the information between the recursive resolver name server and the web browser (DNS-cache poisoning). It is a known way to divert internet traffic in order to steal the mail- or credit card information of visitors (pharming).
A solution to this is to DNSSEC-validate the domain zone. When a domain name is requested by a browser, the signature is checked against a key with the party responsible for the domain zone in question. Most Swedish internet service operators (ISP:s) have DNSSEC-validated resolvers today, but few other than them. As of November 2011, there were still only 5089 validated .se-domains, in spite of the top domain administrator, .SE having called for DNSSEC-adoption since 1999. .SE warned of manipulated dns-information among .se-domains as late as December 2011.
– In 2011 alone, five SSL-certificate providers or their resellers have had problems with unreliable certificates, and the problem is increasing as more money is invested online, said Anne-Marie Eklund Löwinder, Chief Security Officer with .SE, referring to among others the Diginotar case where several global mail services where among the ones with false certificates.
This month, Swedens third largest reseller of .se-domains, Binero hosting has DNSSEC-signed the .se-domains of all customers, nearly 100 000 without charging anything extra.
– This DNSSEC-validation along with the one by ISP:s increases security both directly and also indirectly, by increasing the ability to reliably spreading security attributes like ssh-keys, SSL-certificates and similar. We applaud the registrars who have gone ahead and DNSSEC-validated and we expect DNSSEC to become a compulsory requirement for registrars as well as for customers during 2012, said Danny Aerts, CEO of the .SE Registry.
You can check if a .se-domain is DNSSEC-secured on http://dnscheck.iis.se/
Graphs (4th fr top): https://www.iis.se/en/domaner/statistik/tillvaxt?chart=per-type/
For more information, please contact:
Anders Aleborg, CEO, Binero, +46 (0)76-804 42 00, anders.aleborg@binero.se
Erik Arnberg, Marketing Manager, Binero, +46 (0)70-398 75 34, erik.arnberg@binero.se
Maria Ekelund, Head of Communications, .SE, +46 (0)70-777 44 87, maria.ekelund@iis.se
A-M Eklund Löwinder, Head of Quality and Security, .SE, +46(0)8-452 35 17, anne-marie.eklund-lowinder@iis.se
Binero AB is a hosting and domain vendor that aims to be the world’s friendliest Web hosting company. Binero has no-penalty contracts and total transparency to its servers. Binero has been recognized for its services by Råd & Rön magazine and, in 2005, 2006 and 2008, by Internetworld magazine, which also named Binero “Best Swedish Web Host” in 2009 and 2010. For more information, visit www.binero.se.
