In a new announcement, ICANN (Internet Corporation for Assigned Names and Numbers) has mentioned that there is an ongoing and significant risk to some of the main parts of DNS (Domain Name System) infrastructure.
Several malicious activities are increasingly targeting the DNS infrastructure. In response to such activities, ICANN has called for full deployment of DNSSEC (DNS Security Extensions) across all the unsecure domain names.
DNSSEC is a set of security protocols used to ensure DNS information isn’t accidentally or maliciously corrupted. It protects against cyberattacks by proving authenticity and integrity of a response from the nameserver.
ICANN is one of the main entities responsible for decentralized management of Internet. It is committed to ensure that the identifier systems of internet are secure, stable, and efficient. The entity also coordinates the main levels of the DNS for stable and secure operation.
Attackers are using different methodologies to make unauthorized changes to the delegation structure of domain names. They change the addresses of intended servers and use the addresses of machines that can be controlled by them.
However, some of these cyberattacks work only when the DNSSEC is not used. That is the reason ICANN is demanding for full deployment of DNSSEC across all the domains.
Implementation of DNSSEC not promises to address all the security issues of internet, but it will prevent cyberattacks where users are redirected to malicious websites.
“Although DNSSEC cannot solve all forms of attack against the DNS, when it is used, unauthorized modification to DNS information can be detected, and users are blocked from being misdirected,” explained ICANN.
In September last year, ICANN had said that it will perform a root zone DNSSEC KSK roll-over to strengthen the security of DNS.