www.dns.pl - Domain Name Registry
    IDN ENUM NASK Registrar Programme WHOIS Contact us Polska wersja English version
INTERNET DOMAINS
| Main page > DNSSEC > Latest news about DNSSEC in .pl
ESSENTIALS
.PL Domain Name
Direct registrations
Registrations by Registrars
Fees
Regulations
Disputes
Services
List of expired domain names
Bulletin
News
Maps
Statistics
Newslog
Quality management
DNSSEC
.EU DOMAIN NAME
Links
Registrars area
On-line payment
mastercard,maestro,visa,paypal
CENTR.org

NASK's quality

DNSSEC News

    World of Internet is based on DNS (Domain Name System). By connecting to any www page, for ex: social network or bank and even by using electronic mail, we use domain names (like nask.pl) without giving any thought on how the process of transforming of DNS to IP (Internet Protocol), to which our computer connects, is performed. At the same time, we often hear that Internet is full of dangers. Banks educate us to check, if connection to their services is secure. We use ciphered electronic mail but we trust that, when entering the domain name of our bank in the browser, we connect to the proper service. In reality it may happen so that, without noticing, we will be redirected to an identical, also protected service which unfortunately does not belong to our bank. Here, by entering our login and password data, we will give a full control of our account to criminals. Such action is possible by exploiting a hole in the domain name system, which is leaving false IP addresses in DNS resolving servers. When this happens, even though the user entered correct www address, process of resolving the domain name meets a server with false IP address and the user is redirected to phony web page. This danger may be prevented however. This is where cryptography comes to our aid by entering to DNS an extension that gives a possibility to authenticate the data received during the process of resolving DNS to IP. This extension, named DNSSEC (Domain Name Security Extensions), becomes more and more popular all over the world because it is an efficient method of increasing the security while using DNS and, by this, increasing the security of Internet users and institutions that function in Internet.

    Authentication process in DNSSEC is based on so called "trust chain", which requires proper signing of corresponding levels of domain zones, according to the hierarchic structure of DNS. This means that in order to secure a domain name, one must sign it and introduce a special shortcut from the key which signs the zone (DS record, Delegation Signer) to the zone (domain), parent in the DNS hierarchy, in which the domain name was registered. This Parent domain should be secured in the same manner in a domain, parent to it.

    In July 2010 the IANA (The Internet Assigned Numbers Authority) organization signed the root zone (zone of the highest level, marked as a dot character) and that opened a way to secure further levels of domains, including .pl domain.

    Starting from 20th of December 2011, NASK plans to release the .pl domain and other domains serviced by NASK (like .com.pl, waw.pl, .net.pl) in DNSSEC secured form. This will be the first stage of DNSSEC introduction, that will culminate in publishing by IANA, between January and February 2012, a shortcut from the key that signs the .pl zone in the zone of the highest level - root - zone. Placing shortcut from the root key will provide full validation to the .pl domain and will open the way to next stage, which is securing names, maintained by the .pl domain Registry. We plan to enter this stage in the second quarter of 2012. After this stage is complete, Registrants will be able to authenticate their domain names in DNS protocol.


NASK 18 Wąwozowa Str, 02-796 Warszawa, Poland, tel. +48 22 380 83 00 site map
 
© Copyright by NASK 2011