In security newsletter #11, Patrice AUFFRET recounted the latest attack on DNS by Dan KAMINSKY. Patrice’s conclusion was that the only cure was wide deployment of DNSSEC. DNSSEC is a secure version of DNS that binds textual internet addresses to actual numerical IP addresses. DNSSEC exists for about 14 years but was not yet seriously deployed.
The cure starts! The Public Interest Registry is deploying DNSSEC for all addresses it handles. The Public Interest Registry handles all the .org addresses. The US government, that handles .gov addresses, will also turn to DNSSEC.
With these two big domain spaces turning to DNSSEC, we may expect a snowball effect with more and more domains switching to DNSSEC. The Internet will become (a little bit) more secure. This is a good news for this new year :Happy: