ICANN calls for full DNSSEC deployment
Mar 22, 2019, 10:19:54 AMICANN calls for full DNSSEC deployment, promotes community collaboration to protect the Internet.
The Internet Corporation for Assigned Names and Numbers (ICANN) believes that there is an ongoing and significant risk to key parts of the Domain Name System (DNS) infrastructure.
Since 2017 hackers (including ones from Iraq) succeeded in compromising key components of DNS infrastructure for more than 50 Middle Eastern companies and government agencies, including targets in Albania, Cyprus, Egypt, Iraq, Jordan, Kuwait, Lebanon, Libya, Saudi Arabia and the United Arab Emirates.
In the context of increasing reports of malicious activity targeting the DNS infrastructure, ICANN is calling for full deployment of the Domain Name System Security Extensions (DNSSEC) across all unsecured domain names. The organization also reaffirms its commitment to engage in collaborative efforts to ensure the security, stability and resiliency of the Internet’s global identifier systems.
ICANN has no indication that any of its systems have been compromised, and they are working with relevant community members to investigate reports of attacks against top-level domains (TLDs).
The .pl registry at the turn of 2011 and 2012 began to secure the .pl domain with the DNSSEC protocol and in 2012 it made the DNSSEC service available to the registrants. Currently, approx. 500,000 .pl domain names are secured with DNSSEC. It means that among the European top level domains, secured in this way, the .pl domain ranks 4th.
The .pl domain registry recommends using the DNSVIZ.net tool to check if a domain name is secured with DNSSEC.
DNSSEC Policy and Practice Statement document specifies the NASK’s security policy and principles of conduct on the .pl country code zone secured with DNSSEC.
More information:
https://www.icann.org/news/announcement-2019-02-22-en
https://www.icann.org/news/announcement-2019-02-15-en
https://krebsonsecurity.com/2019/02/a-deep-dive-on-the-recent-widespread-dns-hijacking-attacks/