ISC Praises Momentous Step Forward in Securing the Domain Name System
Redwood City, CA – July 15, 2010. ISC joined other key participants of the internet technical community in celebrating the achievement of a significant milestone for the Domain Name System today as the root zone was digitally signed for the first time. This marked the deployment of the DNS Security Extensions (DNSSEC) at the top level of the DNS hierarchy and ushers the way forward for further roll-out of DNSSEC in the top level domains and DNS Service Providers.
The DNS Security Extensions, DNSSEC, extends standard DNS to prove data came from an authoritative source and has not been modified, thwarting the so called 'man-in-the-middle attack' and enabling the development of more secure internet applications and transaction processing. DNSSEC adds new resource records and message header bits which can be used to verify that the received DNS data matches the original data, and has not been altered in transit.
Paul Vixie, President and CEO of ISC stated, “We are very happy with today's achievement! The signing of the root is the catalyst needed for further deployment of DNSSEC, particularly in the TLD registries.”
“ISC has been intimately involved with the development of DNSSEC for more than fourteen years and we have been unwavering advocates of DNSSEC deployment. We applaud the efforts of ICANN and the Department of Commerce in achieving this momentous milestone and encourage other DNS data providers to do the same.”
Today's milestone marked the final step in a seven month process of evaluation and incremental deployment, assuring operational readiness of systems, software, and processes necessary for any significant change to the DNS root. Two ISC staff members, Joao Damas and Norm Ritchie were selected as Trusted Community Representatives that oversaw the generation of the root key at formal ceremonies in the secure facilities located in Culpeper, Virginia and El Segundo, California.
ISC operates the largest DNS root server (F-root), develops and maintains BIND, the world's most widely deployed DNS software, and offers intensive training courses in DNSSEC. Further information on DNSSEC and BIND may be found at http://www.isc.org/software/bind/dnssec. Training information is available at http://www.isc.org/services/training.
Internet Systems Consortium (ISC) is a non-profit 501(c)(3) public benefit corporation widely known for world-class Internet software engineering and network operations. ISC produces only open-source software, of which BIND and ISC DHCP are the two best-known examples. Our emphasis is on core Internet technology. Our widely imitated Managed Open Source process ensures the quality of this software while keeping it completely open and available.
ISC operates high-reliability global networks of DNS root servers (F-root) and authoritative DNS servers (SNS@ISC) both for non-profit and for commercial enterprises. ISC is also very involved in ongoing Internet protocol and standards development, particularly in the areas of DNSSEC and IPv6. ISC is supported by donations from generous sponsors, by program membership fees, and by specific fees for services. For program or donation information, please visit our website at http://www.isc.org
- BIND 10
- Other Software Projects
- security advisories
- software forums
- ABOUT ISC