Introduction to DNSSEC
The Domain Name System Security Extension, DNSSEC for short, is an end-to-end deployment security protocol to Domain Name System (DNS) by enabling the protocol responses to be validated through the Key Pairs and Digital Signatures technologies. With the use of DNSSEC, we can rest assured that .hk domain services are reliable and trustworthy, directing all traffic to the right websites.
DNS is one of the basic building blocks of the Internet. Served as a phone book to the Internet, DNS translates machine-readable numerical IP addresses (e.g. 126.96.36.199) to human-readable web addresses (e.g. www.hkirc.hk). However, the DNS has a fundamental security flaw, raising both economic concerns (in terms of revenue losses, fraud and brand damage) as well as security issues for users (identity theft) and companies (traffic redirection).
The solution is to introduce an Internet security measure, an end-to-end deployment security protocol to secure DNS’s Internet infrastructure. With the use of DNSSEC, we can increase the security, reliability and trustworthiness of .hk domain names while ensuring Internet users are accessing the right websites.
DNSSEC was designed to conduct data origin authentication and ensure data integrity through the Key Pairs and Digital Signatures technologies. Key Pairs are just like keys of a safe deposit box, where you would need to use two keys simultaneously in order to open the box. With Key Pairing technology, each DNS query can be verified via the “Chain-of-trust” and conduct data origin authentication.
Digital Signatures are used to verify the unique identity of a DNS record. By verifying the Digital Signature with the DNS record, DNSSEC is able to ensure data integrity.
Without DNSSEC, cyber-attack threats on Internet addresses, such as DNS cache-poisoning and DNS spoofing, can be exposed.
The full deployment of DNSSEC ensures users to connect to the actual website corresponding to a particular domain name:
As a global financial hub, securing administration of domain name infrastructure in Hong Kong is crucial to the Internet community. The development of DNSSEC for .hk will bring more collaborations within the Internet community to embrace the technology for better Internet security.
It is important for domain registrars, resellers and relevant parties in Hong Kong to collaborate and plan ahead for DNSSEC deployment in their development schedule. By working together, we could further our commitment to foster a safe Internet environment on a secured DNS for.hk – a core part of Internet’s global addressing system in the Internet world.
By sharing valuable insights from IT security and industry leaders, we hope to help businesses and community to build a secure Internet culture, raising awareness toward DNSSEC amongst all parties and stakeholders:
Welcome to contact the Marketing Department via email@example.com for sharing your insights and articles.
HKIRC provides a free DNSSEC testing platform for all interested parties to perform trial runs. This presents major opportunities to reduce deployment risks and provides a greater assurance of operational readiness.
Click on the following to find out more:
We have set 3 domains as examples for you to test DNSSEC’s effectiveness:
You are invited to apply for test run. Welcome to contact us via firstname.lastname@example.org or call 2319 2303 for further information.