DNSSEC

DNSSEC (DNS Security Extensions) is a set of specifications used to add an additional layer of security to the Domain Name System (DNS). DNSSEC was designed to prevent specific types of popular attacks on the Internet and protect against these threats to the Domain Name System. The specific extensions provide origin authentication of DNS data, data integrity, and authenticated denial of existence. [Source: Webopedia]

DNSSEC and .edu

On August 2, 2010, EDUCAUSE and VeriSign announced the completion of a project to deploy DNSSEC within the .edu portion of the Internet, which EDUCAUSE manages under a cooperative agreement with the U.S. Department of Commerce. Institutions whose domain names end in .edu will now be able to utilize digital signatures to mitigate certain DNS security vulnerabilities, such as cache poisoning and man-in-the-middle attacks.

What the CIO Should Know

The adoption of DNSSEC is another opportunity for higher education to show leadership in the use and advancement of the Internet. Every decision maker in the higher education IT community should know about DNSSEC and consider adding it to the maintenance schedule. Colleagues that have already signed their zones include berkeley.edu, merit.edu, penn.edu, psc.edu, upenn.edu, internet2.edu, and ucaid.edu.

What the Technical Staff Should Know

For institutions that host their own DNS, the technical team will need to learn about signing, upgrade to DNSSEC-aware DNS software, and proceed with signing their zones. For institutions whose DNS is hosted by an ISP, the technical staff will need to find out when the ISP plans to support DNSSEC and the enhanced reliability and stability it provides. Learn more about DNSSEC by reviewing the resources on this page and by browsing DNSSEC.net.