The OpenDNSSEC project group today announces the availability of its open source software that will make it easier for Internet service providers, web hosting companies and name service operators to enhance Internet security. OpenDNSSEC is available to download at: http://www.OpenDNSSEC.org.
Developed by industry leaders including .SE (The Internet Infrastructure Foundation), NLNetLabs, Nominet, Kirei, SURFnet, SIDN and John Dickinson, OpenDNSSEC will seamlessly integrate domain name security extensions (DNSSEC) into already existing IT systems without the need for organisations to change their infrastructure.
How does it work?
DNSSEC secures the information used to translate domain names (such as nominet.org.uk) to computer addresses by adding to it a cryptographic signature created by a securely held key. When the information is retrieved as a result of a DNS query, the signature is also returned.
The computer making the query checks the information received against the signature. As it is impossible to create the correct signature without the secure key, a match implies that the information is authentic – it was retrieved from the correct place and was not modified in transit.
OpenDNSSEC is software that simplifies the process of creating and managing the DNSSEC signatures. Available under the BSD licence, it can be downloaded and installed on existing systems, and quickly set up to provide a secure DNS service.
Lesley Cowley, CEO at Nominet comments: “OpenDNSSEC ensures that the domain name system is not tampered with, and that Internet users are directed to a preferred web site without intervention. This piece of software provides an extra layer of security to the DNS. The collaboration in evidence, shows that the Internet community is committed to forging a safer, more trusted Internet for all.”
For further information about how OpenDNSSEC works or to download the beta, please visit http://www.OpenDNSSEC.org.
Notes to Editors
About OpenDNSSEC
OpenDNSSEC is a tool which simplifies the process of signing one or more zones with DNSSEC. OpenDNSSEC handles the entire process, including secure key management and rollover issues. With OpenDNSSEC, fewer manual operations are needed by the operator.
OpenDNSSEC ensures that all the steps in signing process are done in the correct order and at the right time, making sure that nothing breaks. The issue of storing the private keys associated with DNSSEC signing has been handled using so-called HSMs (Hardware Security Modules), so that the private keys can not be leaked to an unauthorised third party.
An open source solution under a BSD license allows suppliers of commercial products to utilise the open source code in their own software, without having to open up their own code.
OpenDNSSEC works in all Unix-like operating systems and is suitable both for those who will only sign a single large zone (such as top-level domains) and those who have many small zones (e.g. web hotels, ISPs)
About Nominet
Nominet operates at the heart of e-commerce in the UK, running one of the world’s largest Internet registries and managing over seven million domain names. Nominet maintains the register of .uk domain names and runs the DNS infrastructure that keeps .uk working.
It runs the technology that locates a computer in the Internet hosting the web site or email system you’re looking for when you type in a web address or send an email to an address that ends in .uk.
Nominet is a not-for-profit company limited by guarantee that has members not shareholders, pays no dividends and its charges only cover its running costs. Anyone with an interest in the Internet may become a member. Nominet has over 2,800 members representing all areas of the Internet industry.
Nominet also runs the Tier 1 registry for UK ENUM, a service that combines telephone numbers and the Domain Name System to simplify the way telephone calls over the Internet work. ENUM lets callers know that you have the capability to receive VoIP calls, so allowing them to take advantage of free calls over the Internet.
About NLNetLabs
NLnet Labs is based in the Netherlands and was founded in 1999 by Stichting NLnet. It is a non-profit public benefit research foundation aimed at providing open source and open standards tools for internet communication.
It focuses on developments in Internet technology. It provides a bridge between theory and practical deployment that need to be built; and areas where development, engineering, and standardisation takes place. Stichting NLnet has provided a long-term commitment in the form of a subsidy contract such that NLnet Labs can guarantee support for the software it develops. It is committed to provide maintenance for Unbound.
NLnet Labs key activities are to develop, implement, evaluate, and promote new protocols and applications for the Internet. Its activities are focused on topics directly relating to the Internet’s infrastructure, such as DNS, DNSSEC, IPv6, and routing.
About .SE (The Internet Infrastructure Foundation)
.SE (The Internet Infrastructure Foundation) is an independent utility that acts to promote positive development of the Internet in Sweden. .SE is responsible for the Internet’s Swedish top-level domain, .se, encompassing domain name registration and administration, as well as the technical operation of the national domain name register. Profits from domain name registrations are used to support projects that contribute to Internet development in Sweden. For more information, see www.iis.se
About Kirei
Kirei AB (www.kirei.se), founded in 2005 by Jakob Schlyter and Fredrik Ljunggren, is a consultancy company with its main focus on informationsecurity management and network architectures. The Kirei founders have been working with DNS and DNS Security within the IETF communitysince 1999 and have played an active role in the DNSSEC standardization process as well in the deployment of DNSSEC in severaltop level domains.
About SURFnet
SURFnet is responsible for the Dutch university network and has contributed security and cryptographic assistance. More information is available at www.surfnet.nl.
About SIDN
SIDN is responsible for the functional stability and development of the .nl Internet domain. As well as registering and allocating .nl domain names, the organisation enables Internet users all over the world to make use of these labels at any given moment.
About John Dickinson
John Dickinson is a DNS consultant providing Internet research and software development services. His focus is on making DNS security simple to deploy and manage by helping to develop and improve Open Source software. He has many years of experience in the provision of mission critical DNS services and Internet technology research.