Improve Internet security by protecting Domain Name Systems (DNS)

Recently a vulnerability of Domain Name System (DNS) caught a lot of media attention. A flaw in the DNS threatened to bring chaos to the Internet by poisoning the servers that translate domain names into Internet protocol addresses.

The European Network and Information Security Agency, ENISA, is stock taking the policies and regulations that exist across the EU Member States, the measures operators take and the technologies available to improve the resilience (availability and integrity) of public eCommunication Networks. This work is undertaken in close collaboration with regulators, policy makers, network operators, network equipment vendors and academia. Three technologies, namely MPLS (Multiprotocol Label Switching), DNSSEC, IPv6, have been identified as promising to ensure this. To assess their effectiveness and identify potential problems or gaps that could compromise the availability of networks and services, the Agency is interviewing a number of network operators in the EU. The collected input will be analyzed, in direct consultation with all leading stakeholders, and lead to EU guidelines. The final results will be presented at an Agency workshop “Resilience of Public eCommunication Networks”, that will take place in Brussels, 12-13 November.

The Agency commented:

“The recent spotlight in the news on DNS vulnerabilities and attacks, highlights the importance and relevance of ENISA’s work on improving the resilience of public communications, vital for European e-government and ultimately, e-business.”

Background:

DNSSEC protects Internet servers from domain name system attacks, e.g. DNS cache poisoning by malicious users. It is a set of DNS extensions which provide origin authentication of DNS data, data integrity and authenticated denial of existence. Several European Country Code Top Level Domain Registries have already adopted the use of DNSSEC and are actively participating in ENISA activities. Directive 2002/21/EC