DNS Security Extensions are about to make the Internet a lot safer

DNS hijacking and poisoning has been around since the dawn of time -- it just didn't enter the popular media until recent high-profile attacks on Twitter, Baidu, and the success of China's Golden Shield Project. Basically, DNS in its current form is incredibly insecure when compared to corporate infrastructure. With DNS hacks it's very easy to set up pharming (think 'farming' combined with 'phishing') where a popular site is redirected to a rogue server. Why infiltrate a heavily-encrypted corporate network when you can simply poison a DNS server?

That's all about to change with DNSSEC. Between now and May 2010, DNS Security Extensions will be rolled out to the root servers. From there, it's expected that lower branches of the DNS system will quickly adopt the same security protocols.

In essence, these changes add a new layer of encryption and verification to all changes made to DNS records. When the client requests the IP address of an alphanumeric address, encryption keys are exchanged and the result verified. In theory, the system will probably sacrifice a little speed, but the slowdown will probably be negligible.

[via Pingdom (maybe the best domain name ever)]

Tags: dns, dnssec, pharming, phishing, root, root servers, RootServers, security