is a system that converts domain names into IP addresses. You need DNS to surf on the net and to send e-mails, as well as for telephony, sending and receiving files, etc. The problem is that DNS is an unprotected protocol. The messages exchanged are not encrypted and the origin of the reply cannot be retrieved.
internet criminals can poison a domain name server’s temporary memory (cache) with false information, causing domain names to no longer be linked to correct IP addresses. One might think he or she is communicating with someone, whereas in reality the messages are being sent by someone completely different.
DNSSEC (Domain Name System Security Extensions) is a security extension to the existing DNS protocol: it is designed to stop criminals from diverting internet users to forged websites.
A digital signature is attached to all DNS details for the domain name. When a user looks up a domain name (e.g. when entering a URL in aor sending an e-mail), the resolver uses a set of keys to check the signature on the response.
DNSSEC makes DNS more secure, but it is not a cure for every ill. It cannot prevent abuses such as typo squatting or, for example.
In August 2010 the .be zone was signed with DNSSEC. This means a digital signature and a public key are attached to the zone file.
On 30 September 2010 DNSSEC has become fully operational for .be. DNS Belgium tries to convince as many registrars as possible to join in the DNSSEC story.
.be registrants can protect their domain name via their
Just like an SSL certificate and an https link, DNSSEC is an additional link in a website’s security chain.
There is little change for the time being for internet users. Belgian ISPs are still not using DNSSEC validation on their nameservers. However, we are gradually seeing more and more companies using the verification on their own infrastructure.
So caution is still the order of the day when visiting websites.