Last Friday, ICANN issued a warning about the increasing number of threats DNS has faced recently. ICANN management believes the current situation poses grave and growing threat to the key elements of the domain name system and urges domain owners and DNS services to migrate to using DNSSEC as soon as possible, ZDNet reports.
DNSSEC (Domain Name System Security Extensions) allows domain owners to digitally sign DNS records, which prevents unauthorized third parties from changing DNS entries without a private signing key.
The need to remind users about the security protocol arose after several recent large hijacking attacks. At the beginning of this year, FireEye reported a campaign of Iranian hackers who had managed to hack into the web hosting and domain registrar accounts to change the DNS records of email domains belonging to private companies and government entities. Such attacks, called DNS hijacking, are getting more frequent and more dangerous, when using DNSSEC would make them impossible, according to the ICANN statement.
Unfortunately, although DNSSEC was created almost 20 years ago, its adoption still falls behind the growth in the DNS hijacking frequency. According to APNIC (Asia-Pacific Network Information Center) data, DNSSEC adoption has not even reached 20 percent.
