The Technical Center of Internet (TCI) has enabled DNSSEC in .РФ. Using DNSSEC helps keep the DNS secure and safe by lowering the risk of address spoofing that can lead to serious consequences for the Internet community.
DNSSEC is made possible by signing replies to DNS queries, verifying the authenticity of DNS data and received replies. A year ago, DNSSEC was enabled for .SU. At the moment, there are 80 top-level domains signed by DNSSEC and enabling trust chains for second- and third-level domains. With over 840,000 domain names in .РФ so far, the largest IDN in the world has to stay secure.
"This is a large step forward in ensuring the security of the domain addressing system in .РФ. We used the best practices adopted worldwide while generating security keys and signing the zone. It is also worth mentioning that we were using hardware that is certified in Russia", Alexey Platonov, the TCI director, says.
This November, the TCI will publish methods and solutions to help other Internet stakeholders use RSA and GOST signatures to sign their DNS servers. DNSSEC will become a platform for developing trust chains in various Internet applications. To further facilitate this, the Certificate Authority of the Internet will take an active part in providing the methodology.
