Latest news of the domain name industry

Recent Posts

Google starts supporting DNSSEC

Kevin Murphy, March 21, 2013, 14:05:39 (UTC), Domain Tech

Google has started fully supporting DNSSEC, the domain name security standard, on its Public DNS service.

According to a blog post from the company, while the free-to-use DNS resolution service has always passed on DNSSEC requests, now its resolvers will also validate DNSSEC signatures.

What does this mean?

Well, users of Public DNS will get protected from DNS cache poisoning attacks, but only for the small number of domains (such as domainincite.com) that are DNSSEC-signed.

It also means that if a company borks its DNSSEC implementation or key rollover, it’s likely to cause problems for Public DNS users. Comcast, an even earlier adopter, sees such problems pretty regularly.

But the big-picture story is that a whole bunch of new validating resolvers have been added to the internet, providing a boost to DNSSEC’s protracted global roll-out.

Google said:

Currently Google Public DNS is serving more than 130 billion DNS queries on average (peaking at 150 billion) from more than 70 million unique IP addresses each day. However, only 7% of queries from the client side are DNSSEC-enabled (about 3% requesting validation and 4% requesting DNSSEC data but no validation) and about 1% of DNS responses from the name server side are signed. Overall, DNSSEC is still at an early stage and we hope that our support will help expedite its deployment.

One has to wonder whether Google’s participation in the ICANN new gTLD program — with its mandatory DNSSEC at the registry level — encouraged the company to adopt the technology.

Tagged: ,

Comments (2)

  1. Louise says:

    The future is DNSSEC! 😀 Happy to hear it!

  2. Dxdomain says:

    The DNSSEC is really helpful to protect our site from DNS cache poisoning attacks. Google implements DNSSEC to their Public DNS Service this will force all the players to add extra security layer to their site.

Add Your Comment