DNS security should be made easier if it is to be implemented more comprehensively said DNS specialists Nominum.
While a security standard, DNSSEC, has been ratified, there have been very organisations that have actually implemented the technology, while observers have claimed that the difficulty of implementing DNSSEC has meant that its appeal has been limited, even though last year, security researcher Dan Kaminsky revealed the existence of a serious flaw in the technology.
The company has responded to concerns about the difficulty of setting up DNSSEC by making it easier for organisations to implement the technology. The company has automated the process of installing DNSSEC so that errors in implementation can be avoided.
"There's little doubt that DNSSEC is the domain of the experts," said Bruce van Nice, Nominum's director of product marketing. "Look at the people who have already implemented it - the likes of the Verisign - these are network facilities run by absolute experts."
Van Nice said that Nomimum had facilitated the process by integrating cryptography with its DNS software meaning that users now no longer to follow complex cryptographic processes but can rely on the software to do the cryptography for them. "There's no longer any need to have cryptography experts on hand, the entire process has been automated. The more manual commands that you have to make, the more likely it is that you'll make a mistake -and if you mistake, your domain could just disappear along the way," said van Nice. "For example, just recently the domain .se went off for a couple of hours after a mistake in coding."
The move has the the thumbs-up from Dan Kaminsky himself. "DNSSEC is the big solution that we need to fix authentication. But large organisations need it to be easier and less disruptive to deploy DNSSEC, before they can reasonably be expected to secure their own domain names. That is why I am happy to see Nominum adding comprehensive DNSSEC support to their DNS server platforms - and even happier to see DNSSEC almost entirely automated within it.