Anti-spoofing measure embedded at Internet root

The organizations that run the servers at the heart of the internet have taken a step closer to a web without DNS spoofing.

The organizations that run the servers at the heart of the internet have taken a step closer to a web without DNS spoofing.

The secure domain name server (DNS) protocol DNSSEC guarantees the authenticity of the mechanism that converts human-friendly internet addresses to the Internet Protocol's numeric address system. DNSSEC will be used to sign the root zone in all 13 internet root servers for the first time on Wednesday, according to DNSSEC.net.

DNSSEC is designed to allow internet servers to validate the authenticity of responses to queries and thus prevent spoofing, where fakes from third-party servers masquerade as proper addresses. DNSSEC works by digitally signing responses to lookup queries, and is designed to stop attacks such as DNS cache poisoning. From Wednesday, DNSSEC will be used to sign the internet root zone. However, it will not be used to fully validate DNS responses until 1 June.

For more on this story, read Anti-spoofing measure embedded at internet root on ZDNet UK.