High-level DNSSEC domain security gets signed for '.co.uk' names

THE UK DOMAIN ".co.uk" is now DNSSEC signed, which means that website owners can now choose to protect their domain names with an added level of security.

DNSSEC stands for Deployment of Domain Name System Security Extensions, and it enables domain name system (DNS) records to be verified by being digitally signed using public-key cryptography.

It protects against two specific types of DNS attacks - cache poisoning and man-in-the-middle attacks. Once widely implemented, it will eventually allow internet users to know with a reasonable degree of certainty that they've actually been directed to the web site that they wanted to reach.

The top level domain ".uk" was signed in March 2010, with the second level domain ".me.uk" signed last month. This week the ".co.uk" domain was signed, with others expected to be completed by 18 May. After that point, registrars will able to secure all ".uk" domain names using DNSSEC.

An increasing number of domain names are introducing the technology, with Sweden having been the first and others following suit. At the beginning of April, Verisign announced that it had rolled out DNSSEC on the ".com" top level domain.

In 2008 internet security researcher Dan Kaminsky showed that the then current system had some security holes. He has said that while DNSSEC is not perfect, it raises the bar for hackers seeking to exploit the way the internet works. µ