January 3, 2017 archive

State of DNSSEC Deployment 2016 report shows over 89% of top-level domains signed

Did you know that 89% of top-level domains are now signed with DNSSEC? Or that over 88% of .GOV domains and over 50% of .CZ domains are signed? Were you aware that over 103,000 domains use DANE and DNSSEC to provide a higher level of security for email? Or that 80% of clients request DNSSEC signature records in DNS queries?

All these facts and much more are available in our new State of DNSSEC Deployment 2016 report.

For many years a wide variety of statistics about DNSSEC deployment have been available, but it’s been challenging to get an overall view. With this report our goal is to help people across the industry understand where the deployment of DNSSEC is at – and what challenges still need to be overcome.

To back up a bit, the “DNS Security Extensions”, or “DNSSEC”, provide a way to be sure you are communicating with the correct web site, service, or application. Before your mobile phone, laptop or other device connects to a site on the Internet, it must first obtain the correct IP address from the Domain Name System (DNS). Think of DNS similar to the “address book” you may have in your phone. You may look up “Dan York” in your contact list and call me – but underneath that your phone figures out the actual telephone number to call to reach me. DNS provides a similar directory function for the Internet.

The challenge is that there are ways an attacker can spoof the DNS results which could wind up with you connecting to the wrong site. Potentially you could wind up providing information to an attacker or downloading malware.

DNSSEC uses a system of digital signatures – and the checking of digital signatures (what we call “validation”) – to ensure that the information you get out of DNS is the same information that the operators of the domains put into DNS.

At a high level, this is what DNSSEC does – it makes sure you can trust the information you get from DNS. (You can read more on our DNSSEC Basics page.)

The basics of DNSSEC have been standardized for most of 20 years, but until the root zone of DNS was signed in 2010, there wasn’t much deployment. In the six years since, deployment has continued to grow. This report outlines that growth and provides a view into where that growth is happening and much more.

We encourage you to read and share this report widely. And if you haven’t yet started deploying DNSSEC validation on your own networks – or haven’t started signing your domains with DNSSEC – you can visit our Deploy360 Start page to find resources to help you begin.

Using DNSSEC allows us to have a higher level of trust in the domain names we use every day on the Internet. I hope you will join with me and others in deploying DNSSEC and building a more trusted Internet!

The post State of DNSSEC Deployment 2016 report shows over 89% of top-level domains signed appeared first on Internet Society.

FIR Episode 68 Available Now – Artifical Intelligence (AI), fake videos, PR trends, blockchain and much, much more

Fir68 shel 660px

Yesterday I had an incredibly fun experience starting off 2017 - and now you can share in that: For Immediate Release (FIR) episode #68 is available for listening or download at:

http://firpodcastnetwork.com/fir-68-us-actually-say/

Host Shel Holtz (in the big picture above) brought in C.C. Chapman, myself and former FIR co-host Neville Hobson as the panelists and we had an outstanding conversation that ranged widely. As noted in the show notes, the main topics included:


  • The incoming press secretary for President-Elect Donald Trump has warned us not to expect business as usual when it comes to the administration’s relationship with the media. What does that bode for the press’s ability to hold the administration accountable — and will the philosophy extend beyond the White House to business?
  • Some businesses have begun preparing for unexpected criticism from President Trump while others have already had to respond. Crisis experts are advising companies to add presidential jabs to the list of potential crises for which they must prepare.
  • Five industries are under threat from technology, according to the Financial Times: travel agents, small component manufacturers and distributors, auto insurers, financial advisers, and auto repair garages. How can they prepare (or can they)?
  • Artificial Intelligence will soon make it possible to create fake video with little effort. Think fake news is a problem now? Just wait.
  • Edelman Digital is out with its 2017 trends report. Among the issues the report raises, the panel was particularly interested in bots and conversational experiences, blockchain, and over-the-top entertainment.
  • Twitter CEO Jack Dorsey asked users what they wanted to see Twitter improve or create in 2017. He got answers (including one from longtime social tech leader Anil Dash). In the meantime, does Twitter know yet what it wants to be when it grows up (and will its recently announced live 360 video make a difference)?
  • Apple has published is first Artificial Intelligence paper.

It was fun to be part of the panel participating live versus the usual "tech reports" that I record each week for FIR episodes. And it was fun to have the kind of dynamic exchange that Shel, C.C., Neville and I all had. We've all known each other for a long time and so it all flowed quite nicely.

Speaking of a long time, this episode also marked the start of the 13th year of the FIR podcast! That's a remarkable bit of longevity for any podcast - and congratulations are really due to Shel for keeping it going as long as he has.

Next week I'll be back to presenting my tech reports. I continue to enjoy doing so and will keep at it in the years ahead.

Meanwhile... please do give this episode 68 a listen - and please do send in any comments to the show.