Measuring the deployment of DNSSEC Bootstrapping Using Authenticated Signals

What is it about?

The Domain Name System (DNS) is the Internet’s address book. It translates easy-to-remember website names, like example.com, into the numerical addresses computers use to find each other. However, when the DNS was created, security wasn’t part of its design. To protect against this, engineers developed the DNS Security Extensions (DNSSEC), which adds cryptographic signatures to DNS data. These signatures allow users to verify that the information they receive really comes from the correct source. While DNSSEC has existed for decades, it remains difficult for many operators to set up, as it requires coordination between several different organizations. To make deployment easier, new technical standards have been developed to automate the setup of DNSSEC. The latest of these, called Authenticated Bootstrapping (AB), allows DNSSEC to be enabled automatically and securely, without manual steps or complicated coordination. This paper explores how automation could help expand the use of DNSSEC and strengthen Internet security overall. By studying the current state of DNS operations and the introduction of tools like Authenticated Bootstrapping, we highlight both the opportunities and challenges of securing the DNS through automation.

Featured Image

Photo by Towfiqu barbhuiya on Unsplash

Photo by Towfiqu barbhuiya on Unsplash