Internet Engineers Collaborate On Open Source Project To Secure the Domain Name System

July 30, 2009 by  

Web Hosting ToolsLONDON – The OpenDNSSEC project announces the development of Open Source software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.

Industry leaders including .SE (The Internet Infrastructure Foundation), NLNetLabs, Nominet, Kirei, SURFnet, SIDN and John Dickinson have come together to create open source software that promises to make it easier to deploy DNSSEC. The group’s primary aim is to further protect the Internet by increasing the security for end-users.

Removing the manual aspect of deploying DNSSEC using the open source software is set to make it easier for Internet service providers, web hosting companies and name service operators to deploy DNSSEC, which will significantly increase the number of DNSSEC users.

Specialists can download a preview of the OpenDNSSEC technology in order to gain experience with the OpenDNSSEC software, and give feedback to the project. It is available from

OpenDNSSEC features:

* No manual management is needed for signing a zone or managing the cryptographic keys. The software manages the entire process from unsigned to signed zones.
* OpenDNSSEC is supplied with a licence that gives a green light to suppliers of commercial products who want to utilise the open source code and include it in their own software, without having to open up their own code.
* The software works with all different versions of the Unix operating systems and is suitable for both those who need to sign a few very large zones (for example TLDs) and for those responsible for a large number of smaller zones.

Lesley Cowley, CEO at Nominet comments: “Making the Internet a more trusted place for all is one of Nominet’s main objectives. This is a key initiative for us and we actively support and encourage the development of any software that will create an environment safe for Internet users. We enjoyed working with other registries who share our vision to develop this tool and will continue working with them.”

Patrik Wallström, responsible for DNSSEC at .SE comments: “In order to spread the use of DNSSEC to an increased number of domain names, the management surrounding this technology must be simplified. Together with a number of collaborators, we’re developing OpenDNSSEC. Leveraging our deployment experience, we will produce a well-packaged, easy-to-use and flexible DNSSEC tool that eliminates all manual procedures. Those in charge of name servers no longer need detailed knowledge about the protocol in order to use it.”

About OpenDNSSEC
OpenDNSSEC is a tool which simplifies the process of signing one or more zones with DNSSEC. OpenDNSSEC handles the entire process from an unsigned to a signed zone automatically, including secure key management and timing issues. With OpenDNSSEC, fewer manual operations are needed by the operator.

OpenDNSSEC makes sure that all the steps in signing process are done in the correct order and at the right time, making sure that nothing breaks. The issue of handling the private keys associated with DNSSEC signing has been secured by using so called HSM:s (Hardware Security Modules), so that the private keys can not be leaked to an unauthorized third party, just keeping them secured in hardware.

It is an open source solution under a BSD license that gives a green light to suppliers of commercial products who want to utilise the open source code and include it in their own software, without having to open up their own code.

OpenDNSSEC works in all Unix-like operating systems and is suitable for those who will only sign a single large zone (e.g. TLDs) and as well as those who have many small zones (e.g. web hotels, ISPs).

About Nominet
Nominet operates at the heart of e-commerce in the UK, running one of the world’s largest Internet registries and managing over seven million domain names. Nominet maintains the register of .uk domain names and runs the DNS infrastructure that keeps .uk working.

It runs the technology that locates a computer in the Internet hosting the web site or email system you’re looking for when you type in a web address or send an email to an address that ends in .uk.

Nominet is a not-for-profit company limited by guarantee that has members not shareholders, pays no dividends and its charges only cover its running costs. Anyone with an interest in the Internet may become a member. Nominet has over 2,800 members representing all areas of the Internet industry.

Nominet also runs the Tier 1 registry for UK ENUM, a new UK registry service that combines telephone numbers and the Domain Name System to simplify the way telephone calls over the Internet work. ENUM lets callers know that you can receive VoIP calls – it allows more VoIP calls to be connected directly over the Internet, for no charge, rather than via the traditional PSTN network.

About NLNetLabs
NLnet Labs is based in the Netherlands and was founded in 1999 by Stichting NLnet. It is a non-profit public benefit research foundation aimed at providing open source and open standards tools for internet communication.

It focuses on developments in Internet technology. It provides a bridge between theory and practical deployment that need to be built; and areas where development, engineering, and standardisation takes place. Stichting NLnet has provided a long-term commitment in the form of a subsidy contract such that NLnet Labs can guarantee support for the software it develops. It is committed to provide maintenance for Unbound.

NLnet Labs key activities are to develop, implement, evaluate, and promote new protocols and applications for the Internet. Its activities are focused on topics directly relating to the Internet’s infrastructure, such as DNS, DNSSEC, IPv6, and routing.

About .SE (The Internet Infrastructure Foundation)
.SE (The Internet Infrastructure Foundation) is an independent utility that acts to promote positive development of the Internet in Sweden. .SE is responsible for the Internet’s Swedish top-level domain, .se, encompassing domain name registration and administration, as well as the technical operation of the national domain name register. Profits from domain name registrations are used to support projects that contribute to Internet development in Sweden.

About Kirei
Kirei AB, founded in 2005 by Jakob Schlyter and Fredrik Ljunggren, is a consultancy company with its main focus on information security management and network architectures. The Kirei founders have been working with DNS and DNS Security within the IETF community since 1999 and have played an active role in the DNSSEC standardization process as well in the deployment of DNSSEC in several top level domains.

About SURFnet
SURFnet is responsible for the Dutch university network and has contributed security and cryptographic assistance.

About SIDN
SIDN is responsible for the functional stability and development of the .nl Internet domain. As well as registering and allocating .nl domain names, the organisation enables Internet users all over the world to make use of these labels at any given moment.

About John Dickinson
John Dickinson is a DNS consultant providing Internet research and software development services. His focus is on making DNS security simple to deploy and manage by helping to develop and improve Open Source software. He has many years of experience in the provision of mission critical DNS services and Internet technology research.

Want to receive alerts when your website is down? Sign-up for free website monitoring at

Be Sociable, Share!


Comments are closed.