DENIC introduced DNSSEC as an option for .DE domain names in 2011. According to the Registry, there has been steady growth in the number of .DE domain names being registered with this increased security since 2015.
DNSSEC was designed and implemented as a response to the inherent security vulnerabilities in the way that the Domain Name System (DNS) operates. Due to these inherent vulnerabilities, it is possible to divert Internet users away from their intended website destinations and to redirect them to third-party websites without their knowledge. This can result in the dissemination of computer viruses, malware and even theft of sensitive financial and personal data.
DNSSEC seeks to mitigate this situation by introducing additional security at the level of the domain name servers, which ensures that Internet users are alerted to any possible re-direction to a third-party website that is not their intended destination. DENIC introduced this additional layer of security to protect websites associated with .DE domain names from online attacks. These online attacks can take the form of ‘DNS spoofing’ (where a hacker gains access to the domain name servers on which a domain name is hosted in order to redirect visitors to a website of the hacker’s choosing) or ‘DNS hijacking’ (where a hacker can modify the domain name’s server data to gain control of it).
Online attacks can also be used to try and obtain users’ personal information, such as bank details. This type of fraudulent activity is not only a serious threat to users, but can also have a detrimental effect on the domain name holder and their online business. Such fraudulent activity can result in a loss of revenue as well as a loss in consumer confidence in relation to the online business in question. Thus, DNSSEC aims to build a ‘chain of trust’ between users and the websites they visit.
Authored by David Taylor and Tony Vitali