Local .au DNSSEC scoping complete: auDA

Local infrastructure will be built to support roll out

Australia has moved a step closer to secure DNS services with the Australian .au Domain Administration (auDA) completing the assessment phase of the planned transition, but a final go-live data is yet to be decided.

DNS Security Extensions, or DNSSEC, adds security to the Domain Name System and is designed to prevent cache poisoning and other attacks.

After announcing its intention to add DNSSEC support to .au domains last year, the auDA has been reluctant to put a completion date on the move, citing a complex mix of technical and policy decisions as potential hurdles.

However, the initial phase is now complete and a trial service is in the pipeline.

Spokesperson for the auDA, Paul Szyndler, said the scoping and assessment work for brining DNSSEC to .au has been completed in the form of an “extensive report into what to do and what could go wrong”.

“The preliminary analysis by the registry has been finalised and is at the first stage of consideration,” Szyndler said.

The auDA doesn’t have a timeframe for when DNSSEC support will be complete yet, but it now knows more of “this is what it could do for .au or to .au” when it is implemented.

This week’s opening of a new DNSSEC facility in Singapore is unrelated to the work the auDA is doing, which will result in its own infrastructure.

“At this point in time, we are not planning on using the newly opened PCH-ICANN facility,” Szyndler said. “The service is intended for countries without the resources to establish their own, independent facilities.”

The auDA registry operator, AusRegistry, made the analysis of “what everyone else has done” with DNSSEC globally so deciding what technology to implement is the next step.

“If everything was to go well, it might be nine months, but if there is more policy work to do we may need to get government involved so that could slow us down,” Szyndler said. “We are not dragging our feet, but it has to be done properly.”

The next stage will be a “test bed” where interested industry can participate.

Like most other security measures, the commercial imperative for business to adopt DNSSEC relates more to preventing from being hacked rather than an immediate return on investment, but Szyndler said auDA is already receiving a lot of interest from technical people, including those from academic institutions.

The auDA is engaging with local security experts like Bill Caelli on the DNSSEC roll out.

Follow Rodney Gedda on Twitter: @rodneygedda

Follow TechWorld Australia on Twitter: @Techworld_AU

Tags DNSdomain namesDNSSECauDABill CaelliAusRegistry

Show Comments