Nigeria Internet Registration Association (NiRA)

  • banner1.png
  • banner2.jpg
  • banner3.png

DNSSEC

When the Domain Name System (DNS) was invented, it became the central part of the Internet, providing a way to match names (a website you are seeking) to numbers (the address for the website). Anything connected to the Internet - laptops, tablets, mobile phones and websites - has an Internet Protocol (IP) address made up of numbers. Your favorite website might have an IP address like 196.168.10.17.

It is obviously not easy for human beings to remember all IP Addresses of all gadgets connected on the Internet. It is easier for people to recognize and remember domain names such as www.switchto.ng. DNS matches domain names with IP addresses, thereby enabling humans to use memorable domain names on the Internet while computers Internet can use IP addresses.

With the widespread use of the DNS, vulnerabilities have since been discovered. The vulnerabilities could allow attackers to hijack the process of locating a file or a website on the Internet. The purpose of the attack could be to take control of the session to send the user to the hijacker's own deceptive website for the theft of account names and passwords.

The identified vulnerabilities brought about the introduction of the DNS Security Technology called DNS Security Extensions (DNSSEC) to secure this part of the Internet's infrastructure.

Domain Name System Security Extension (DNSSEC) adds security to the Domain Name System.
The original design of the Domain Name System (DNS) did not include security; instead it was designed to be a scalable distributed system. In summary, the Domain Name System Security Extensions (DNSSEC) attempts to add security to the domain name system, while maintaining backwards compatibility.

DNSSEC was designed to protect Internet resolvers (clients) from forged DNS data, such as the one created by DNS cache poisoning. It is a set of extensions to DNS, which provide to DNS clients (resolvers).

The DNSSEC deployment/implementation at Top Level Domains (TLDs) worldwide is at different levels. In general, the implementation level in most African ccTLDs is at the experimental level whilst the root zones have been signed at most ccTLDS in North America, Europe and Asia. Latin American ccTLDS are better positioned than African ccTLDs.

Nigeria is now ripe to sign the .ng root, and there are plans to do that in the course of the year.