Serbian National Internet Domain Registry (RNIDS) organised the DNSSEC implementation workshop on May 16th and 17th at hotel ‘Moskva’ in Belgrade with Patrik Wallström and Rickard Bellgrim from the Swedish national registry as lecturers.
The workshop gathered about thirty participants who dealt with installing and maintaining DNS servers. DNS is considered to be one of the pillars the Internet is build on and thus the security and accuracy of data provided by DNS is critical for the survival of the Internet as an ordered space.
DNSSEC (Domain Name System Security Extensions) is a set of extensions for DNS servers increasing the security of DNS service users by cryptographically signing DNS responses using the public key so that their authenticity can be checked. Signing entire zones on DNS servers enables the confidence first among various DNS servers that exchange information and then with the end user who gets the accurate and unchanged information about the location of a particular server.
Malicious activities of modifying the content of a DNS cache, which are well known, imply entering false, altered IP addresses of particular servers into the cache. If the user searches for www.some-bank.rs, instead of the correct IP address he will get the one that the attacker has entered into the DNS cache and thus directed the user to a wrong website where he could be required to provide his confidential information. DNSSEC prevents precisely such problems.
RNIDS plans to introduce DNSSEC for the local .RS and .СРБ Internet domain space and in doing so join the European registries which have already enabled it to their users.