News | 03.07.2009

DNSSEC Testbed for Germany Launched

DENIC eG, eco and BSI Start Initiative to Improve Security in the Domain Name System

Frankfurt am Main, 3 July 2009. DENIC, the Association of the German Internet Economy eco e.V. and the Federal Agency for Security in Information Technology (BSI) have launched the DNSSEC testbed for Germany.

The project shall lead to a concerted approach involving the entire industry concerned, explained Sabine Dolderer, member of DENIC's Executive Board, to 70 attendees who came to the launch meeting in the offices of DENIC in Frankfurt am Main on 2 July. After completion of the testbed by 2011, she said, it will be possible to make a joint proposal for the further proceeding.

The testbed will provide for the possibility of testing in a common cooperative environment all the scenarios that will be of importance in future operation. These will include supporting DNSSEC for .de domains, publication of the trust anchors, the processes of domain registration and DNSSEC-specific supplements for processes such as provider change and name server updates and also the utilization of the then secure information through the end customer via their Internet access. To make the test as similar to normal operation as possible DENIC will set up a name service of production quality parallel to the existing name service of the .de domain. Participating companies can then use this name service for both test purposes and controlled tests in the production environment. Additionally, DENIC intends to establish interfaces for registering and administrating the key information data for signed zones of second level domains below .de.
Internet service providers and other enterprises with own resolving name servers that participate in the testbed will be able to use the signed .de zone if they make some specific configuration changes to their name servers. DENIC will constantly monitor the traffic and the utilization of the testbed and communicate the data at regular intervals.

In his welcome speech at the launch event Dr. Kai Fuhrberg from BSI pointed out the importance of using DNSSEC in the future. The DNS, he said, must become more resilient in order to better protect the Internet community against risks. Hans Peter Dittler from BRAINTEC Netzwerk-Consulting GmbH described the technical benefit of DNSSEC in his presentation about the history of DNSSEC and its way of working. The security protocol will authenticate the entire DNS traffic and thus make unnoticed data manipulation by third parties impossible.

Dr. Jörg Schweiger, member of DENIC's Executive Board, explained the DENIC testbed in detail. To provide for the possibility of testing DNSSEC also outside of the laboratory DENIC will place at disposal a complete copy of an updated but signed .de zone fit for productive operation on two name servers in Europe and another one in Asia. Thus participants can gain operational and technical experience in an environment similar to that of production.

Ralf Weber from COLT Telekom GmbH explicated at the example of the plans of Telekom how ISPs and their customers can use the name servers of the test environment. Thorsten Dietrich from BSI announced that the Federal Agency will carry out a study to find out to what extent DNSSEC is already supported by access software and routers.

You will find more detailed information about the meeting at

www.denic.de/dnssec