The Finnish Transport and Communications Agency Traficom cooperates with domain name registrars and internet service providers operating in Finland to improve information security among citizens and organisations.
One way of achieving this is to promote the deployment of DNSSEC (Domain Name System Security Extensions). Registrars providing .fi domain names can offer DNSSEC to their customers, and internet service providers can activate DNSSEC support in resolvers or deploy DNSSEC themselves.
“So far, the DNSSEC deployment rate in Finland is low. Only around one per cent of .fi domains use DNSSEC, while in Sweden or Norway, the share of DNSSEC-protected .se and .no domain names is well over 50 per cent. DNSSEC validation rates follow the same trend. In Finland, roughly 7 per cent of all internet traffic is validated, whereas in Sweden and Norway, the share is over 80 per cent,” explains Juhani Juselius, Chief Specialist at Traficom.
The joint effort by Traficom and operators culminates in national DNSSEC Launch Day on 5 September 2019 when all operators that have deployed DNSSEC are revealed. Companies taking part in the Launch Day are already being listed on Traficom’s website at this address (External link). To register for the DNSSEC Launch Day or update any entered information, email Traficom at fi-domain-tech@traficom.fi.
The Domain Name System (DNS) is a critical component for accessing websites or delivering emails to their recipients. However, DNS traffic is not encrypted which means that it is vulnerable for misuse.
The DNS Security Extension DNSSEC was designed to improve DNS information security and it is used throughout the world. DNSSEC is a service that improves the information security of name servers. In practice, DNSSEC is a kind of an insurance, which guarantees that internet users access just the websites they intend to visit and emails reach their correct recipients. Furthermore, DNSSC provides protection against attacks targeted at the Domain Name System.
DNSSEC ensures that responses to DNS queries come from the right sender and that the response information has not been modified. When DNSSEC is enabled, responses to DNS queries are digitally signed. The SSL protocol (Secure Sockets Layer) ensures that internet users get to the intended website. DNSSEC does not replace SSL encryption. Instead, it complements SSL by preventing situations where the user could end up connecting to a wrong server already before the connection is secured using SSL encryption.
Traficom is the registry operator of the .fi country code top-level domain and maintains name servers needed for the .fi root.
Enquiries: Juhani Juselius, Chief Specialist, Traficom, tel. +358 295 390 492, firstname.lastname(at)traficom.fi, Twitter: @JuhaniJuselius (External link)