DNSSEC: guaranteed security for .lu domain names


At the CENTR Jamboree 2019, the RESTENA Foundation presented its service allowing anyone registering a domain name to automatically protect and authenticate linked data thanks to DNSSEC technology.

From 27 to 29 May 2019, a delegation from the RESTENA Foundation travelled to Amsterdam to take part in the CENTR Jamboree 2019 organized by the Council of European Top-Level Domain Registries (CENTR), an association for exchange, dialogue and innovation of European country code top- level domain (ccTLD) registries. Guillaume-Jean Herbiet, Systems Engineer-PhD at the RESTENA Foundation, introduced to members a new service for users registering their domain names directly with the RESTENA Foundation. They will soon be able, in a few clicks, to make use of their domain - by associating it with their Internet site or their email service - and to authenticate the data by using, automatically, the Domain Name System Security Extensions (DNSSEC) technology.

Servers under the microscope ...

As part of its DNS-LU service, the RESTENA Foundation acts as a registrar allowing everyone to register a .lu domain name, but above all it acts as a registry. The RESTENA Foundation is responsible for the registration and publication for the country code top-level domain (ccTLD) in .lu. In this role, it is the contact point for over fifty registrars around the world. The latter must indeed refer to the RESTENA Foundation for the registration and publication of any .lu domain name, essential steps for the use of a nominative address by, for example, a website or an email address.

To ensure optimal security for .lu domain names, the RESTENA Foundation has been protecting its core zone with cryptographic keys using DNSSEC technology since 2011. It therefore offers the possibility to authenticate and protect the information associated with any .lu domain name. To date, only 2% of these names are protected by DNSSEC while 75% of DNS queries issued from Luxembourg could already benefit from such a protection, so that secure access to online resources registered in Luxembourg can still be improved. This security feature will now be accessible to all users, in just a few clicks and without any technical requirements.

... for maximum reliability

To provide such a service, the RESTENA Foundation relies on a set of open source, reliable and well known software (PowerDNS, Redis, NSD, etc.). To ensure performance and high data availability, information from each domain is automatically replicated to several servers across Europe. This resilience is made possible through a partnership with Netnod Internet Exchange (Netnod), a Swedish Internet infrastructure organization. More broadly, the engineers responsible for the DNS-LU activities are listening to both other .lu domain name registrars and holders in order to help them develop the implementation of DNSSEC on their servers. Being potentially complex, this process is however essential to guarantee the reliability of the information provided by the DNS and to build trust and enhance security of all individuals on the Internet.

Guillaume-Jean Herbiet

E-mail: gjherbiet@restena.lu