With the current evolution of cyber threats and cyber-attacks, the security of networks and information systems is taking centre stage. To achieve this, DNSSEC (Domain Name System Security Extensions) protocol implementation, mainly by operators of electronic communication networks and services and operators of essential services in Luxembourg who are particularly affected by this reality, is crucial.
Domain name security, a dedicated brochure
The Restena Foundation, as the registry of the national top-level domain .lu, and the Institut Luxembourgeois de Régulation (ILR) have published a brochure providing guidance and best practices for securing your online presence and ensuring the security of domain names. The latter is indeed considered a crucial part of the security of the essential services and thus a crucial part to the security of our society. The brochure is twofold:
- The Domain Name System (DNS) is one of the core elements of the internet. Its protocol was developed in the late 80s with main functionality to provide a distributed naming system.
- DNS Security Extensions (DNSSEC) guarantee the outcome of the resolution process is legitimate and hasn’t been altered. It offers a solution to guarantee data integrity, so the legitimacy and non-alteration of the outcome of the resolution process.
Domain Name Security was published as part of the first NISDUC (NIS Directive User Community) conference organised in Luxembourg on 11 and 12 May 2022 by the Institut Luxembourgeois de Régulation (ILR) and the Belgian Institute for Postal services and Telecommunications (BIPT) in collaboration with the Luxembourg Institute of Science and Technology (LIST), SECURITYMADEIN.LUand the Center for Cyber security Belgium (CCB). The guidance and best practices were shared at the conference within the workshop on DNS security best practices led by Guillaume-Jean Herbiet, technical manager of the .lu service. During the event, Cynthia Wagner, Security Manager and Chief Information Security Officer, also shared the stage with EURid and DNS Belgium counterparts. Together, respectively as .lu, .eu and .be registries, they shared their experiences as Operator of Essential Services (OES).
DNSSEC, services operational for over a decade
While only 7% of .lu domain names are DNSSEC-signed and a real effort is needed to implement the technology at all levels of society, Restena is taking DNSSEC technology far beyond the institutions part of the research and education community connected to its network. After implementing the technology in 2011 in the .lu zone that it manages and operates, it has gradually incorporated into several services.
‘Public DNS resolver’ service
Objective: Provide data security, confidentiality and protection for DNS requests by means of neutral and recursive resolvers that validate the responses obtained by using DNSSEC technology.
How? Validation of the authenticity of obtained data by DNSSEC technology when the latter is activated for queried domain names
- Research and education institutions in Luxembourg
- General public
‘DNS servers’ service
Objective: Use your .lu domain name reliably and with total peace of mind by using "authoritative" servers that benefit from DNSSEC technology.
How? Signing a domain using the DNSSEC protocol, including generation and renewal of cryptographic keys from the Restena Foundation's master server.
- Research and education institutions in Luxembourg for all their domain names regardless of their extension and registrars with which they are registered
- Holders of .lu domain names via the domain name registration and management platform offered by Restena as part of its activity as an accredited registrar for .lu