DTA implementing DNSSEC on .gov.au

By Dylan Bushell-Embling
Thursday, 04 April, 2019

The Digital Transformation Agency (DTA), in its capacity as registrar for the .gov.au domain space, has taken another step towards the implementation of DNSSEC within the space.

The agency announced it has digitally signed the .gov.au zone to provide a trusted link for DNS queries between the top-level .au domain and third-level .gov.au domains such as my.gov.au.

Matt Goonan, the agency’s CTO, described the signing as a “small, but important step towards helping owners of gov.au domains protect their users against domain spoofing and cache poisoning attacks on gov.au domains”.

The move will help agencies implement DNSSEC (the Domain Name System Security Extensions) public key cryptography techniques to enable DNS servers to provide signed DNS data.

DNSSEC was developed to combat spoofing attacks involving an attacker causing incorrect answers to DNS queries to be stored in the DNS cache of resolvers or devices, in turn causing those devices to connect to incorrect websites or internet services.

Meanwhile, the DTA is gearing up to launch a pilot trial in the next few weeks by implementing DNSSEC on real-world .gov.au domains.

The agency is also working with the Australian Cyber Security Centre, the .au Domain Administrator, the Department of Communications and the Arts and .au registry operator Afilias to deploy DNSSEC with agencies choosing to do so.

Image credit: ©stock.adobe.com/au/Edelweiss

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.