Ensuring a secure Internet: SWITCH is running a DNSSEC test operation

SWITCH is running a DNSSEC test operation up until February 2010. The .ch and .li zones have been signed to this end. DNSSEC constitutes an extension to the Domain Name System (DNS), which prevents DNS queries from being manipulated.

DNSSEC is an extension of the Domain Name System (DNS), that ensures the authenticity and integrity of the data in DNS replies.

Technical measures have been implemented which mean that the computer submitting a query (e.g. an internet browser) can now see whether the reply provided for an internet address in the DNS actually comes from the server that is registered with SWITCH as being the competent server. At the same time, DNSSEC ensures that this response is not modified as it is transported through the internet.

Expressed in simple terms: DNSSEC is a type of insurance which guarantees that people using the internet are only shown the actual website that they intended to call up.

This guarantee is achieved through cryptographic signatures. No information is encrypted in DNSSEC. All the data remains publicly accessible, as with the existing DNS.

You will find further information and the pdf brochure entitled "DNSSEC – ensuring a secure internet" (see link below).
 

• PDF brochure "What is DNSSEC?"

• The SWITCH DNSSEC web page