Nominet rolls out DNSSEC extensions for 9.4 million .uk domains

UK registry Nominet has enabled the deployment of domain name system security extensions (DNSSEC) for 9.4 million second level .uk domains.

UK registry Nominet has enabled the deployment of domain name system security extensions (DNSSEC) for 9.4 million second level .uk domains.

Completing the rollout represents over a year's work and marks an important milestone in making the web a more trusted environment for UK consumers and businesses, says Nominet, which is responsible for running the .uk internet infrastructure.

The roll-out builds on the not-for-profit organisation's work in driving forward the global DNSSEC initiative, which creates an additional layer of security in the worldwide internet infrastructure.

"We wanted to maintain the reliability and security of the .uk domains and to be a thought leader in the development of the DNSSEC standard," Simon McCalla, IT Director at Nominet, told Computer Weekly.

In July 2010, the world's 13 root-name servers completed preparations for the introduction of DNSSEC, which applies digital signatures to domains, securing DNS data and helping to prevent spoofing, man-in-the-middle attacks and cache poisoning by authenticating the data's origin and verifying its integrity as it moves throughout the internet.

The security extensions are designed to protect the DNS from attacks intended to redirect queries to malicious sites by corrupting DNS data stored on recursive servers.

For example, in man-in-the-middle attacks, cyber criminals exploit a series of vulnerabilities to redirect all web traffic to a major web destination to their own website designed to mimic the original. The goal is to harvest consumers' identities or financial information.

The completion of DNSSEC deployment sees the chain of trust established from the root of the internet through to all of .uk second level domains such as,,, and, allowing DNSSEC validation to take place right down to individual domains.

Nominet's systems are now live to enable its registrars to offer this service to their customers, allowing them to sign and secure individual domains.

"DNSSEC is an important part of the armoury of the internet industry in protecting against attacks on the Domain Name System. This is a significant step forward for the security of the .uk domain and opens the door for the UK's major websites to DNSSEC-enable their domains and make the internet a safer place," said McCalla.

Registrars, internet service providers and online businesses can now take action to get domains signed and secured.

"This will protect consumers from cyber-attacks and businesses from damaged reputations and lost revenues," said McCalla.

Nominet plans to launch a DNSSEC signing service, which will allow registrars to simply hand over the process of DNSSEC signing their zones to Nominet.

"Smaller registrars often find DNSSEC too difficult, costly or time-consuming, so the signing service is aimed at helping them to overcome all these hurdles," said Simon McCalla.


Read more on IT risk management