Report: Government Agencies Lag In DNSSEC Adoption

  /     /     /  
Publicated : 22/11/2024   Category : security


Report: Government Agencies Lag In DNSSEC Adoption


New report shows DNSSEC adoption slow within the .gov community, with many missing federal mandate deadline



Nine months have passed since the federal governments deadline for deploying DNSSEC, but only 36 percent of federal agencies domains are authenticated with the DNS security protocol.
A new report from Internet Identity (IID) analyzed nearly 3,000 .gov domains in federal, state, local, and Native American agencies and found that DNSSEC adoption is making little progress. DNSSEC digitally signs DNS domains, which helps prevent cache poisoning attacks that intercept and redirect users Internet requests to malicious or unintended sites.
Most federal agency domains in .gov are not being signed with DNSSEC, the report found; only 38 percent are doing so as of mid-September. Around 36 percent are fully authenticating their domains with DNSSEC, with 421 federal .gov domains out of a total 1,185. And 2 percent of feds DNSSEC-signed domains are configured incorrectly and fail when DNSSEC checks are performed, the report found. IID also found that another 2 percent contain misconfigured DNSes.
This should be a wake-up call that DNSSEC, likely for a multitude of reasons, is still not being implemented across a wide spectrum of .gov domains despite a mandate to do so, said Rod Rasmussen, president and CTO at IID, in a statement. And even more worrisome, there is a small percentage of .gov domains that are adopting but not properly utilizing DNSSEC, leaving organizations with a false sense of security and likely problems for their users. Of all .gov domains, 15 percent were fully DNSSEC-signed and authenticated. On the state side, Idaho and Vermont have fully authenticated .gov domains with DNSSEC, and Virginias domain name is fully DNSSEC-authenticated.
Overall, 40 percent of the .gov domains are federal agencies; 57 percent, state and local; 2 percent, Native American; and 1 percent, nonfederal or other types of organizations.
The report says the bottom line is that .govs DNSSEC adoption is in the works but has missed its deadlines. Much has been made about the difficulties of implementing an entirely different DNS standard that is highly complex and new to most administrators. The adoption and error rates for .gov deployment bear that out so far. Yet despite the difficulties, there are many success stories: highly sensitive domains for the FBI, the Federal Reserve, DHHS, and the DEA, along with hundreds more, are being fully signed and authenticated, the report says. It appears that once a particular agency implements their DNSSEC plan, many or most domains controlled by that organization get signed.
A full copy of the IID DNSSEC report is available for download
here
(PDF).
Have a comment on this story? Please click Discuss below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Researches contributed to CryptoLockers downfall. ◂
Discovered: 23/12/2024
Category: security

▸ Simplocker: Innovative Android Ransomware Encrypts Data ◂
Discovered: 23/12/2024
Category: security

▸ Fraza reinterpretata: Bank Fraudsters Work While Brazilians Enjoy World Cup ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Report: Government Agencies Lag In DNSSEC Adoption