Brussels, 2 September 2010 - EURid, the registry for the .eu top-level domain, is pleased to announce that .eu has a complete ‘chain of trust’ for Domain Name System Security Extensions (DNSSEC), an Internet security standard, with the addition of .eu DNSSEC key material to the Internet’s root zone.
The .eu zone was enabled for DNSSEC on 15 June 2010 knowing that the Internet’s highest level, the root zone, would become DNSSEC-compliant at a future date. Indeed, DNSSEC was fully deployed at the Internet root zone during July 2010 creating a single trust anchor. EURid’s application to insert .eu DNSSEC key material into the root, therefore completing the chain of trust for .eu, was concluded early this morning. This makes .eu one of the safest top-level domains.
“The completion of the DNSSEC chain of trust means that everyone visiting a website using a signed .eu domain name can be confident of its legitimacy since name server responses can now be validated all the way up to the Internet root zone,” says Marc Van Wesemael, General Manager of EURid. “As such, .eu is amongst the first top-level domains to have full DNSSEC-support, fulfilling our objective to be at the forefront of implementing Internet security measures via proven standards.”
“EURid encourages .eu domain name holders, through their registrars, to sign their .eu domain names with DNSSEC, therefore adding digital signatures to all levels in the chain,” continues Marc Van Wesemael. He also observes that as an ever-increasing number of .eu websites become DNSSEC-compliant, European businesses and consumers will benefit from the collective online protection brought to the .eu top-level domain.
DNSSEC is a protocol that verifies and validates name server responses from the bottom up through a chain of trust, thereby making the Domain Name System (DNS) more secure against web traffic interception attacks. Digital signatures are attached to DNS data – a process known as signing – so the origin and integrity of this data can be verified as it crosses the Internet. All name servers used to look up DNS data (such as a website IP address or an email delivery location) check the validity of the signed data, preserving trust throughout the hierarchy for website owners and users.