DNSSEC recommended standard for the public sector

Agency for Public Management and eGovernment (Difi) has decided that the security mechanism DNSSEC is a recommended standard for domain names registered by the public sector in Norway. Less than half of these domains are secured today, and the number is particularly low for state enterprises.

With a share of 58 percent DNSSEC-secured domain names, Norway is among the best in the world when it comes to securing the domain name system. However, the public sector is lagging behind. Less than half (47,3 percent) of the domains registered by the public sector are signed with DNSSEC. Among the municipals the share is 54 percent, while only 22 percent of the state domains are signed.

With the decision made on 28 October to make DNSSEC a recommended standard for the public sector, Difi hopes the number will increase. In addition to the recommendation of signing domains, Difi would also like that only resolvers that validates DNS inquiries are used.

– This is a great development from our perspective, says Hilde Thunem, general manager of UNINETT Norid AS. – The Internet is a sentral part of the infrastructure in the society, and it is becoming more and more important to make sure that information is not corrupted or delivered to the wrong recipient. DNSSEC is an important contribution for more secure communication on the net, and should be standard delivery for Norwegian domain names.

We see that there are big differences between the registrars when it comes to the number of signed domains. The ten registrars with the most signed domains represent 98,4 percent of the total. We recommend that all registrars with customers in the public sector, start using DNSSEC.

More about the DNSSEC development in Norway (updated September 2018)

More about the technology

Last updated 6 December 2018