The Finnish domain authority has introduced the Domain Name System Security Extension (DNSSec) for Finnish domain names.
The DNSSec extension has been fully available for customers to use since 31 March 2011. No additional requirements have been placed on Finnish domain name holders as the security extension is introduced by service providers managing the name servers and network operators.
DNSSec (Domain Name System Security Extensions) is an extension to the domain name system aiming to improve the information security of the name service. Comparable to a telephone directory covering the entire world, the name service assigns every domain name its own unique IP address (for instance, 22.214.171.124 is assigned to www.dnssec.fi).
When active, DNSSec makes responses to name service queries digitally signed. The security extension ensures the integrity and origin of information as it makes sure that replies to name service queries originate from the correct sender and that no modifications have affected the response information.
A digital signature can be created using a pair of keys (a public key and a private key). The private key is kept confidential and only the domain name holder alone can access it whereas the public key information is available in the name service. The verification of digital signature can be done by using the private key with its corresponding public key.
Specifications for DNSSEC signing
The following parameters are used in DNSSEC signing the FI zone:
Hash function: SHA-256
Signing algorithm: RSA
– Zone Signing Key (ZSK): RSA 1024-bit
– Key Signing Key (KSK): RSA 2048-bit
Web Solutions, a leading Finnish domain name registrar, will register your .FI domain name with or without DNSSec extension. The Trustee Service provided by Web Solutions makes registration easy even without a local presence in Finland.