Changing Internet Standards to Build A Secure Internet

Cloudflare is working with registrars and registries in the IETF to make Domain Name System Security Extensions (DNSSEC) easier for domain owners. Starting with .dk domains, they will enable DNSSEC automatically over the next two weeks. DNSSEC verifies the integrity of DNS answers by signing every DNS answer so clients can verify if it has been manipulated during transit. The challenge is that for a domain to have the opportunity to enable DNSSEC, its DNS provider, registrar and registry all need to support DNSSEC and the same encryption algorithms. Cloudflare proposes a new model for how DNS operators, registries and registrars could operate and communicate to make specific user-authorized changes to domains. The .dk registry has also recognized the outdated model and provides users with a programmatic way of installing and updating DS records.