Understanding Africa's DNS Security Practices: Present and Future | Blog 4

This blog is the fourth in a series focused on the 2023 Africa Domain Name Industry Study. The blogs contextualize and expand upon data and information gathered during the study.

 

The 2023 Africa Domain Name Industry Study provides a comprehensive overview of the growth, challenges, and future potential of the domain name industry across the continent. It was commissioned by ICANN and conducted by PowerSoft Africa, in collaboration with the Coalition for Digital Africa. The study builds upon the baseline established in 2016, providing updated insights into the current state of Africa's domain name industry.

In the area of cybersecurity, Domain Name System (DNS) security remains a critical area. The current state of DNS security in Africa is characterized by a patchwork of practices and varying levels of adoption of key security technologies, and the study reveals a mix of progress and areas needing significant improvement. Key to this discussion is the adoption of DNS Security Extensions (DNSSEC), a set of protocols that add an additional layer of security to prevent DNS spoofing and other types of cyberattacks.

 

The Importance of DNSSEC Adoption

DNSSEC is a critical component of a secure Internet infrastructure. It adds a layer of authentication to DNS responses, ensuring that users are directed to legitimate websites rather than fraudulent or malicious ones. This is particularly important as cyberattacks targeting DNS vulnerabilities become more sophisticated and widespread.

In Africa, the consequences of not adopting DNSSEC are already evident. The study found that African countries with low DNSSEC adoption rates are more at risk to DNS hijacking, which can lead to significant financial and reputational damage. For example, in 2022, multiple African banks experienced DNS-based attacks that disrupted online services and led to important financial loss. This underscores the urgent need for improved DNS security measures.

 

The Current State of DNS Security in Africa

DNSSEC adoption in Africa, while growing, is still limited. As per the latest findings, only 45 percent of Africa top-level domains (which includes 54 country code Top-Level Domains, six Internationalized Domain Name country code Top-Level Domains, and four generic Top-Level Domains) are DNSSEC signed. This means that more than half of the top-level domains in the region are still vulnerable to DNS spoofing and other related attacks.

While awareness of DNS security has grown, implementation remains uneven across the continent. The slow uptake is often attributed to limited technical capacity and lack of awareness among key stakeholders, and the costs associated with deploying DNSSEC signing. However, the gradual DNSSEC deployment, at signing and validation level, is a positive trend, indicating an awareness and effort toward enhanced DNS security.

Countries like Ghana, Morocco, Rwanda and Cote d’Ivoire have recently taken notable steps forward with improving their national DNSSEC validation rate. In contrast, many other countries such as Nigeria, Egypt, Algeria, and Ethiopia, are yet to activate DNSSEC validation in their respective networks, leaving their Internet users more exposed to some cyber threats.

 

Implications for Cybersecurity

The low adoption of DNSSEC has serious implications for Africa’s broader cybersecurity landscape. A vulnerable DNS can serve as a gateway for cybercriminals, compromising not only individual websites but also entire networks. This risk is heightened in Africa, where the digital infrastructure is still developing, and the regulatory environment around cybersecurity is often fragile.

To mitigate these risks, the study recommends targeted efforts to build technical capacity and raise awareness about DNSSEC among Internet service providers, registries, and government bodies. Capacity-building initiatives, along with supportive regulatory frameworks, can help accelerate DNSSEC adoption and enhance the overall security of Africa’s digital ecosystem. In that regards, efforts such as the ICANN Technical Engagement support and the DNSSEC Roadshow of the Coalition for Digital Africa are to be encouraged.

In addition to DNSSEC, other secure DNS protocols such as DNS over Hypertext Transfer Protocol Secure (DoH), DNS over Transport Layer Security (DoT), and the newer DNS over Quick UDP Internet Connection (DoQ) are gradually being adopted. Interestingly, Africa is above the world average in the adoption of the QUIC protocol and is following closely in DoH adoption, although it lags in DoT implementation.

 

The Way Forward

While there has been progress on DNS security in Africa, much work remains to be done. To bolster DNS security in Africa, a multifaceted approach is needed, including enhanced training and awareness; collaboration and support between governments and regional and international organizations; and leveraging new technologies and protocols to stay ahead of cyber threats. By prioritizing the adoption of DNSSEC and other security protocols, African countries can protect their Internet infrastructures, foster trust in digital services, and drive economic growth.

For an in-depth look at the findings, explore the full 2023 Africa Domain Name Industry Study. Connect with us on the Coalition for Digital Africa's social media platforms and share your perspective. Let’s work together to shape the future of Africa’s digital landscape.