Enhancing .CA security

The Canadian Internet Registration Authority (CIRA) plays a critical role to ensure key parts of the Internet’s domain name system (DNS) infrastructure in Canada are continuously and securely available to all Canadians.

To enhance .CA’s already robust registry infrastructure, CIRA has taken additional steps to make the Internet more secure for Canadians. We launched a suite of security products and initiatives for .CA:

  • DNSSEC: Short for Domain Name System Security Extensions, DNSSEC is a set of extensions used to add an additional layer of security to the Domain Name System.
  • .CA Registry Lock: Prevents against unintended changes, including domain name hijacking, by locking the domain at the Registry level.
  • Completion of .CA holder contact information: Verifying contact information for each .CA holder is complete ensures the .CA is accurately attributed to the authorized holder and that any changes to the contact information can only be initiated by the .CA holder.

As bad actors in the Internet space become increasingly sophisticated, the breadth and impact of attacks also increase. A few recent high-impact examples include:

  • In August, 2013, the New York Times domain name information was hacked and altered, which resulted in their website being unavailable for a period of time for readers across the world. This downtime resulted not only in readership disruption but also the loss of advertising revenue.
  • Twitter’s domain name system information was hacked and altered to show the Syrian Electronic Army (SEA) as its managing contacts
  • HuffingtonPost UK also had its domain name system records altered.


Using the .CA suite of security products helps mitigate against these types of attacks, and maintains the up-time and reputation of the compromised organizations. If your .CA web address is at the core of your business, this additional layer of security is for you.

Learn more about how CIRA is continuing to bring enhanced Internet security to Canadians and all the players in the Internet ecosystem and talk to your Registrar about securing your .CA domain name with DNSSEC and .CA Registry Lock.