Blog

Is DNSSEC Adoption Worth It

Permlink | Comments
By: Anton McClure;
Published:
Tags: Technology; DNS; Cybersecurity; Internet;

DNSSEC has a lot of hype surrounding it, but is it worth adopting?

Photo by VIN JD (jaydeep_). Image licensed under the Pixabay License.
Photo by VIN JD (jaydeep_). Image licensed under the Pixabay License.

The Domain Name System (DNS) is essentially the phone book of the Internet. It is what makes sites like antonmcclure.com, google.com, facebook.com, oracle.com, linkedin.com, medium.com, and the many other sites and web applications we use on a day-to-day basis resolve to their domain names. As more and more people use the Internet, more and more malicious people and groups will try and take advantage of this system.

Since the beginning, DNS used UDP packets rather than establishing TCP connections. While this comes with an increase in speed, it makes it easier for addresses to be spoofed. If the address is spoofed, the site you go to might not actually be the site you were looking for. If you wanted to do online banking, purchase a product, make investments, or anything online, youd want to make sure that youre in the right place.

DNS Is Not Secure

The DNS system, designed in the 1980s, has no way to verify the response except by checking IP addresses, which is not a reliable method since these addresses can easily be spoofed.

An attacker can fake the authoritative servers and spoof the response for certain domains without the user even realizing it.

These attackers can also poison DNS cache on legitimate recursive resolvers by sending a forged DNS response. When a user tries accessing the site with a fake response cached, the domain will resolve to the fraudulent address.

Introducing DNSSEC

DNS Security Extensions (DNSSEC), in comparison to DNS, is the unspoofable Caller ID of the Internet, designed to add well-needed security to this system. It guarantees that web application traffic gets routed to the correct servers.

Some of the security benefits it provides include:

  • Authenticating DNS data.
  • Protecting data integrity.
  • Authenticated denial of a domains existence.

DNSSEC ensures that answers are digitally signed, and lets resolvers check if the information is identical to the info provided by the authoritative DNS server. For many internet users, protecting IP addresses and records is a concern. DNSSEC helps by providing that well-needed security for DNS.

Getting Your Domains Protected

DNSSEC is complicated, but that doesn't need to make it impossible for your domains to be secure. Feel free to get started protecting your domain with DNSSEC. Free solutions exist for popular DNS software such as bind9, or you can use a professional solution such as Cloudflare DNSSEC which I recommend and personally use for DNS. The setup process was very simple, and the benefits greatly outweighed letting users spoof responses or attempting to self-host the authoritative DNS server opening my server and other's servers to various attacks.

If you haven't done so already, learn more about DNSSEC, and know that you're helping make the Internet a safer place for everyone.


Also on:


About the Author

Recent Posts

Image from piqsels. Licensed under public domain.
How Software as a Service (SaaS) Can Improve Your Business

By: Anton McClure;
Published: July 1, 2020
Tags: Technology; SaaS; Business;
You want your business to be successful, and modern cloud technologies such as SaaS can help make that success happen.

Title card - Image features an SSH connection Lily Winter's
How to Get Started with Tildes

By: Anton McClure;
Published: June 30, 2020
Tags: Technologies; Tildes; Open Computing;
Many public-access servers called "tildes", many of which are actively accepting new users. Here's how you can join and start making the most of your new tilde account.

Image by Pete Linforth (TheDigitalArtist). Image licensed under the Pixabay License.
Microsoft Gives Linux and Android a Significant Security Upgrade

By: Anton McClure;
Published: June 24, 2020
Tags: Android; Linux; Microsoft; Security;
Microsoft has released their Defender ATP platform for Linux and Android devices. Here are some of the benefits it brings, and how you can deploy it.

Image from pxfuel. Free for commercial use.
Making the Internet and its Content Accessible for More People

By: Anton McClure;
Published: June 14, 2020
Tags: General; Internet;
Mobile devices are bringing the Internet to more people than ever before. Here's ways we can improve their online experience.

Screenshot from me deleting a WordPress site from my VPS.
(Why) I Won't Use WordPress, and Why You Shouldn't Either

By: Anton McClure;
Published: June 5, 2020
Tags: Technology; Alternatives; Security; Internet;
WordPress is popular, but there are better programs out there.

Image by OpenClipart-Vectors. Image licensed under the Creative Commons Zero (CC0) license.
Zoom Free Users Will Not Have End-to-End Encryption

By: Anton McClure;
Published: June 4, 2020
Tags: Technology; Encryption; Alternatives;
Zoom CEO has stated free users will not get end-to-end encryption. Here are some good alternatives to Zoom you could use instead.