Is DNSSEC Adoption Worth It

By: Anton McClure;

Published: February 11, 2020

Categories: Technology; Cybersecutity; Internet;

DNSSEC has a lot of hype surrounding it, but is it worth adopting?


Photo by VIN JD (jaydeep_). Licensed under the Pixabay License.
Photo by VIN JD (jaydeep_). Licensed under the Pixabay License.

The Domain Name System (DNS) is essentially the phone book of the Internet. It is what makes sites like antonmcclure.com, google.com, facebook.com, oracle.com, linkedin.com, medium.com, and the many other sites and web applications we use on a day-to-day basis resolve to their domain names. As more and more people use the Internet, more and more malicious people and groups will try and take advantage of this system.

Since the beginning, DNS used UDP packets rather than establishing TCP connections. While this comes with an increase in speed, it makes it easier for addresses to be spoofed. If the address is spoofed, the site you go to might not actually be the site you were looking for. If you wanted to do online banking, purchase a product, make investments, or anything online, youd want to make sure that youre in the right place.

DNS Is Not Secure

The DNS system, designed in the 1980s, has no way to verify the response except by checking IP addresses, which is not a reliable method since these addresses can easily be spoofed.

An attacker can fake the authoritative servers and spoof the response for certain domains without the user even realizing it.

These attackers can also poison DNS cache on legitimate recursive resolvers by sending a forged DNS response. When a user tries accessing the site with a fake response cached, the domain will resolve to the fraudulent address.

Introducing DNSSEC

DNS Security Extensions (DNSSEC), in comparison to DNS, is the unspoofable Caller ID of the Internet, designed to add well-needed security to this system. It guarantees that web application traffic gets routed to the correct servers.

Some of the security benefits it provides include:

  • Authenticating DNS data.
  • Protecting data integrity.
  • Authenticated denial of a domains existence.

DNSSEC ensures that answers are digitally signed, and lets resolvers check if the information is identical to the info provided by the authoritative DNS server. For many internet users, protecting IP addresses and records is a concern. DNSSEC helps by providing that well-needed security for DNS.

Getting Your Domains Protected

DNSSEC is complicated, but that doesnt need to make it impossible for your domains to be secure. If you host your own DNS with a program such as Bind9, feel free to take advantage of free solutions for setting up dnssec on bind9.

Feel free to get started with protecting your domain with DNSSEC if you havent done so already, learn more about DNSSEC, and know that youre helping make the Internet a safer place for everyone.

Recent Articles


(Why) Privacy Matters

By: Anton McClure;

Published: March 12, 2020

Categories: Technology; Privacy; Linux; Windows; macOS; Internet;


Do Paywalls Work

By: Anton McClure;

Published: February 27, 2020

Categories: Technology; Media; Internet;

Many news sources resort to using paywalls to generate profit. Do these paywalls actually have benefits other than some extra money?


Microsoft Launches New Edge Browser

By: Anton McClure;

Published: January 16, 2020

Categories: Technology; Microsoft;

The stable release of the new Microsoft Edge is now available for download.


Windows 7 Support Ends in 1 Day - What Options do Windows 7 Users Have

By: Anton McClure;

Published: January 13, 2020

Categories: Technology; Microsoft; Windows;

Support for Microsoft Windows 7 will be ending in less than 24 hours. What options do those still on it have?


Zenith Shell Provider and Web Host Resignation

By: Anton McClure;

Published: January 10, 2020

Categories: Unorganized;

Resignation notice for Zenith Shell Provider and Web Host (formerly Summit Tilde).


How I Got Clean URLs For My Blog

By: Anton McClure;

Published: January 9, 2020

Categories: Technology; General;

A simple and no-bs solution for SEO-friendly URLs that can be used with virtually any web app.


New Blog

By: Anton McClure;

Published: January 2, 2020

Categories: General;

Introduction post for new blog.