DNS technology was not designed with security in mind. It uses clear text requests where attackers can easilily manipulate in the middle.
DNSSEC is a security feature in the Domain Name System (DNS). It authenticates the responses to domain name lookups on internet.
DNSSEC prevents attackers from manipulating or poisoning the responses to DNS requests .
DNS spoofing is an example of an attack on DNS infrastructure where
an attacker hijacks a DNS resolver’s cache, causing users who visit a website to receive an incorrect IP address, to direct the user to attacker’s malicious site instead of the one that was actually requested by the user.
How DNSSEC works?
DNSSEC once actuvated, generates a public and private key for your zone. The public key is provided to you in the form of DS or DNSKEY records. The records should be configured at the domain provider, where the domain name is registered.
During the deployment of your zone in the network, the network will use the private key to sign all your records. These signatures will be received and checked by the end-user resolver if they match with the public keys.
No comments:
Post a Comment