Main Nav

7 Things You Should Know About DNSSEC

Friday, January 15, 2010

Abstract

The Domain Name System (DNS) uses a distributed network of name servers to translate text-based web addresses into IP addresses, directing Internet traffic to proper servers. DNS was built without security, however, leaving Internet traffic exposed to forged DNS data, which leaves websites vulnerable to a range of attacks. DNS Security Extensions (DNSSEC) adds security provisions to DNS so that computers can verify that they have been directed to proper servers, avoiding many of the most dangerous DNS attacks. In this way, DNSSEC has the potential to significantly expand the trustworthiness—and thus the usefulness—of the Internet as a whole.

Download This Resource

Tags from the Community

Comments

There is no question that DNSSEC will significantly improve the security of DNS.  But in the near term, what should be done?  Here are some resources that appear helpful:

http://www.secureworks.com/research/articles/dns-cache-poisoning - keep your DNS software updated and disable external recursive queries

http://www.eweek.com/c/a/Security/Google-Public-DNS-Security-Not-Breaking-New-Ground-Some-Say-402410/  -  Google DNS and OpenDNS have measures to prevent cache poisoning. 

Any other advice or resources?