Posted in DNS, Protocol

DNSSEC – DNS Security Extensions – Security Protocol for DNS

   Leave a comment
dnssec-DNS-Security-Extensions

What is DNSSEC ?

DNS (Domain Name System) is one of old and an integral component of internet.However, DNS was never designed as a secure protocol, due to lack of security in DNS was always a weakest point of modern internet.The effort resulted – The Internet Engineering Task Force (ITEF) has been working since more than decade to evolved a standard model for the DNSSEC (domain name system security Extensions).

👉🏻 Read AboutWhat is DNS System

DNSSEC is backward-compatible of DNS protocol with additional security protocol that provides authentication and integrity checks for the origin DNS information.

DNSSECDomain name system security extensions is effort to add a set of security protocols in order to provide origin authentication and integration for the DNS query and response.

Originally DNS protocol was not designed to track domain information such as IP address and location where the domain-name request originated.These security weakness exposed DNS system vulnerable and open it for different types of attacks , such as DNS spoofing and DNS cache poisoning.However, DNSSEC do not provide encryption and confidentiality for DNS Data.

Example of DNS poisoning attack – where the hackers replace a valid IP address of web-site cached in a local DNS table with rough IP address.So, the request to a valid address will be redirect to rough web-page.

DNSSEC provides a layer of additional security, where the web-browser will check and ensure the DNS data integrity, and also ensure that it was not compromised during transmission.

DNSSEC emerging with browsing security, It secure the internet community from the forged DNS Information.DNSSEC protocol leveraged with public key cryptography to digitize singed authoritative zone data and validated by origin authentication system.

Digital signed (Public Key) help and ensure to end users that the DNS information which was originated from source machine was not intercepted by hackers while communication in transit.These potential security enhance and maintains the trust of internet community and ensure them secure communication.

DNSSEC security variables public key cryptographic and digital signatures make sure that DNS originate request is correct, not modified in transit and connection is made to a legitimate servers.

Author: Ronnie Singh

Your Feedback is Valuable for us. Pls do comments.