Uncategorized

Get to Know More About DNSSEC (Domain Name System Security Extensions)

The Domain Name System Security Extensions is aimed at making DNS and the Internet in general more secure.

Domain Name System Security Extensions is a set of specifications set forth by the Internet Engineering Task Force for securing various types of information that may be provided by the domain name system or DNS on IP networks. These extensions to the DNS give the resolvers or DNS clients some form of origin authentication, data integrity, or authenticated denial of existence. It, however, excludes confidentiality and availability. In short, the Domain Name System Security Extensions add some form of authentication to the DNS to make the entire system safer and more secure.

The Internet Engineering Task Force came up with these extensions to help minimize the vulnerabilities in the domain name system and protect it from the threats online. It can also increase the level of security of the entire Internet.

Traditionally, the domain name system locates domain names and matches them to IP addresses. It did not have any way of knowing whether the domain name data is from an authorized domain owner or if the data has been forged. This gives rise to the possibility of different kinds of online attacks. For instance, it makes the DNS vulnerable to DNS cache poisoning. With DNS cache poisoning, a hacker would be replacing a valid IP address that is cached in the DNS table and redirects it to a rogue address. If you try to access the Web site behind a compromised DNS, you will be taken to a different site where you could get worms, hijackers, spyware, and other malware.

With Domain Name System Security Extensions, lookup data is verified by using a series of digital signatures and cryptographic keys. It also verifies whether the connections are from legitimate servers or not.

It may sound new to most, but these specifications were published by the IETF in 2005, specifically contained in three Request for Comments documents from the IETF:

  1. RFC 4033: DNS Security Introduction & Requirements
  2. RFC 4034: Resource Records for the DNS Security Extensions
  3. RFC 4035: Protocol Modifications for the DNS Security Extensions

In fact, Brazil, the Czech Republic, Sweden, Bulgaria and Puerto Rico were among the early adopters of the specifications and have used them for their country top level domains (i.e., .br, .pr and .se).

However, while the Domain Name System Security Extensions is aimed at making DNS and the Internet in general more secure, implementation of these steps are not compulsory. And because implementation has been largely voluntary, uptake of the specifications have been very slow. There are also a couple of roadblocks as well, including the necessity of designing a standard that can scale the large size of the Internet and is backward compatible, avoiding zone enumeration when it is required or wanted. It is also quite complex to deploy the implementations across different DNS resolvers and servers. Then there is the debate as to who should own top level domain root keys, as well as confusion when it comes to standards for second level domains.

You can rely on Four Cornerstone to handle your Domain Name System Security Extensions implementations. Call us at 1 (817) 377-1144 and work with our team of experts to help you move ahead with Domain Name System Security Extensions.

Photo  by Book Catalog.

Uncategorized

Security Trends For 2024: SBOMs

A recent article on Forbes, linked below, lists five security trends that are likely to be important in 2024. Of course, AI-related security topics top...

Keep Reading

Uncategorized

Getting started with your first…

Anyone looking at writing their first Generative AI application should read this to save time. In June 2023, Google Cloud published a useful blog post,...

Keep Reading

Uncategorized

Read-Write and Read-Only query splitting…

Optimize the usage of the standby (secondary) read-only MySQL InnoDB Cluster servers by automatically and transparently distributing read-queries to them. A great feature in MySQL...

Keep Reading

Uncategorized

Considering Cloud Diversification?

Moving an enterprise to a Public Cloud can quickly feel like moving into a locked-in relationship with the Cloud vendor. One solution to diminish this...

Keep Reading

Uncategorized

Gartner: Global cloud consumption will…

Gartner forecasts that 2024 will see a 20% global cloud consumption increase from 2023 to $679B, while 2023 has seen an 18% increase from 2022...

Keep Reading

Uncategorized

ByteDance: Use AI for tuning…

ZDNet is reporting that a ByteDance (the maker of TikTok) Linux kernel developer has proposed to implement AI to tune the performance of Linux systems...

Keep Reading

AI Governance

What is AI TRiSM?

If reading now about AI TRiSM for the first time, it might be good read on and learn what it’s about because it leads the...

Keep Reading

Cloud Blog

4 Ways To Benefit from…

One of the benefits you get when you work with cloud applications is that you often have quarterly updates that are packed with features. This...

Keep Reading

Artificial Intelligence

Data and Analytics: Cross the…

  Artificial intelligence is a manna sent from digital heaven. That’s how blessed your business can get if you immerse into the AI of things....

Keep Reading

Business Intelligence Blog

How Brand Names Survive in…

  The age of digital marketplace has made it possible for unknown and smaller companies to compete with better-known and well-established brands. Take for example...

Keep Reading

Live Chat | Emergency