DNS Security Extension

I have a separate post on DNS and if you are new to DNS first read that post before DNS Security Extension (DNSSEC).

So We know that DNS resolver makes DNS queries for us but this resolver does not ask any questions regarding the validity of the DNS query it is fetching for you.

Any malicious attacker can create a false DNS entry in the primary stages of DNS lookup and will direct you to a malicious IP address instead.

DNSSEC tackles this issue by providing a way to authenticate DNS response data.

When a visitor enters the domain name in a browser, the resolver verifies the digital signature.

If the digital signatures in the data match those that are stored in the master DNS servers, then the data is allowed to access the client computer making the request.

The DNSSEC digital signature ensures that you’re communicating with the site or Internet location you intended to visit.

DNSSEC uses a system of public keys and digital signatures to verify data. It simply adds new records to DNS alongside existing records. These new record types, such as RRSIG and DNSKEY, can be retrieved in the same way as common records such as A, CNAME, and MX.

These new records are used to digitally “sign” a domain, using a method known as public-key cryptography.

A signed nameserver has a public and private key for each zone. When someone makes a request, it sends information signed with its private key; the recipient then unlocks it with the public key. If a third party tries to send untrustworthy information, it won’t unlock properly with the public key, so the recipient will know the information is bogus.

Note that DNSSEC does not provide data confidentiality because it does not include encryption algorithms. It only carries the keys required to authenticate DNS data as genuine or genuinely not available.

Also, DNSSEC does not protect against DDoS Attacks.

There are two types of keys that are used by DNSSEC:

  • The zone signing key (ZSK) – is used to sign and validate the individual record sets within the zone.
  • The key signing key (KSK) – is used to sign the DNSKEY records in the zone.

Both of these keys are stored as “DNSKEY” records in the zone file.

Know since we have a basic understanding of DNSSEC we will try to emulate it in a lab environment.

Comments

  1. g because

    Your style is so unique compared to other people I have read stuff from.
    Thanks for posting when you have the opportunity, Guess I’ll just book mark this page.

  2. no g

    Hello my friend! I wish to say that this post is amazing, nice written and come with almost all important infos.
    I would like to look extra posts like this .

  3. web hosting company

    Thank you, I have just been looking for information about this topic
    for a long time and yours is the greatest I’ve discovered so far.
    But, what concerning the bottom line? Are you certain about
    the supply?

  4. web hosting providers

    Hello! This is kind of off topic but I need some help from
    an established blog. Is it tough to set up your own blog?
    I’m not very techincal but I can figure things out pretty fast.
    I’m thinking about making my own but I’m not sure where to begin. Do you
    have any tips or suggestions? Appreciate it

  5. best web hosting 2020

    I really like your blog.. very nice colors & theme. Did you make
    this website yourself or did you hire someone to do it for you?
    Plz answer back as I’m looking to design my own blog and would like to know where
    u got this from. cheers

  6. cheap flights with jet2 sale flights

    Howdy! I understand this is sort of off-topic but I needed to ask.
    Does managing a well-established website such as yours require a large amount of
    work? I am brand new to writing a blog however I do write in my journal on a daily basis.
    I’d like to start a blog so I can share my personal experience and thoughts online.
    Please let me know if you have any kind of ideas or tips for new aspiring blog
    owners. Thankyou!

  7. website hosting services

    Greetings! I know this is kinda off topic nevertheless I’d figured I’d ask.
    Would you be interested in trading links or maybe guest writing a blog
    post or vice-versa? My site addresses a lot of the same
    topics as yours and I feel we could greatly benefit from each other.
    If you are interested feel free to send me an e-mail.

    I look forward to hearing from you! Superb blog by
    the way!

  8. best web hosting company

    Having read this I thought it was very enlightening.
    I appreciate you spending some time and energy to put this
    information together. I once again find myself personally spending way too much time both reading and commenting.
    But so what, it was still worthwhile!

  9. web hosting sites

    Have you ever thought about creating an e-book or guest authoring on other websites?
    I have a blog centered on the same ideas you discuss and
    would love to have you share some stories/information.
    I know my viewers would enjoy your work. If you’re even remotely interested, feel free to
    shoot me an e mail.

  10. best web hosting company

    Just desire to say your article is as astounding.
    The clarity in your post is simply excellent and that i can assume you are knowledgeable on this subject.
    Well along with your permission let me to seize your RSS feed
    to keep up to date with imminent post. Thanks 1,
    000,000 and please keep up the gratifying work.

  11. cheap flights

    It’s actually very difficult in this active life to listen news on TV, thus I just use internet for that purpose, and obtain the newest information. y2yxvvfw cheap flights

  12. cheap flights

    Pretty portion of content. I simply stumbled
    upon your blog and in accession capital to claim that I acquire in fact loved account your blog posts.
    Anyway I’ll be subscribing for your feeds and even I fulfillment you get right of entry to constantly rapidly.

    cheap flights 3gqLYTc

  13. website hosting services

    Does your site have a contact page? I’m having a tough time locating it
    but, I’d like to send you an e-mail. I’ve got some
    creative ideas for your blog you might be interested in hearing.
    Either way, great blog and I look forward to seeing it
    improve over time.

  14. cheap flights

    I’m really enjoying the design and layout of your website.

    It’s a very easy on the eyes which makes it much more enjoyable for me to come here and
    visit more often. Did you hire out a designer to create your
    theme? Outstanding work! cheap flights yynxznuh

  15. cheap flights

    Its such as you read my thoughts! You appear to understand a lot
    about this, like you wrote the book in it or something.
    I feel that you could do with a few p.c. to drive the
    message home a little bit, but instead of that, that
    is fantastic blog. A great read. I’ll certainly be back.

  16. black mass

    Sweet blog! I found it while searching on Yahoo News.

    Do you have any tips on how to get listed in Yahoo
    News? I’ve been trying for a while but I never seem
    to get there! Many thanks

  17. website host

    Appreciating the time and energy you put into your website and detailed information you
    offer. It’s good to come across a blog every once in a while that isn’t
    the same outdated rehashed material. Wonderful
    read! I’ve saved your site and I’m adding your RSS feeds to my Google account.

  18. best web hosting 2020

    Can I simply just say what a comfort to discover someone who truly knows what they are
    discussing on the net. You certainly realize how to bring a problem to light and make it
    important. A lot more people have to read this and understand this side
    of your story. I can’t believe you’re not more popular given that you most certainly have the gift.

Leave a Reply

Your email address will not be published.