Briefly about DNSSEC - what it is, why you need it and how to enable it

17.10.18 IT / Safety 2707

With the development of technology, the methods of interception of information by intruders are also developing. Not so long ago, the problem of replacing the content of sites began to appear en masse. To address this vulnerability, a new domain protection technology, DNSSEC, was invented.

What is DNSSEC ? It is a set of extensions to the IETF DNS protocol, a domain zone signing mechanism that ensures that the user receives data from the original source. After all, the fact that the user types the address in the browser line does not guarantee that he will receive data from this particular domain. Since, for example, you can use the host file and assign a completely different ip-address to this domain - as a result of which a completely different content will be displayed, unlike the original. But DNS spoofing does not necessarily occur on the side of the user's PC; it is also possible on the side of third-party servers and data transmission channels.

Why DNSSEC ? The answer is simple, this technology will not allow forging requests to the domain and spoofing data. It ensures that the user, by typing the address in the browser, receives data from the true owner of the domain, and not from any third party.

How do I enable DNSSEC ? This option is usually provided by the domain name registrar and is likely to come with a fee. The cost is unlikely to be high, so it's worth installing DNSSEC for all domains. The registrar will most likely enable this option without delay and configure whatever is required.

Thus, we have briefly covered DNSSEC technology. But this information will be enough to understand that this technology is simply necessary for the security of any site and must be enabled as early as possible.