By translating domain names into IP addresses, the Domain Name System (DNS) makes client-server communication possible and is crucial for the operability of the Internet.
Over time, the DNS has yielded vulnerabilities that allow hijackers to sneak into sessions and deceive users into giving their secure details to fake websites, for example.
This has called for the introduction of the DNSSEC technology so that this part of the Internet’s infrastructure can be made secure. In line with the global end-to-end deployment trend, we’re welcoming DNSSEC on our platform as well.
How do DNS lookups work?
DNSSEC, short for Domain Name System Security Extensions, is designed to address the security glitches in the DNS lookup process.
To get a better idea of DNSSEC, let’s see how the DNS lookup process works first:
1. When a user types the address of a site (for example, WWW.DOM.COM) in their browser, a request for more details on .COM is being sent to the root zone.
2. With that information at hand, a new request is sent to the .COM zone, this time for details on DOM.COM.
3. Finally, the DOM.COM zone is queried for WWW.DOM.COM’s IP address. Your browser will then receive a response, which will contain that address.
The scheme below offers a visual overview of the DNS lookup steps described above:
Each of these zones is managed by different entities: the root zone is managed by ICANN, .COM (or any other TLD) is administered by a domain registry (in our case this is VeriSign) and DOM.COM is managed by a domain registrar like LiquidNet, for example.
Why is DNSSEC necessary?
A few years ago, a decades-old vulnerability in the DNS lookup process re-surfaced.
Experts in cyber security found out that the Domain Name System cannot fully guarantee the validity and integrity of the data sent in response to a DNS query, because it doesn’t actually check for credentials when a DNS lookup is being performed.
Hijackers can use this vulnerability to sneak through the DNS lookup process and take control of a session in order to exploit it for their own phishing purposes.
This is where the DNSSEC security protocol kicks in.
Ready to order? Visit Evostrix Today: