(this article got auto-translated from french language)
The arrival of DNSSEC and its democratization have made it possible to correct many weaknesses of DNS.
What is DNS and what is it used for?
To simplify, the DNS is a system of resolution , of translation between domain names and IP addresses.
This protocol is used everywhere, all the time, on all possible equipment. It allows us to consult a site without having to know the exact IP address of the machine hosting the site. It is also used to facilitate the exchange of data such as emails for example. It is therefore one of the cornerstones of the Internet.
Invented in the 1980s, this protocol encounters a few weaknesses that allow an insider attacker to usurp this resolution and therefore send a user a bad IP address, and therefore a bad server. This type of attack is mainly used for industrial espionage and phishing. In 2008, for example, an attacker hacked the cache of the DNS servers of AT&T (ISP in the USA) and redirected a large number of users to a fake Google site.
What is DNSSEC, this extended DNS protocol?
Since 2010, the arrival of DNSSEC and its democratization have made it possible to correct many weaknesses of DNS .
This tool, which is still not very democratized, is nevertheless an important lever for all organizations wishing to protect their domain name.
This protocol works on a principle of signature quite similar to the certificates installed on Internet sites. Its apparent complexity largely contributed to a slow implementation. And only big internet players and DNS experts could easily set it up.
But for a few years now this is no longer the case. Its installation was facilitated by practical tools and integrations in many products (Android, Windows, etc.). Giants like Google, Cloudflare or Microsoft are now using it massively.
Why do I need to enable the DNSSEC security extension?
Through this short post on its blog , Cyrès would like to remind you of its interest and its permanent involvement in securing communications between its customers (website, emails, etc.) and their correspondents.
We therefore advise our customers with a "DNS" service contract to request the activation of DNSSECon their domains free of charge. We are of course available to advise and answer your questions regarding the impact of this implementation.
To go further, you can consult these additional documents: