Domain Name System Security Extensions

Jump to: navigation, search

DNSSEC (aka DNS Security Extensions) enhances security of the Domain Name System. In other words, The Domain Name System Security Extensions (DNSSEC) endeavors to supplement the security provision, while retaining backwards compatibility.

It was devised to safeguard Internet resolvers (clients) from counterfeited DNS data, such as that created by DNS cache annihilation. It is a set of extensions to DNS, which delivers to DNS clients:

- Generate authentication to DNS data

- Data integrity (but not accessibility or concealment)

- Genuine repudiation of existence.

Some of the key benefits of Domain Name System Security Extensions are:

Keeping the domain name system secured is one of the most significant part of security of the Internet infrastructure in whole. When appropriately maintained, DNSSEC covered zones offer an additional level of security by averting man-in-the-middle attacks or intrusions. Any client with DNSSEC-alert resolver will not be at risk from DNS hoaxing. Your customers who are not much aware about DNSSEC will not see any contrary effect. Just that they won’t get the security, they’ll carry on accessing your domain name just as they always do. Hence, if the domain name uses DNSSEC, then your websites and email addresses will be more protected on the Internet.


1. Domain Name System Security Extensions - Wikipedia, the free encyclopedia