Donate
‹ Back
Building Trust 1 October 2017

DNSSEC

The Domain Name System (DNS), the Internet’s addressing system, is the most critical component of the Internet infrastructure. As with the majority of internet services, the DNS was not securely designed.  As a result, it is vulnerable to man-in-the-middle (MITM) attacks and cache poisoning. These threats use forged data to redirect Internet traffic to fraudulent sites and unintended addresses.

Domain Name System Security Extension (DNSSEC) adds security to the DNS. It is designed to help address MITM attacks and cache poisoning by authenticating the origin of DNS data and verifying its integrity while moving across the Internet. DNSSEC is an Internet Engineering Task Force (IETF) set of specifications that secures communication between DNS name servers and clients.  

DNSSEC mitigates the risk of customers becoming the unwitting victims of cyber crimes when they attempt to access a resource. It is vital for organizations with a large online presence, e-commerce operations, and high-value brands. DNSSEC increases trust for a multitude of Internet activities, including e-commerce, online banking, email, VoIP, and online software distribution. The more widely it’s deployed, the greater the benefits of DNSSEC for the global Internet community.

When DNSSEC is used in conjunction with other best practices including use of Extended Validation Secure Sockets Layer (SSL) certificates, Email Authentication and a comprehensive data stewardship and a data loss readiness plan, users and online brands protection from online threats can be maximized.  

Resources

‹ Back

Related articles

State of DNSSEC Deployment 2016
State of DNSSEC Deployment 2016
Domain Name System (DNS)31 December 2016

State of DNSSEC Deployment 2016

This report provides a snapshot of the state of deployment of DNSSEC as of the end of 2016. Please download the...

Deployment Guide: DNSSEC for Internet Service Providers (ISPs)
Deploy36011 November 2013

Deployment Guide: DNSSEC for Internet Service Providers (ISPs)

An Internet Service Provider needs to offer high value while containing costs. One way to increase your services' value is...

The Two Sides of DNSSEC – Signing and Validation
Domain Name System Security Extensions (DNSSEC)5 August 2014

The Two Sides of DNSSEC – Signing and Validation

There are two sides of DNSSEC, Signing and Validation, that together provide the increased level of security offered by DNSSEC...

Join the conversation with Internet Society members around the world