The Domain Name System (DNS), the Internet’s addressing system, is the most critical component of the Internet infrastructure. As with the majority of internet services, the DNS was not securely designed. As a result, it is vulnerable to man-in-the-middle (MITM) attacks and cache poisoning. These threats use forged data to redirect Internet traffic to fraudulent sites and unintended addresses.
Domain Name System Security Extension (DNSSEC) adds security to the DNS. It is designed to help address MITM attacks and cache poisoning by authenticating the origin of DNS data and verifying its integrity while moving across the Internet. DNSSEC is an Internet Engineering Task Force (IETF) set of specifications that secures communication between DNS name servers and clients.
DNSSEC mitigates the risk of customers becoming the unwitting victims of cyber crimes when they attempt to access a resource. It is vital for organizations with a large online presence, e-commerce operations, and high-value brands. DNSSEC increases trust for a multitude of Internet activities, including e-commerce, online banking, email, VoIP, and online software distribution. The more widely it’s deployed, the greater the benefits of DNSSEC for the global Internet community.
When DNSSEC is used in conjunction with other best practices including use of Extended Validation Secure Sockets Layer (SSL) certificates, Email Authentication and a comprehensive data stewardship and a data loss readiness plan, users and online brands protection from online threats can be maximized.