DNSSEC

Vulnerabilities of DNS

DNS is a system that converts domain names into IP addresses. You need DNS to surf on the net and to send e-mails, as well as for telephony, sending and receiving files, etc. The problem is that DNS is an unprotected protocol. The messages exchanged are not encrypted and the origin of the reply cannot be retrieved.

internet criminals can poison a domain name server’s temporary memory (cache) with false information, causing domain names to no longer be linked to correct IP addresses. One might think he or she is communicating with someone, whereas in reality the messages are being sent by someone completely different.

DNSSEC (Domain Name System Security Extensions) is a security extension to the existing DNS protocol: it is designed to stop criminals from diverting internet users to forged websites.

How can DNSSEC protect against malicious activity?

A digital signature is attached to all DNS details for the domain name. When a user looks up a domain name (e.g. when entering a URL in a browser or sending an e-mail), the resolver uses a set of keys to check the signature on the response.

DNSSEC makes DNS more secure, but it is not a cure for every ill. It cannot prevent abuses such as typo squatting or phishing, for example.

In August 2010 the .be zone was signed with DNSSEC. This means a digital signature and a public key are attached to the zone file.

Registrars

On 30 September 2010 DNSSEC has become fully operational for .be. DNS Belgium tries to convince as many registrars as possible to join in the DNSSEC story.

Registrants

.be registrants can protect their domain name via their registrar with DNSSEC.
Just like an SSL certificate and an https link, DNSSEC is an additional link in a website’s security chain.

Internet users

There is little change for the time being for internet users. Belgian ISPs are still not using DNSSEC validation on their nameservers.  However, we are gradually seeing more and more companies using the verification on their own infrastructure.
So caution is still the order of the day when visiting websites.

 

phishing

Tricksters lure you to a fake website that is a copy of a real one. They then get you to log in with your user name, password and credit card number. Once you’ve done that, the fraudster has your details.

registrar

Is the entity that registers a domain name for a company, organization or person. Next to the “resale” of web addresses registrars can also offer hosting services, web design... 

Browser

program that makes it possible to access and read web pages. Internet Explorer, Google Chrome, Mozilla Firefox and Safari are some well-known browsers.

DNS

Domain Name System or Domain Name Server. The global DNS is the system and protocol used on the internet to translate domain names into IP addresses and vice versa. 

DNSSEC

(Domain Name System Security Extensions) is a security extension to the existing DNS protocol: it is designed to stop criminals from diverting internet users to forged websites.

Questions?

Be sure to check out our FAQ pages!

Total domain names