DNSSEC
Vulnerabilities of DNSDNS is a system that converts domain names into IP addresses. You need DNS to surf on the net and to send e-mails, as well as for telephony, sending and receiving files, etc. The problem is that DNS is an unprotected protocol. The messages exchanged are not encrypted and the origin of the reply cannot be retrieved.
Internet criminals can poison a domain name server’s temporary memory (cache) with false information, causing domain names to no longer be linked to correct IP addresses. One might think he or she is communicating with someone, whereas in reality the messages are being sent by someone completely different.
DNSSEC (Domain Name System Security Extensions) is a security extension to the existing DNS protocol: it is designed to stop criminals from diverting internet users to forged websites.
How can DNSSEC protect against malicious activity?
A digital signature is attached to all DNS details for the domain name. When a user looks up a domain name (e.g. when entering a URL in a browser or sending an e-mail), the resolver uses a set of keys to check the signature on the response.
DNSSEC makes DNS more secure, but it is not a cure for every ill. It cannot prevent abuses such as typo squatting or phishing, for example.
In August the .be zone was signed with DNSSEC. This means a digital signature and a public key are attached to the zone file.
Registrars
On 30 September 2010 DNSSEC has become fully operational for .be. DNS.be tries to convince as many registrars as possible to join in the DNSSEC story. We organise training sessions and provide documentation for registrants.
Registrants
For the internet user nothing will change at the moment. They still need to pay close attention to any website they visit. .be registrants, on the contrary, can already register their DNSSEC signed domain name through their registrar.
Internet criminals can poison a domain name server’s temporary memory (cache) with false information, causing domain names to no longer be linked to correct IP addresses. One might think he or she is communicating with someone, whereas in reality the messages are being sent by someone completely different.
DNSSEC (Domain Name System Security Extensions) is a security extension to the existing DNS protocol: it is designed to stop criminals from diverting internet users to forged websites.
How can DNSSEC protect against malicious activity?
A digital signature is attached to all DNS details for the domain name. When a user looks up a domain name (e.g. when entering a URL in a browser or sending an e-mail), the resolver uses a set of keys to check the signature on the response.
DNSSEC makes DNS more secure, but it is not a cure for every ill. It cannot prevent abuses such as typo squatting or phishing, for example.
In August the .be zone was signed with DNSSEC. This means a digital signature and a public key are attached to the zone file.
Registrars
On 30 September 2010 DNSSEC has become fully operational for .be. DNS.be tries to convince as many registrars as possible to join in the DNSSEC story. We organise training sessions and provide documentation for registrants.
Registrants
For the internet user nothing will change at the moment. They still need to pay close attention to any website they visit. .be registrants, on the contrary, can already register their DNSSEC signed domain name through their registrar.