Strengthen your DNS Protection with DNSSEC

Domain Name System Security Extensions (DNSSEC) is a security system that helps verify the origin and integrity of data moving back and forth in a DNS resolution process. It is recommended as the best solution for preventing DNS poisoning attacks. ‍ DNS poisoning or spoofing is done when an attacker intercepts a DNS request and sends a fabricated (poisoned) response to the client. Need to protect your organization against DNS poisoning? Validate your DNS requests for better security with DNSFilter.

START YOUR 14 DAY FREE TRIAL
638fa1991c7bea0af8261b8e_Group 2762
6375481330113c0cc9ef8536_dnssec-feature-blue

How DNSSEC Works

DNSSEC prevents attackers from manipulating or poisoning the responses to DNS requests.

This is done by adding cryptographic signatures to domain name records. These signatures are then used to verify that the request for a DNS record comes from its authoritative name server and wasn’t spoofed or manipulated in the request process, or a fake record injected in a man-in-the-middle attack.

With DNSSEC, every DNS request is signed and verified to protect you from exploitation.

Getting Started with DNSSEC on DNSFilter

Taking advantage of the protective benefits of DNSSEC is easy and straightforward with DNSFilter.

DNSFilter’s main resolvers (103.247.36.36 and 103.247.37.37) have DNSSEC implemented and you can request validation in your DNS queries by using a flag in your query.

If you want DNSSEC enabled by default and enforced, you can set your DNS clients to use our 103.247.36.9, and  103.247.37.9 resolvers which have DNSSEC validation.


Avoid DNSSEC Misconfiguration

DNSSEC often gets a bad reputation in the DNS security space with reports of it being slow, unencrypted, and prone to outages. But many of the outages attributed to DNSSEC have nothing to do with DNSSEC or are caused by avoidable DNSSEC misconfigurations.

At DNSFilter, we have eliminated these DNSSEC misconfiguration issues by abstracting all the configuration overhead and providing a layer of DNSSEC that you can trust.

All you need to do is point to our DNS resolvers that are equipped with DNSSEC validation and you have all the benefits of DNSSEC on your network

636166e71b76b486826cd30e_dnssec3

Frequently Asked Questions

WHAT IS DNSSEC?

The Domain Name System Security Extensions is a security system that helps verify the origin and integrity of data moving back and forth in a DNS resolution process. Similar to how TLS/SSL works, DNSSEC uses a public/private key pair to cryptographically verify and authenticate DNS data.

DO I REALLY NEED DNSSEC?

Unfortunately, a good DNS poisoning attack will go completely unnoticed to the end user. There will be no visible differences between a real Twitter login page and the spoofed one. This allows the attacker to take advantage of the user’s ignorance to steal sensitive information. Having DNSSEC implemented (and implemented properly) will help prevent these attacks

WHAT ARE THE BENEFITS OF DNSSEC?

With DNSSEC, every DNS request is signed and verified to protect you from exploitation, protecting your brand. DNSSEC verifies the authenticity of the parties involved in a DNS request, prevents DNS cache poisoning and makes DNS data tamper-proof.