Strengthen your DNS Protection with DNSSEC
How DNSSEC Works
DNSSEC prevents attackers from manipulating or poisoning the responses to DNS requests.
This is done by adding cryptographic signatures to domain name records. These signatures are then used to verify that the request for a DNS record comes from its authoritative name server and wasn’t spoofed or manipulated in the request process, or a fake record injected in a man-in-the-middle attack.
With DNSSEC, every DNS request is signed and verified to protect you from exploitation.
Getting Started with DNSSEC on DNSFilter
Taking advantage of the protective benefits of DNSSEC is easy and straightforward with DNSFilter.
DNSFilter’s main resolvers (220.127.116.11 and 18.104.22.168) have DNSSEC implemented and you can request validation in your DNS queries by using a flag in your query.
If you want DNSSEC enabled by default and enforced, you can set your DNS clients to use our 22.214.171.124, and 126.96.36.199 resolvers which have DNSSEC validation.
Avoid DNSSEC Misconfiguration
DNSSEC often gets a bad reputation in the DNS security space with reports of it being slow, unencrypted, and prone to outages. But many of the outages attributed to DNSSEC have nothing to do with DNSSEC or are caused by avoidable DNSSEC misconfigurations.
At DNSFilter, we have eliminated these DNSSEC misconfiguration issues by abstracting all the configuration overhead and providing a layer of DNSSEC that you can trust.
All you need to do is point to our DNS resolvers that are equipped with DNSSEC validation and you have all the benefits of DNSSEC on your network
Frequently Asked Questions
WHAT IS DNSSEC?
The Domain Name System Security Extensions is a security system that helps verify the origin and integrity of data moving back and forth in a DNS resolution process. Similar to how TLS/SSL works, DNSSEC uses a public/private key pair to cryptographically verify and authenticate DNS data.
DO I REALLY NEED DNSSEC?
Unfortunately, a good DNS poisoning attack will go completely unnoticed to the end user. There will be no visible differences between a real Twitter login page and the spoofed one. This allows the attacker to take advantage of the user’s ignorance to steal sensitive information. Having DNSSEC implemented (and implemented properly) will help prevent these attacks
WHAT ARE THE BENEFITS OF DNSSEC?
With DNSSEC, every DNS request is signed and verified to protect you from exploitation, protecting your brand. DNSSEC verifies the authenticity of the parties involved in a DNS request, prevents DNS cache poisoning and makes DNS data tamper-proof.