SecuMail-Blog

  1. Home
  2. Uncategorized
  3. WorNet secures domains with DNSSEC

WorNet secures domains with DNSSEC

18. July 2016
By

Can your domain DNSSEC? Quickly checked:
http://dnssec-debugger.verisignlabs.com/

DNS is one of the central systems of the Internet. All the more astonishing is the fact that DNS is still operated largely unsecured. Encryption or signing in DNS? Not at all! For DNS, however, a standard called DNSSEC has existed for several years, which was actually supposed to provide security. With DNSSEC, this is done with the help of cryptographically signed DNS records. The key chain must be consistent from all name servers involved in a DNS recursion to the trust anchor at the top-level registrars, so that the recipient can clearly validate the origin of DNS responses. Until now, DNS queries can be intercepted and modified at will without DNSSEC. This could allow an attacker to redirect e-mails or HTTP requests to another server, for example by manipulating DNS packets. This signing now prevents unnoticed changes to the DNS contents.

What is surprising is the low prevalence of DNSSEC protected domains at this point in time. This is also due to the fact that most providers do not yet support DNSSEC at all and or have only recently started dealing with the topic.

WorNet has now taken this step and prepared its name servers for DNSSEC. From now on, we also offer every domain in signed form. A migration of existing domains is also possible. Our DNS resolvers also verify responses from DNSSEC zones.

WorNet starts with the domain of the spam and virus filter SecuMail®. Domain secumail.de has been equipped with DNSSEC since July 2016. More domains will follow.

Contact us: 08171-418090 / support@wor.net!
Our support team will be happy to answer your questions about DNSSEC.

By the way, DNSSEC is also a prerequisite for a technology called DANE (DNS-based Authentication of Named Entities). This is an extension of TLS encryption, e.g. for e-mail transport – another current topic at SecuMail.

IT remains exciting!

Greetings
Hannes Wilhelm

 

Sources:
http://www.heise.de/netze/artikel/Domain-Name-System-absichern-mit-DNSSEC-903318.html
http://www.heise.de/thema/DANE
https://de.wikipedia.org/wiki/Domain_Name_System_Security_Extensions
https://de.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities
http://blog.wor.net/2015/09/02/secumail-lernt-dane/

Tags:
GDPR Cookie Consent with Real Cookie Banner