{"id":6795,"date":"2017-02-27T11:10:21","date_gmt":"2017-02-27T19:10:21","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/02\/27\/news-586\/"},"modified":"2017-02-27T11:10:21","modified_gmt":"2017-02-27T19:10:21","slug":"news-586","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/02\/27\/news-586\/","title":{"rendered":"DNSSEC: why do we need it?"},"content":{"rendered":"

Credit to Author: Pieter Arntz| Date: Mon, 27 Feb 2017 18:00:54 +0000<\/strong><\/p>\n

DNSSEC is short for Domain Name System Security Extensions. It is a set of extensions that add extra security to the DNS protocol. This is done by enabling the validation of DNS requests, which is specifically effective against DNS spoofing attacks. DNSSEC provides the DNS records with a digital signature, so the resolver can check if the content is authentic.<\/p>\n

The reason for this post was the recent SIDN report<\/a> that concluded that the DNSSEC security status in the Netherlands left a lot to be desired.\u00a0To name a few, the banking sector and the ISPs were lagging behind. Especially compared to the government sector, which has to be fully compliant by the end of 2017 and is now at a level of 59% of all domain names to be cryptographically secured and signed.<\/p>\n

Background of the report<\/strong><\/h3>\n

Included in the investigation were only .nl domains, so companies of a more international nature, that might be using other Top Level Domains (TLDs) were not included in the research. Let\u2019s hope that companies of this nature are more advanced in this regard. On a grand total of approximately 5.7 million domains 46% were signed.<\/p>\n

Additional security<\/strong><\/h3>\n

Not only is DNSSEC a\u00a0 security feature by itself, it also provides a platform for additional features like:<\/p>\n