DNS Security Extensions (DNSSEC) is a technology that was developed in 2005 to protect against DNS cache poisoning attacks. DNS cache poisoning is the act of forcing information into a DNS cache. In this type of attack, DNS queries return a crafted response and users are directed to websites directed by the attacker. DNS cache poisoning attacks are also known as DNS spoofing attacks.
DNSSEC technology mitigates these attacks by digitally signing DNS data to guarantee the DNS response is valid. Similar to HTTPS technology (SSL or TLS), DNSSEC uses cryptographic signatures and it authenticates the validity of the DNS answer and the identity of the signer. DNSSEC records are published in the DNS enabling recursive resolvers or clients to validate these digital signatures.
DigitalStakeout Securd supports DNSSEC by performing validation on queries sent from DigitalStakeout Securd DNS resolvers to upstream authoritative servers.
As a DigitalStakeout Securd customer, you can access the Internet with confidence that DigitalStakeout Securd is defending your organization from any cache poisoning or DNS spoofing attacks.