DNS Security Extensions (DNSSEC) is a technology that was developed in 2005 to protect against DNS cache poisoning attacks. DNS cache poisoning is the act of forcing information into a DNS cache. In this type of attack, DNS queries return a crafted response and users are directed to websites directed by the attacker. DNS cache poisoning attacks are also known as DNS spoofing attacks.
DNSSEC technology mitigates these attacks by digitally signing DNS data to guarantee the DNS response is valid. Similar to HTTPS technology (SSL or TLS), DNSSEC uses cryptographic signatures and it authenticates the validity of the DNS answer and the identity of the signer. DNSSEC records are published in the DNS enabling recursive resolvers or clients to validate these digital signatures.
Securd Protection supports DNSSEC by performing validation on queries sent from Securd DNS resolvers to upstream authoritative servers. As a Securd customer, you can access the Internet with confidence that Securd Protection is defending your organization from any cache poisoning or DNS spoofing attacks.