Internet users face the risk of losing their Internet connections on 5 May when the domain name system switches over to a new, more secure protocol.

So what is DNSSEC?

DNSSEC adds digital signatures to normal DNS queries, substantially reducing the risk of falling victim to man-in-the-middle attacks such as the Kaminsky exploit, which caused widespread panic in July 2008.

The standard is currently being rolled out cautiously to the internet's DNS root servers. In May, when all 13 roots are signed, anybody with an incompatible firewall or ISP will know about it, because they won't be able to find websites or send email.

You can test whether your current DNS resolver is capable of handling DNSSEC, by following the instructions at DNS-OARC or running a Java app that can be downloaded from RIPE.

Home users using residential hubs should not panic if these tests return scary results. According to Mitchell, it currently only matters that the ISP supports DNSSEC. A dodgy Netgear box is not enough to kill your internet... cross fingers!

What will DNSSEC brings you?


By adding signature to DNS zone and DNS servers, you'll ensure data integrity and queris integrity, which means that DNS cache poisoning would be more than tricky to perform.

Another good point for IT, DNSSEC will allow a better spam fight, as well as SPF, it will allow to verify that you are really who pretend to be.

I have been waiting a long time for this to be release, Internet will really be cleaner after that. Soon we will enjoy a more trustable network!

More details about this can be found here

Post your comment

Submit