Recently, you might have an uptick in Denial of Service attacks or problems with root domain servers. DNS, while the backbone of the internet, was always easy to spoof with man-in-the-middle attacks and other exploits. To reduce the effects of these exploits, smart people in the industry created a standard to help secure DNS through a bolt-on security framework called DNSSEC.
Basically, DNSSEC enables an organization with DNS servers to vouch for a DNS entry that it serves to a requestor by signing it. This is similar to new standards for other early unencrypted Internet protocols communications, like DKIM for email. Using DNSSEC is like DKIM in that a provider publishes their signature in a separate DNS entry that can be queried by a DNSSEC aware client. Clients in this way guard themselves against false DNS entries seeking to exploit them.
MxToolbox wants to make it easier for you to keep up on the latest security and networking standards, so we’ve created a suite of tools to help you with DNSSEC. Check them out:
- DS – identifies the Delegation Signers (DS) for the specified domain
- DNSKEY – returns the DNSSEC records for a domain
- IPSECKEY – returns the public key that resolvers can use to secure data at the IP layer using IPSEC
- NSEC3PARAM – used by authoritative DNS servers to calculate and determine which NSEC3-records
- NSEC – identifies the next secure (NSEC) record for the specified domain
- RRSIG – identifies the Resource Record Signatures for the specified domain
Let us know how you like these tools! Email us at feedback.