What is DNS? DNS or the Domain Name System can be seen as the telephone book of the internet, this gives you the directions to how you can contact people. It does this by turning phone numbers in to human readable names. It’s easier to remember a name rather then a phone number when you are looking up a person in the phone book.
The same principle applies on the internet for communication between computers, the difference is that on the internet the phone numbers is called an IP address and the human readable name is called hostnames or domain names.
Say you want to visit the local newspapers website, and say this website has an IP address of
18.104.22.168, this is in reality unpractically for most people to remember these numbers.
Thus the Domain Name System, in simple terms it binds the IP address to a more human readable name such as newspaper.com, that is a lot easier to remember. It can be seen more or less like adding a new friend in the contact list on your phone, where you save your friends name with the phone number, which makes it easier to look up later. This is the Domain Name System in simple terms.
So what has DNSSEC got to do with this?
As we now know the DNS is the phone book of the internet and gives computers instructions on how to send or receive information. Unfortunately, the DNS or the phone book allows each and every address given to it, no questions asked. This can can cause great concern around the security of the Domain Name System infrastructure.
For instance attackers or fraudsters can intrude vulnerability by performing a spoofing attack, a so called “man in the middle attack”, where the fraudsters becomes a man between the name server and your client or computer.
By giving the wrong information to the name server (the store of all DNS records, similar to your contact list), the fraudster can exploit the user by modifying the IP address for instance the local newpaper.com site, by changing IP from
22.214.171.124 to for instance
126.96.36.199 and the website the fraudsters is pointing you to, may look just like the real one (that’s the intention), but may contain fraudulent content and may be used to steal credit card information or sensitive information.
This is where the DNSSEC comes in handy, this will add a layer of security on top of the name server by using encrypted signatures on DNS requests, and this assures that the user receives a correct answer from the name server and checks that the answer hasn’t been altered a long the way.
When a domain or hostname is secured with DNSSEC every request is signed with a encrypted signature, and if the computer receives an incorrect answer the request gets rejected, as a result the user avoids landing on fraudulent websites.
DNSSEC secures one of the small puzzles which constitute the internet.