Why is DNSSEC Important?
DNS powers pretty much everything. Every time you visit a website, it’s DNS that gets you from that nice and simple <whatever>.com to the actual website. Now imagine that a hacker has gotten between you and the internet. They confuse DNS and instead of ending up a the <whatever>.com you expected, now you’re seeing a website built by the hacker.
The whole process is far more complicated with recursive name servers, authoritative name servers and root name servers. The point is, a smart attacker can get in the middle and poison DNS entries, redirecting visitors to their version of the website.
We can avoid this by using the Domain Name System Security Extensions (DNSSEC). This is a complicated, multi-layer encryption process that allows DNS servers to verify that the information they received is actually from the authoritative server for that zone.
Setting up DNSSEC is not trivial. It requires generating an encryption key pair on the local authoritative name servers (ours) and submitting the correct key pair to the domain registrar who sends it up to the root servers. For proper security, these keys should be rotated annually.
At The Genuine Host, we will manage this entire process for you. Generating the keys, submitting them and rotating them. As an MSP, your clients rely on you to keep them and their customers safe. DNSSEC is another important and often overlooked link in that security chain.