DNSSEC What is it? Do I need it?


To reach another person on the Internet you have to type an address into your computer - a name or a number. That address has to be unique so computers know where to find each other.ÂWithout DNS we wouldn't have one global Internet. When typing a name, that name must be first translated into a number by a system before the connection can be established. That system is called the Domain Name System (DNS) and it translates names like www.sbd.net.au into the numbers – called an IP Address. This is similar to a phone book resolving names to phone numbers. How would we find out phone numbers if we didnt have a phone book, imagine finding facebook or google if there was no DNS?

Recently vulnerabilities in the Domain Name System (DNS) were discovered that allow an attacker to hijack this process of looking some one up or looking a site up on the Internet using their name. The purpose of the attack is to take control of the session to, for example, send the user to the hijacker's own deceptive web site for account and password collection.

These vulnerabilities have increased interest in introducing a technology called "DNS Security Extensions" (DNSSEC) to secure this part of the Internet's infrastructure.

DNSSEC What is it?

DNSSEC is an internet based technology that was developed to protect against attacks by digitally 'signing' data so you can be assured it is valid. However, in order to eliminate the vulnerability from the Internet, it must be deployed at each step in the lookup from root zone to final domain name (e.g. www.sbd.net.au). Signing the root (deploying DNSSEC on the root zone) is a necessary step in this overall processÂImportantly it does not encrypt data. It just attests to the validity of the address of the site you visit.

DNSSEC Will it Protect me?

DNSSEC (Domain Name System Security Extensions) is designed to protect all Internet users from forged DNS data, such as a misleading or malicious address instead of the legitimate address that was requested. Here's the difference between DNSSEC-aware and non-aware lookups.

DNSSEC So how does it improve security for the average user?

Full deployment of "DNSSEC" will ensure the end user is connecting to the actual web site or other service corresponding to a particular domain name. Although this will not solve all the security problems of the Internet, it does protect a critical piece of it - the directory lookup - complementing other technologies such as SSL (https:) that protect the "conversation", and provide a platform for yet to be developed security improvements.


Existing Customers to upgrade your Domain Name to DNSSEC click HERE (Use this form multiple times for Multiple Domains)
*There is a setup charge- but there is no increase in the charge for Network Voice and Data to manage your Domain Name DNS Services*