DNSSEC: Complex, But Important for Internet Security
Sean Leach | Jan 27, 2012If I could describe DNSSEC in one word, it would be "important." Another word that often describes it though is "complex."
What is DNSSEC and why is it so important and complex? Well, DNS, as you may know, is a little known (but absolutely critical) technology. It enables connections on the Internet by translating the better known domains we all use to the IP addresses that get us to the pages we want. Without DNS, the Internet doesn't work. Cryptography has a similar lack of visibility, but is also absolutely critical. When you mash the two of them together, you get Domain Name Security Extensions, commonly called DNSSEC.
DNSSEC provides a manner of guaranteeing that an answer from the global DNS is the correct answer - which as you can imagine is pretty important (i.e. if I type in the domain for my bank's website, I sure hope the IP address my browser goes to is of the intended bank, not some nefarious middle man trying to steal my data. This is what DNSSEC helps solve). I say DNSSEC is complex because there are terms associated with it like "zone signing," "key rollover," "algorithm strength," "data enumeration," etc. That's a LOT of terms to know just to be able to have a secure domain.
Read more
