Why Does DNS Security Matter?

Why Does DNS Security Matter? [Archived]

OUT OF DATE?

Here in the Vault, information is published in its final form and then not changed or updated. As a result, some content, specifically links to other pages and other references, may be out-of-date or no longer available.

There are few things more important to the operation of the Internet than the Domain Name System (DNS.) Internet users rely on the DNS to identify the names of websites they want to visit, but browsers communicate with websites via their IP addresses. IP addresses are displayed as a series of numbers separated by dots.  DNS is important because it links the domain name to the IP. And while DNS is invaluable to the Internet community, it is not without vulnerability. When it was created, the Internet was a much smaller and safer place, so there was little security in mind. As the Internet has grown, malicious actors have found weaknesses in the DNS system. Internet criminals can exploit these weaknesses and are capable of creating false DNS records. These fake records can trick users into visiting fake websites, downloading malicious software, or worse. Thus, DNSSEC was created to save the day.

What is DNSSEC and why is it important?

DNSSEC (Domain Name System Security) is a security system that protects Internet clients from counterfeit DNS data. It does this by verifying digital signatures embedded in the data. This allows users to validate that the DNS records they receive came from the correct source.

If a website is not DNSSEC-enabled an attacker could identify this vulnerability and take over or redirect the domain name in their favor. Could you imagine the embarrassment your company would face if your employees and/or customers could not access your website due to an attack? Even worse, if something like an online banking system was corrupted? These are serious issues that companies must face, and securing DNS is critical to ensuring online safety.

How can ARIN help me secure my reverse zones?

So now we all know the importance of securing DNS using DNSSEC for your websites. However, you may not realize that once you are DNSSEC-enabled, ARIN offers services that allow you to also secure your reverse zones. Reverse DNS, or reverse resolution, is a system that provides a name when a user or device initially provides an IP address. This can be helpful during network troubleshooting/testing, checking domain names for suspicious information, or screening spam groups who forge domain information.

We offer two ways to secure reverse DNS: using the ARIN Online web-interface or via our Reg-RWS (Registration RESTful Web Service.) It’s very easy to use ARIN Online to quickly secure a reverse DNS zone once you have signed your zones locally. Reg-RWS provides a secure and efficient method for interacting with ARIN’s database via programmatic interface, and may be a more convenient way of enabling DNSSEC for those who manage a lot of IP address space.

Full instructions for how to secure your reverse zone using ARIN Online or Reg-RWS can be found on our DNS and DNSSEC resource page.

Without securing DNS, you are leaving your organization vulnerable to attack. Enable DNSSEC and secure your reverse zone using our online services today.

OUT OF DATE?

Here in the Vault, information is published in its final form and then not changed or updated. As a result, some content, specifically links to other pages and other references, may be out-of-date or no longer available.