Home Business IT Networking "Huge News" - Google offers DNSSEC validation

Subscribe now and get the news that matters to your industry.

* Your Email Address:
* First Name:
* Last Name:
Industry:
Job Function:
Australian State:
Country:
Email marketing by Interspire
weebly statistics

Google's announcement that its public DNS service now performs DNSSEC validation has been hailed as "a huge step forward for Internet security" by the Internet Society.

The Domain Name System (DNS) was not designed with security in mind and is open to a number of attacks that can route requests for a web site to a spurious site masquerading as the genuine article.

DNSECC (Domain Name System Security Extensions) was designed to prevent these attacks but relies on both the site supporting DNSSEC and the name servers used to access that site being able to perform DNS validation.

End users generally use name servers provided by their ISP, and some of these support DNS validation, but it is also possible to use public name servers such as those operated by Google, and many do. According to Google "Google Public DNS is serving more than 130 billion DNS queries on average (peaking at 150 billion) from more than 70 million unique IP addresses each day."

Google's support for DNSSEC was announced in a posting on Google's security blog http://googleonlinesecurity.blogspot.nl/2013/03/google-public-dns-now-supports-dnssec.html this week by Yunhong Gu, team lead, Google Public DNS. "With this new security feature, we can better protect people from DNS-based attacks and make DNS more secure overall by identifying and rejecting invalid responses from DNSSEC-protected domains," Gu said.

However he added that implementation of DNSSEC is still low. "Only 7% of queries from the client side are DNSSEC-enabled and about 1% of DNS responses from the name server side are signed. Overall, DNSSEC is still at an early stage and we hope that our support will help expedite its deployment.

"Effective deployment of DNSSEC requires action from both DNS resolvers and authoritative name servers. Resolvers, especially those of ISPs and other public resolvers, need to start validating DNS responses. Meanwhile, domain owners have to sign their domains. Today, about 1/3 of top-level domains have been signed, but most second-level domains remain unsigned. We encourage all involved parties to push DNSSEC deployment and further protect Internet users from DNS-based network intrusions."

The ISOC web site provides details on how users can configure their systems to use Google's DNS servers. It also notes that another step is required. Applications, mainly browsers, requesting an IP address must request DNSSEC validation.

At present off-the-shelf browsers do not do so, but ISOC also provides details of plug ins for Chrome and Firefox that provide this function.

PROTECT YOURSELF AGAINST BANDWIDTH BANDITS!

Don't let traffic bottlenecks slow your network or business-critical apps to a grinding halt. With SolarWinds Bandwidth Analyzer Pack (BAP) you can gain unified network availability, performance, bandwidth, and traffic monitoring together in a single pane of glass.

With SolarWinds BAP, you'll be able to:

• Detect, diagnose, and resolve network performance issues

• Track response time, availability, and uptime of routers, switches, and other SNMP-enabled devices

• Monitor and analyze network bandwidth performance and traffic patterns.

• Identify bandwidth hogs and see which applications are using the most bandwidth

• Graphically display performance metrics in real time via dynamic interactive maps

Download FREE 30 Day Trial!

CLICK TO DOWNLOAD!

ITWIRE SERIES - IS YOUR BACKUP STRATEGY COSTING YOU CLIENTS?

Where are your clients backing up to right now?

Is your DR strategy as advanced as the rest of your service portfolio?

What areas of your business could be improved if you outsourced your backups to a trusted source?

Read the industry whitepaper and discover where to turn to for managed backup

FIND OUT MORE!

Stuart Corner

 

Tracking the telecoms industry since 1989, Stuart has been awarded Journalist Of The Year by the Australian Telecommunications Users Group (twice) and by the Service Providers Action Network. In 2010 he received the 'Kester' lifetime achievement award in the Consensus IT Writers Awards and was made a Lifetime Member of the Telecommunications Society of Australia. He was born in the UK, came to Australia in 1980 and has been here ever since.

Connect