DNSSEC (Domain Name System Security Extensions) is the name given to security extensions to the DNS (Domain Name System) protocol conceived to protect and authenticate DNS traffic.
These extensions validate the data through digital signatures, making use of asymmetric cryptography technology to ensure the authenticity and integrity of information exchanged between DNS servers and between these and the user’s applications.
The security mechanisms provided in DNSSEC are complementary and transparent for the user, and therefore do not interfere with the normal functioning of the DNS protocol.
The DNSSEC extensions aim to improve user trust in the services provided, namely:
– Suppressing the DNS protocol’s fragilities;
– Preventing man-in-the middle and cache poisoning type attacks;
– Reducing the risk of information manipulation;
– Reinforcing the system’s reliability.
Security threats and awareness of this reality have been a prime concern of the entities responsible for this matter so the demand for solutions that ensure a safer environment in the service and network is a global importance among experts.
Following international developments, the conditions for adopting this security mechanism within the DNS community have been gradually created and there is already a considerable number of TLDs (Top Level Domains) that already make this mechanism available to their users and in July 2010 the Root (or root server) was signed, which then enabled the DNSSEC chain of trust to be propagated throughout the entire DNS hierarchical structure, simplifying the entire process.
In order to gain full benefit from this service, it must be implemented by all the parties, from the root to the ISPs (Internet Service Providers), domain technical operators, applications and operating systems, this way is it possible that this service reaches the end users.