DNSSEC

 

By Natasa Djukanovic

There’s TCP/IP, ADSL, DNS, FTP, SSL, and now, another acronym that tech people use to confuse us: DNSSEC. Though it sounds complicated, DNSSEC is actually a simple security step business owners can take to protect their website and their consumers.

Basically, DNSSEC helps protect against cyberattacks, specifically website spoofing, which can impact your SEO and business credibility.

Our websites are our online offices and we should always be working on setting up extra layers of security to make sure our office doesn’t get broken into. DNSSEC, or Domain Name System Security Extensions, is just one of them.

But first, let’s start with how a user comes to our website:

  1. She types our websites’ domain name in the browser, or clicks a google link offered as a search result.
  2. At that moment her computer sends a request for the the domain name to be translated into an IP address (IP address = a set of numbers that all computers and online devices use to uniquely identify themselves). It’s like the domain’s personal “phone number.”
  3. The set of machines that receives the request is called Domain Name System. These machines “talk” among themselves to find out which one knows the answer and can translate the domain into an IP address. They have a hierarchical relationship, something like a child asking a parent, and there is an “ultimate parent”, something like an elder, who is assigned by ICANN (the Internet Corporation for Assigned Names and Numbers, which is an organization that performs the actual technical maintenance work of the Central Internet Address).
  4. Once this structure figures out who knows the answer, the translation is made, and the user is sent to the website she wanted to visit. It all happens in hardly any time at all. (You can read more about how domain names work here.)

The problem is that an attacker may be able to hijack this request-answer process and take control. Instead of your business’s IP address, a hacker can insert their own site’s IP address as the  “phone number” for your page. As a result, the customer looking for your site will actually end up on a completely different, deceptive website, usually created with bad intentions.

This is called “DNS Spoofing” and it means that somebody wants you to go to a site you think is real and potentially type in personal data like usernames, passwords, credit card numbers, etc.. And you won’t even know the site is fake.

How do I protect the users of my website?

That’s where DNSSEC comes in. DNSSEC adds digital signatures to the information shared in the DNS. Basically, in the chain of computers and machines communicating with each other to send you to a website, each chain link must “sign” to confirm the information it’s sharing is valid and accurate. Only when every link in the chain is verified will you finally be connected to the site. This makes sure that the right domain is connected to the right IP address and your consumers aren’t redirected to a malicious page.

How do I get DNSSEC for my website?

Not tech-savvy? No problem. Domain registrars (the organization that registered your domain for you) thankfully offer a simple process of deploying DNSSEC. Usually, it requires just switching DNSSEC “ON” from your DNS Management Page.

If somebody else is handling your domain name (and managing your website) ask her or him to start using DNSSEC. DNSSEC is free of charge so it just requires your time to sign up for DNSSEC. For more info check Cloudflare or Dyn.

If you are handling your own domains, check your domain registrar. They usually offer very good explanations on how to set up DNSSEC and occasionally offer DNSSEC support to aid the process.

Is DNSSEC the only security step I need?

Unfortunately, no. DNSSEC is used to make sure that our user connects to our actual site just as intended, but it’s not the only-stop solution for all security problems. Unfortunately, we are wired in such a way that we often only realize how important security is once it’s too late. Don’t wait — take the steps to protect your website and your consumers now. Make your passwords bulletproof, start using SSL on your website and adopt DNSSEC for your domains. It’s time for both big and small businesses alike to make cyber security a priority in 2018.

Natasa Djukanovic is the CMO of Domain.ME, the international tech company that operates the internet domain “.ME.” She’s spent her entire career at the intersection of social media, leadership and technology, and is constantly trying to figure out the secret to being in three different places at the same time.

DNSSEC stock photo by Profit_Image/Shutterstock