A Better DNS is on the way (finally!) - Tech-101 Free Computer Support

jobeard · #1 (**permalink**) 03-11-2010, 12:11 PM

According to Inforworld article by By Carolyn Duffy Marsan

The Public Interest Registry will add an extra layer of security known as DNS Security Extensions (DNSSEC) to the .org domain in June -- a move that will protect millions of non-profit organizations and their donors from hacking attacks known as cache poisoning.

Comcast launches first public U.S. trial of advanced DNS security

DNSSEC is an emerging Internet standard that prevents cache poisoning attacks by allowing Web sites to verify their domain names and corresponding IP addresses using digital signatures and public-key encryption

Quote:

Originally Posted by jobeard

While the .org domain is smallish, it's a good place to iron out any wrinkles. The big issue with such a pervasive change (eg: DNSSEC) is it requires a simultaneous migration of all backbone servers supporting that domain. Just imagine the impact for the .com domain!

jobeard · #2 (**permalink**) 06-17-2010, 06:05 PM

DNSSEC is being deployed across the Internet infrastructure, from the root servers at the top of the DNS hierarchy to the servers that run .com and .net and other top-level domains, and then down to the servers that cache content for individual Web sites.

Once it is widely deployed, DNSSEC will prevent cache poisoning attacks, where traffic is redirected from a legitimate Web site to a fake one without the Web site operator or user knowing. Cache poisoning attacks are the result of a serious flaw in the DNS that was disclosed by security researcher Dan Kaminsky in 2008.

see the Computerworld article for details

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode