DNSSEC is the Key to a Healthy Future for the Internet – Security Boulevard

The future of internet connectivity could diverge into two very different outcomesaggressive monopolization by a few providers or a more diverse landscape that fosters innovation. The latter possibility is the better outcome, but it will require improved security to ensure that every entity can connect to each other safely. And one key to making this happen lies in the domain name system (DNS) technology that underpins everything we do onlinespecifically, modern DNS security extensions (DNSSEC). Lets review why the internet is at a turning point, why DNSSEC is so important and how challenges commonly associated with DNSSEC are being resolved.

In recent years, we have seen a small number of internet service providers and content delivery networks handle a substantial portion of online connectivity. Its simple to set up a secure, encrypted connection among a small number of large companies, but the dominance of these entities comes at a cost. Without alternatives, consumers and enterprises alike are at the mercy of whatever pricing their provider establishes and a lack of competition stifles innovation in the field. We are much more likely to see a stream of new and exciting technologies if internet connectivity relies on a vibrant ecosystem of companies, nonprofit organizations and open source projects.

Since DNS plays such a fundamental role in connecting all aspects of IT infrastructure, applications and online services, its a persistent target for malicious actors. Unfortunately, standard DNS was not built with security in mind; DNS requests are vulnerable to interception, and the sender cannot verify whether the IP addresses and other information that they receive are legitimate or lead to a fraudulent site. Applications can effectively vanish from the internet or domain names may be hijacked to pull in phishing victims.

This liability is why DNSSEC is so important. It leverages cryptographically signed DNS records to assure the initial sender of the DNS query that the returned IP address did, in fact, come from the intended target. Despite its clear value, adoption has been slow for a few reasons.

Many modern companies rely on DNS to steer traffic dynamically, accounting for fluctuations in infrastructure uptime to send users to the servers best equipped to handle more traffic. Unfortunately, the most common form of DNSSEC is offline signing, which completes the cryptographic signing process before a DNS request comes in. This is incompatible with modern forms of traffic steering, which demand context-driven real-time DNS responses. Also, DNSSEC has historically been unable to reconcile advanced, non-standardized DNS technology from multiple vendors. These shortcomings have forced providers to choose either DNSSEC or traffic steering across multiple DNS providersand many have ultimately prioritized functionality and flexibility over DNSSEC.

Assuming the internet does become more diverse, there will be many entities fielding DNS traffic that cannot be trusted automatically. The good news is that common impediments to DNSSEC are no longer insurmountable. Modern DNSSEC providers have found ways to sign DNS responses on the fly to fully support real-time traffic steering. Moreover, providers are embracing an emerging multi-signer DNSSEC open standard from the Internet Engineering Task Force that can support multiple DNS providers without compromising DNSSEC. This will allow a broader range of companies to play a fundamental role in internet connectivity without sacrificing security.

DNSSEC is a gateway to all sorts of exciting technologies, but these possibilities can only be realized if many firms embrace its role in security. By utilizing DNSSEC, companies will no longer have to choose whether the internet should run safely or dynamically. The resulting security and reliable connectivity are necessary prerequisites for the kind of exciting, intellectually thriving internet that we should all hope will come to pass.

View post:
DNSSEC is the Key to a Healthy Future for the Internet - Security Boulevard

Related Posts

Comments are closed.