If DNS is the phone book of the Internet, DNSSEC is the Internet’s unspoofable caller ID. It guarantees a web application’s traffic is safely routed to the correct servers so that a site’s visitors are not intercepted by a hidden “man-in-the-middle” attacker. These attacks usually go unnoticed by sites’ visitors, increasing the risk of phishing, malware infections, and personal data leakage.
DNSSEC however is very complicated, and this has been a hurdle for its adoption.
Because trust in DNSSEC is top-down (The root zone verifies the .com zone, and the .com zone verifies the zone, and so forth), enabling DNSSEC requires a website owner to update the DS record with your registrar.
By Clicking on This Link, you will notice that ClusteredNetworks.com has DNSSEC enabled and it is properly configured.
Verisign Labs is a great tool for checking if you have DNSSEC configured properly.
Ron has been a network administrator since the 1994 and has worked extensively with Microsoft, LINUX and FreeBSD products. He has also owned and operated a successful ISP business and has consulted to many companies offering network security services and management, including DNS Migration of nameservers hosting hundreds of domains.
Located in Edmonton, AB Canada, Clustered Networks was Incorporated in 2001 and has offered Network / Internet and IT Consulting services for over 15 years. We offer personalized service!