DNSSEC

From SonicWiki
Jump to: navigation, search


What is DNSSEC?

Starting 26, February 2013 we will begin enabling DNSSEC by default on our main recursive name server ( ns1/ns2.sonc.net ). Follow the Status Blog for updates on this roll-out.

DNSSEC is an enhanced level of Internet security that enables validation of DNS traffic to ensure that it has not been tampered with. This prevents hackers from injecting false information (aka DNS cache 'poisoning'), in an attempt to re-direct people trying to access a real website to a fake, phishing or criminal site.

Does Sonic.net support authoritative DNSSEC services?

No, not at this time.

What should I do if the DNSSEC servers are not working or I suspect at problem validating a zone?

If you could post a message into the "Labs" section of our Forums we would appreciate it, and you will be helping fellow customers.

Where should I direct questions or concerns?

Please direct any questions or concerns to the "Labs" section of our Forums where a Sonic.net employee or a fellow customer will promptly address your question or concern.

What happens if I try to access a website that fails DNSSEC validation?

If using a web browser you will see an error message, such as "Server Not Found." (The exact result will vary from browser to browser.)

Chrome-dnssec-screenshot.png

Will client software like a web browser indicate if DNSSEC is in use?

There are DNSSEC Validator extensions for some browsers:

DNSSEC Validator extension for Google Chrome.

DNSSEC Validator add-on for Mozilla Firefox

I think a domain is failing validate. How can I tell?

Use a testing tool like Sandia National Lab's DNSViz, at http://dnsviz.net/ .

Use a testing tool like Verisign Labs' DNSSEC Debugger, at http://dnssec-debugger.verisignlabs.com/ .

If a site fails DNSSEC validation, they either have a security problem or misconfigured their domain.