DNS Bytes: Tip - How to Protect your Domain from Spoofing

It’s no secret that as technology advances, so do the ways in which criminals find to extort domain owners. One of the most popular methods of attacking a website is through means of spoofing. As bad actors become more clever in devising ways to fool your online customers, you need to do everything in your power to prevent attacks like this from happening in the first place. 

One such method is with Domain Name System Security Extensions (DNSSEC).

DNSSEC is a protocol designed to protect websites against attacks by securing DNS lookups. This protection is achieved through a hierarchical digital signing policy or chain of trust across all DNS layers. With DNSSEC enabled, each layer of the lookup process must be verified and signed before a query can be resolved.

How Does Spoofing Work?

In order for an attacker to successfully spoof a domain, they need to impersonate an authoritative nameserver and give the recursive resolver a forged answer. When this happens, the recursive server unwittingly accepts the forgery and sends the internet user that queried the site to a malicious website. Unfortunately, it doesn’t stop with just this one query. The recursive server actually caches the forgery and sends all users to the malicious site until the forged records expire. Needless to say, this can cause far-reaching problems for your domain—including loss of trust in your brand.

How Does DNSSEC Prevent Spoofing?

With DNSSEC implemented, servers are required to validate requests before taking any action. This is done through digital signatures that are based on public key cryptography. Each DNS zone for a domain with DNSSEC enabled has a public and a private key, which is used to sign or authenticate the DNS data for that particular zone. 

If you’re unsure whether DNSSEC is right for you or would work with your unique configurations, contact our DNS specialists who will be more than happy to help.

Want to learn more about DNSSEC? Check out these resources:

What is DNSSEC?

What is the Purpose of DNSSEC?

Heather Oliver
Heather Oliver is a Technical Writer for Constellix and DNS Made Easy, subsidiaries of Tiggee LLC. She’s fascinated by technology and loves adding a little spark to complex topics. Want to connect? Find her on LinkedIn.

Our latest news

Stay up to date on the latest DNS Made Easy resources and news

Want a Proof of Concept?

Start Free Trial