Episode 1
Why do we need DNSSEC?
Good question! Why do we need DNSSEC?
DNS was created when the Internet was tiny and small.
Security was not a primary concern in its design.
DNS’s main job is to translate human-friendly names to the IP addresses needed by your network-connected devices.
DNS is like a big phone book that your devices use to fetch websites or deliver emails.
DNS resolvers are in charge of tracking down this information for you.
And that data is often provided by authoritative servers.
But DNS resolvers have no way to verify the authenticity of a response from an authoritative server.
What if the response has been tampered with?
This is where DNSSEC comes in.
Resolvers? Authoritative name servers? What are all these things? Check out HowDNS.works for a refresher and come back here.
I’ll be waiting.
DNSSEC stands for Domain Name System Security Extensions.
Like HTTPS, DNSSEC provides a layer of security by allowing authenticated answers on top of DNS.
However, there is an important difference.
HTTPS encrypts traffic so no crabs can spy on your data.
DNSSEC signs DNS data to detect that no crabs have been messing with your DNS responses.
Bad crab. Bad.
DNSSEC doesn’t include full encryption like HTTPS does.
The data is not kept confidential between the resolver and the authoritative server.
Let’s dig a bit deeper into DNSSEC. Ready?
