Why do we need DNSSEC?
Good question! Why do we need DNSSEC?
Security was not a primary concern in its design.
Simply put, DNS main job is to translate human-friendly names to IP addresses needed by your laptop, phones, and other network devices.
DNS resolvers are the ones in charge of tracking down this information for you.
And that data is often provided by authoritative servers.
But DNS resolvers have no way to verify the authenticity of a response from an authoritative server.
What if the response has been tampered with?
This is where DNSSEC comes in.
Resolvers? Authoritative name servers? What are all these things? Check out HowDNS.works for a refresher and come back here.
I'll be waiting.
DNSSEC is short for Domain Name System Security Extensions.
Like HTTPS, DNSSEC provides a layer of security by allowing authenticated answers on top of DNS.
However, there is a important difference.
HTTPS encrypts traffic so no crab can spy on your data.
DNSSEC signs DNS data to detect that no crabs have been messing with your DNS responses.
Bad crab. Bad.
Let's dig a bit deeper on DNSSEC. Ready?