DNS Security

The original design of the Domain Name System (DNS) did not include any security details; instead, it was designed to be a scalable distributed system. The later Domain Name System Security Extensions (DNSSEC) standard seeks to address this by adding security, while maintaining backward compatibility. DNSSEC was designed to protect applications (and caching resolvers serving those applications) from using forged or manipulated DNS data, such as that created by DNS cache poisoning.

DNSSEC can protect any data published in the DNS, including text records (TXT), mail exchange records (MX), and can be used to bootstrap other security systems that publish references to cryptographic certificates stored in the DNS such as Certificate Records (CERT record), SSH fingerprints (SSHFP), IPSec public keys (IPSECKEY), and TLS Trust Anchors (TLSA).

  • EfficientIP – DNS Security

    by Efficient IP

    EfficientIP provides hardware & software appliances to manage IP addressing schemas and to deliver DNS/DHCP services in a fully integrated solution. EfficientIP brings a new approach to managing IPAM, DNS and DHCP services at the architecture level with Plug-and-Play technologies to deliver secured and highly available services. Unlike products from most competitors, multiple services can all be run on a single unit.

    EfficientIPs SOLIDserver™ supports all the required resource records to deploy and provide DNSSEC. EfficientIP is fully compliant with RFCs related to DNSSEC, critically IETF RFCs 4033, 4034, 4035 and 5155.

  • Bluecat – DNS Security

    by BlueCat

    BlueCat Networks is an industry-leading provider of IPAM solutions. BlueCat supports integration of DNS and DHCP services, as well as overlay support for Microsoft DNS/DHCP services via its Address Manager appliances. Products are available as virtual or physical appliances, and can also be run on existing network infrastructure, including the Citrix NetScaler SDX ADP, and routers from Cisco and HP.

    Bluecat’s implementation of the Domain Name System Security Extensions (DNSSEC) is built around Industry Standards – critically IETF RFCs 4033, 4034, 4035 and 5155.

  • IP-Performance recently ran 2 virtual cyber breach response workshops for Elmbridge Borough Council and we cannot recommend them highly enough. As well as lots of practical resources & templates to take away, the second day culminates with an simulation which brings a cyberattack to life. It’s highly interactive, slightly stressful, but most importantly really makes you think! There’s a definite buzz around cyber at Elmbridge now thanks to Phil and team.

    Nikki Benge, ICT Business Manager,
    Elmbridge Borough Council