Solved

DNSSEC and Secondary DNS

Posted on 2013-10-30
1
733 Views
Last Modified: 2013-11-04
Working with a domain registered with GoDaddy and also DNS at GoDaddy. The customer is having a website built by another provider which will also handle hosting.
 
I need to make all traffic from that domain registered with go daddy go to the hosting of the other provider.
 
DNS will also stay at go daddy as the cutomer has Office 365 exchange setup in the go daddy DNS.
 
They have the premium DNS package with vanity nameservers and they have DNSSEC enabled so can someone help me understand why DNSSEC helps with security?
 
Also they have the option for a secondary DNS server but it says you can't use secondary DNS when DNSSEC is enabled? Whay would that be? Is it a system thing or a go daddy thing? Are there other providers where you can have both?
 
Do they really need DNSSEC? This will be a website for a small local buisness.
0
Comment
Question by:ATL74
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 64

Accepted Solution

by:
btan earned 500 total points
ID: 39613441
There are many DNS vulnerabilities (esp in Bind and adding with more open recursive DNS resolver exposed in web), an attacker can easily hijack DNS session. The purpose of the attack is to take control of the session to, for example, send the user to the hijacker's own deceptive web site for account and password collection. Which is why DNSSEC came on to secure the DNS integrity of the session..e.g. root zone sign the domain name and overall the attestion serves to proof validity of the address of the site the user is lead too. Such digital signature (they called it "Delegation of Signing") not easily breached and upon tamper the chain of trust is broken (e.g. the domain name cannot resolve to your website).  

Full deployment of DNSSEC will ensure the end user is connecting to the actual web site or other service corresponding to a particular domain name. Although this will not solve all the security problems of the Internet, it does protect a critical piece of it - the directory lookup - complementing other technologies such as SSL (https:) that protect the "conversation", and provide a platform for yet to be developed security improvements.

In short, DNSSEC provides a validation path for records. The challenge is the chain of domain extension must be DNSSEC aware and support it throughout the chain, hence adoption is not widely implemented. However, the CA folks has supported it likewise for the root domain ..

GoDaddy has DNSSEC capability for Premium DNS Account
http://support.godaddy.com/help/article/6420/enabling-dnssec-in-your-premium-dns-account
http://www.internetsociety.org/deploy360/resources/how-to-sign-your-domain-with-dnssec-using-godaddy-com/

It is always good to be sure and be less exposed. Business call...why ...

DNSSEC protects DNS clients (such as web browsers and mail clients) from forged DNS data. If an attacker attempts to alter any part of the DNS resolution process, then a DNSSEC aware client can detect the altered response. This allows the DNSSEC aware client to detect with certainty when this has happened. Not all browsers are DNSSEC aware. Chrome has supported this since version 14. On other browsers, an extension must be added to support DNSSEC. Some browser don’t yet support DNSSEC.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
What You Need to Know when Searching for a Webhost Provider
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
The purpose of this video is to demonstrate how to set up the WordPress backend so that each page automatically generates a Mailchimp signup form in the sidebar. This will be demonstrated using a Windows 8 PC. Tools Used are Photoshop, Awesome…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question