DNSSEC (or Domain Name System Security Extensions) are aimed at adding a layer of security to DNS systems. In today’s context, the priority for every system professional entrusted with the responsibility of maintaining a computer network is security.
With DNS being used as an IP address authentication tool, its vulnerability was increasingly exploited by hackers. But as it happened in the early years of introduction of HTTPS, the acceptance levels of DNSSEC is still very low.
Cloudflare is trying to make things easier for the adoption of DNSSEC by calling upon ICANN, the private body that is administering the IP address allocation ecosystem and working closely with them in expanding the use of DNSSEC.
What Does DNSSEC Do?
Before delving further, it may be relevant to first understand what DNSSEC is all about and why it is critical to ensure it is embraced by everyone.
As mentioned, when it comes to protecting the integrity of a computer network, no loose end should be spared.
Just as you might have come across recommendations to have multiple levels or layers of protection in your system/network, these individual tools too have definite roles to offer.
You have a built-in firewall, then you install an antivirus software and then you advise all users to create strong passwords and so on—all of these best-practices are meant to stop a hacker with malicious intent from breaking in.
DNSSEC must be seen through a similar perspective; some argue the HTTPS is there; no one denies this but it alone may not be sufficient to strengthen the security levels to be provided to the DNS server.
The primary function of the DNSSEC suite, therefore, is to make it difficult for a hacker to force entry into a network through the DNS cache or malicious deceptive codes to inject fake IP addresses.
DNSSEC is able to authenticate the originality of the IP address.
Unlike HTTPS, DNSSEC does not have any function to provide certification on the confidentiality of the URL. This may appear a limited role to some, but in the context of cybersecurity, this support from DNSSEC can be extremely useful in bringing down the number of hacking instances, at least using DNS vulnerabilities.
Cloudflare Doing Its Bit to Build a Broad Consensus
The difficulty with most industry bodies is that they all profess the same objective but do not work together or see eye-to-eye on major issues affecting the field.
That is one of the reasons why DNSSEC’s rates of validation are not consistent across the globe today.
Cloudflare, a networking superpower in its own right, is making moves to enable wider acceptance of DNSSEC by all stakeholders. The company is advocating broader use of the security protocol urging the registrants, registries, registrars and third-party DNS managers to adopt DNSSEC. These are the entities that can help in the easy implementation of adopting DNSSEC.
The sticky issue of third-party DNS providers is being sought to be resolved by taking it up with the other concerned authorities in the loop to overlook any reservations they may have with them and to allow DNSSEC to be adopted, in the larger interest of the users or owners of the networks.
Large Organizations Should Cooperate
In this process of expanding the acceptance and adoption of DNSSEC, many large corporations have to be convinced of the usefulness of the security suite even if they have to spend some money to install it.
The cost of damage that could occur if their network is broken into could be multiple times the cost of acquiring the technology. They should consider the long-term benefit and not the immediate outflow of funds.
In principle, every organization swears by the security of their computers and online assets, including important data stored within the network. They need to show in action to match what they say through pronouncements for public consumption.
The efforts now being initiated by Cloudflare are aimed at prompting notice by all concerned that there should be no delay in adopting DNSSEC, the gold standard in DNS security.
Going by the success HTTPS achieved after the initial hesitation, many cybersecurity experts expect DNSSEC will get adopted too, in quick time.