Cloudflare Reduces DNS Vulnerabilities by making DNSSEC Activation Easy

21 Sep

In the near future, a boost will definitely be seen in the adoption of DNSSEC technology that ensures “Domain Name System” trust. This mechanism allows translating the website name into machine-intelligible data. From now onwards, the users of Cloudfare can increase DNS security without the requirement of any configuration to registrar.

What is Domain Name System (DNS)?

DNS is a system for translating a website name into the corresponding IP address whenever we want to access any domain. This was working fine until it was discovered that it is vulnerable and advertisers and cyber-criminals could manipulate it and deliver malicious content to the users. Now, with DNSSEC (Domain Name System Security Extensions) model, a trust is created between DNS sever responsible for routing client queries to its endpoint. The benefits is that it provide integrity and authenticity in the answers received from authorized name servers.

Adopting DNSSEC

DNSSEC is a very helpful thing that is happening to Internet technology but its adoption is lacking. According to Asia-Pacific Network Information Center (APNIC), the world-wide DNSSEC validation is only 15.8% in current time. According to Cloudfare, the reason behind this is that the default DNS providers received from DHCP is via ISP or network provider. Many large DNS providers doesn’t provides the option of DNSSEC to individual domains. Even if they provide then they charge very heavily. Their process to activate DNSSEC is a complex procedure and thus even if it is attempted, it doesn’t gets completed in most cases.

How Cloudfare is Helping

The Cloudfare is allowing the domain users in their network to use DNSSEC by providing an easy interface for adding Delegation Signer (DS) records for the child domains. Now from the Cloudfare Dashboard, the customers can enable DNSSEC in one click.

The company is offering some other benefits such as full support for CDS/CDNSKEY records for DNSSEC enabled domains from Cloudfare Dashboard. With this offer, Cloudfare is hoping that more DNS providers will follow this path and thus the vulnerability of DNS attack will get less. More interestingly is that Cloudfare users can activate DNSSEC for free.

Leave a Reply