DNSSEC, From An End-User Perspective, Part 3

In the first post of this DNSSEC series, I have shown the problem (DNS vulnerabilities), and in the second post, the "solution." In this third post, I am going to analyze DNSSEC. Can DNSSEC protect the users against all of the attacks? Or just part of them? What about corner cases?

The following list are the attack types from the first post, where DNSSEC can protect the users:

• DNS cache poisoning the DNS server, "Da Old way"
• DNS cache poisoning, "Da Kaminsky way"
• ISP hijack, for advertisement or spying purposes
• Captive portals
• Pentester hijacks DNS to test application via active man-in-the-middle
• Malicious attacker hijacks DNS via active MITM

The following list are the attack types from the first post, where DNSSEC cannot protect the users:

• Rogue DNS server set via malware
• Having access to the DNS admin panel and rewriting the IP
• ISP hijack, for advertisement or spying purposes
• Captive portals
• Pentester hijacks DNS to test application via active man-in-the-middle
• Malicious attacker hijacks DNS via active MITM

If you are a reader who thinks while reading, you might say "What the hell? Am I protected or not???". The problem is that it depends… In the case where the attacker is between you and your DNS server, the attacker can impersonate the DNS server, downgrade it to a non DNSSEC aware one, and send responses without DNSSEC information.

Now, how can I protect against all of these attacks? Answer is "simple":

1. Configure your own DNSSEC aware server on your localhost, and use that as a resolver. This is pretty easy, even I was able to do it using tutorials.
2. Don't let malware run on your system! ;-)
3. Use at least two-factor authentication for admin access of your DNS admin panel.
4. Use a registry lock (details in part 1).
5. Use a DNSSEC aware OS.
6. Use DNSSEC protected websites.
7. There is a need for an API or something, where the client can enforce DNSSEC protected answers. In case the answer is not protected with DNSSEC, the connection can not be established.

Now some random facts, thoughts, solutions around DNSSEC:

• Did you know .SE signed its zone with DNSSEC in September 2005, as the first TLD in the world?
• Did you know DNSSEC was first deployed at the root level on July 15, 2010?
• Did you know .NL become the first TLD to pass 1 million DNSSEC-signed domain names?
• Did you know that Hungary is in the testing phase of DNSSEC (watch out, it is Hungarian)?
• Did you know that you can also use and test that cool DNSSEC validator?
• Did you know that there are alternative solutions like DNSCrypt?
• Did you know that in the future you might be able to enforce HSTS via DNSSEC?
• Did you know that in the future you might be able to use certificate pinning via DNSSEC?

That's all folks, happy DNSSEC configuring ;-)

Note from David:

Huh, I have just accidentally deleted this whole post from Z, but then I got it back from my browsing cache. Big up to Nir Sofer for his ChromeCacheView tool! Saved my ass from kickin'! :D

Related articles

1. Hacker Tools Apk
2. Pentest Automation Tools
3. Black Hat Hacker Tools
4. Easy Hack Tools
5. Pentest Tools Download
6. Usb Pentest Tools
7. Pentest Tools Port Scanner
8. Hacker Tools 2019
9. Hacker Tools Free
10. Pentest Tools For Android
11. Hacking Tools 2019
12. Tools Used For Hacking
13. Hack Tools
14. Hack Rom Tools
15. Tools Used For Hacking
16. Hacker Tools Hardware
17. Pentest Automation Tools
18. Hacking Tools For Windows Free Download
19. Best Hacking Tools 2020
20. Hack App
21. Hacking Tools 2020
22. Hacking Tools For Kali Linux
23. Wifi Hacker Tools For Windows
24. Hacker Tools Apk Download
25. Android Hack Tools Github
26. Tools Used For Hacking
27. Kik Hack Tools
28. Tools For Hacker
29. Hackers Toolbox
30. Pentest Tools
31. Tools 4 Hack
32. Pentest Tools Website Vulnerability
33. Underground Hacker Sites
34. Hacking Tools And Software
35. Hacker Tools For Mac
36. Hacking Tools For Mac
37. Beginner Hacker Tools
38. Hack Tools 2019
39. Pentest Tools For Ubuntu
40. Kik Hack Tools
41. Pentest Tools Nmap
42. Hack Rom Tools
43. How To Make Hacking Tools
44. Usb Pentest Tools
45. Hacking Apps
46. Pentest Tools Download
47. Hack Tools For Ubuntu
48. Hacker Tools List
49. Pentest Tools For Android
50. Pentest Tools Nmap
51. Pentest Recon Tools
52. Hack Tools
53. Pentest Tools Nmap
54. Hacking Tools Pc
55. Hacker Tools Github
56. Hacker Tools Linux
57. Best Hacking Tools 2020
58. Hacker Tools Software
59. Kik Hack Tools
60. Pentest Recon Tools
61. Hacker Security Tools
62. Hacker Tools Windows
63. Pentest Tools Find Subdomains
64. Tools 4 Hack
65. Nsa Hack Tools Download
66. Hacker Tools Linux
67. What Is Hacking Tools
68. Pentest Tools Windows
69. Hacker Search Tools
70. Pentest Tools For Android
71. Underground Hacker Sites
72. Pentest Tools Review
73. Hack Tools For Games
74. Pentest Reporting Tools
75. Hacking Tools Free Download
76. Hacking Tools For Mac
77. Pentest Tools Review
78. Pentest Tools Apk
79. Best Hacking Tools 2020
80. Pentest Tools Subdomain
81. What Is Hacking Tools
82. Hacker Tools Online
83. Pentest Tools
84. Hack Tools
85. Hack Tools For Windows
86. New Hack Tools
87. Hack App
88. Hacking Tools For Kali Linux
89. Hacker Tools 2019
90. Usb Pentest Tools
91. Hack Tools Pc
92. Pentest Tools Url Fuzzer
93. Hacking Tools
94. Hacker Tools For Mac
95. Pentest Tools Nmap
96. Hacker Tools For Ios
97. Pentest Tools Review
98. Android Hack Tools Github
99. Physical Pentest Tools
100. Hacking Tools For Pc
101. Hack Tool Apk
102. Nsa Hack Tools Download
103. Pentest Tools Review
104. Best Pentesting Tools 2018
105. Hackers Toolbox
106. Hacker Tools Mac
107. Nsa Hacker Tools
108. Hacking Tools
109. Hacker Tools 2019
110. Hacking Tools For Pc
111. Hacker Tools Free Download
112. Hacker Search Tools
113. Game Hacking
114. Ethical Hacker Tools
115. Hacker Tools Linux
116. Hacker Tools Free Download
117. Pentest Tools Url Fuzzer
118. Hack And Tools
119. New Hack Tools
120. Hack Tools Github
121. Hacking Tools Mac
122. Github Hacking Tools
123. Hack Tools 2019
124. Hacking Tools For Windows
125. Hacker Hardware Tools
126. Hacking Tools Software
127. Easy Hack Tools
128. Pentest Tools Url Fuzzer
129. Pentest Tools For Mac
130. Pentest Tools Nmap
131. Hacker Tools Windows
132. Android Hack Tools Github
133. Hacking Tools For Windows
134. Hacker Tools For Windows
135. Pentest Tools Windows
136. Beginner Hacker Tools
137. Pentest Tools Open Source
138. Hacking Tools Mac
139. Pentest Tools Find Subdomains
140. Pentest Reporting Tools
141. Best Hacking Tools 2019
142. Kik Hack Tools
143. Hack Tools Download
144. Pentest Recon Tools
145. Pentest Tools Website
146. Pentest Tools Port Scanner
147. Hacking Tools For Windows Free Download
148. How To Make Hacking Tools
149. Hacker Security Tools