DNSSEC, From An End-User Perspective, Part 3

In the first post of this DNSSEC series, I have shown the problem (DNS vulnerabilities), and in the second post, the "solution." In this third post, I am going to analyze DNSSEC. Can DNSSEC protect the users against all of the attacks? Or just part of them? What about corner cases?

The following list are the attack types from the first post, where DNSSEC can protect the users:

• DNS cache poisoning the DNS server, "Da Old way"
• DNS cache poisoning, "Da Kaminsky way"
• ISP hijack, for advertisement or spying purposes
• Captive portals
• Pentester hijacks DNS to test application via active man-in-the-middle
• Malicious attacker hijacks DNS via active MITM

The following list are the attack types from the first post, where DNSSEC cannot protect the users:

• Rogue DNS server set via malware
• Having access to the DNS admin panel and rewriting the IP
• ISP hijack, for advertisement or spying purposes
• Captive portals
• Pentester hijacks DNS to test application via active man-in-the-middle
• Malicious attacker hijacks DNS via active MITM

If you are a reader who thinks while reading, you might say "What the hell? Am I protected or not???". The problem is that it depends… In the case where the attacker is between you and your DNS server, the attacker can impersonate the DNS server, downgrade it to a non DNSSEC aware one, and send responses without DNSSEC information.

Now, how can I protect against all of these attacks? Answer is "simple":

1. Configure your own DNSSEC aware server on your localhost, and use that as a resolver. This is pretty easy, even I was able to do it using tutorials.
2. Don't let malware run on your system! ;-)
3. Use at least two-factor authentication for admin access of your DNS admin panel.
4. Use a registry lock (details in part 1).
5. Use a DNSSEC aware OS.
6. Use DNSSEC protected websites.
7. There is a need for an API or something, where the client can enforce DNSSEC protected answers. In case the answer is not protected with DNSSEC, the connection can not be established.

Now some random facts, thoughts, solutions around DNSSEC:

• Did you know .SE signed its zone with DNSSEC in September 2005, as the first TLD in the world?
• Did you know DNSSEC was first deployed at the root level on July 15, 2010?
• Did you know .NL become the first TLD to pass 1 million DNSSEC-signed domain names?
• Did you know that Hungary is in the testing phase of DNSSEC (watch out, it is Hungarian)?
• Did you know that you can also use and test that cool DNSSEC validator?
• Did you know that there are alternative solutions like DNSCrypt?
• Did you know that in the future you might be able to enforce HSTS via DNSSEC?
• Did you know that in the future you might be able to use certificate pinning via DNSSEC?

That's all folks, happy DNSSEC configuring ;-)

Note from David:

Huh, I have just accidentally deleted this whole post from Z, but then I got it back from my browsing cache. Big up to Nir Sofer for his ChromeCacheView tool! Saved my ass from kickin'! :D

More info

1. Install Pentest Tools Ubuntu
2. Hacker Tools For Ios
3. World No 1 Hacker Software
4. Pentest Tools Bluekeep
5. Hacker Tools Linux
6. Hacking Tools Pc
7. Hacking Tools Free Download
8. Hacking Tools Pc
9. Hackrf Tools
10. Android Hack Tools Github
11. Best Pentesting Tools 2018
12. Pentest Automation Tools
13. Hack App
14. Hacker Tools Windows
15. Tools For Hacker
16. Nsa Hacker Tools
17. Hacker Tool Kit
18. Pentest Tools Website Vulnerability
19. Hack Website Online Tool
20. Hack Tools 2019
21. Hacking Apps
22. Hack Tool Apk
23. Growth Hacker Tools
24. Hacking Apps
25. Underground Hacker Sites
26. How To Make Hacking Tools
27. Hacker Tools For Mac
28. Pentest Tools Find Subdomains
29. Hacking Tools Github
30. Hack Tools For Pc
31. Pentest Tools Alternative
32. Hacking Tools
33. What Is Hacking Tools
34. Hack Tools For Pc
35. Pentest Tools For Windows
36. Hack Tools Mac
37. Hacking Tools For Mac
38. Wifi Hacker Tools For Windows
39. Pentest Box Tools Download
40. Hack Tools For Pc
41. Hacking Tools For Windows Free Download
42. Computer Hacker
43. Pentest Tools Tcp Port Scanner
44. Hacking Tools For Windows
45. Black Hat Hacker Tools
46. Pentest Tools Open Source
47. Hacker Tools List
48. Pentest Tools Free
49. Install Pentest Tools Ubuntu
50. Hacker Security Tools
51. Android Hack Tools Github
52. Hacker Tools For Pc
53. Hack Tool Apk
54. World No 1 Hacker Software
55. Hacks And Tools
56. Nsa Hacker Tools
57. Hacking Tools Hardware
58. Hacker Tools Free Download
59. Pentest Tools Open Source
60. Hacking Tools For Windows Free Download
61. Wifi Hacker Tools For Windows
62. Hack Tool Apk No Root
63. Hack Website Online Tool
64. New Hack Tools
65. How To Hack
66. Hacker Tools For Mac
67. What Is Hacking Tools
68. Pentest Tools Alternative
69. Best Hacking Tools 2020
70. Pentest Tools For Windows
71. Hacking Tools
72. Hacker Tools Software
73. Hacking Apps
74. Beginner Hacker Tools
75. Hack Tools Pc
76. Hacking Tools For Beginners
77. Hack Tools
78. Free Pentest Tools For Windows
79. Hack Tool Apk No Root
80. Hack Tools For Ubuntu
81. Hacking Tools Software
82. Hacking Tools
83. Hack Tools 2019
84. Hack Tools Github
85. Hak5 Tools
86. Tools For Hacker
87. Underground Hacker Sites
88. Kik Hack Tools
89. Hacking Tools Mac
90. Pentest Tools Alternative
91. Hacker
92. Hacking Tools For Kali Linux
93. Hack App
94. Hacking Tools Hardware
95. Hacker Tools Online
96. Nsa Hacker Tools
97. Hacking Apps
98. Hacking Tools Kit
99. Hak5 Tools
100. Pentest Tools Download
101. Wifi Hacker Tools For Windows
102. Pentest Tools Online
103. Pentest Tools Linux
104. Pentest Tools List
105. Hacker Tool Kit
106. Ethical Hacker Tools
107. Ethical Hacker Tools
108. What Is Hacking Tools
109. Hacking Tools Kit
110. Hacker Tools Free Download
111. Usb Pentest Tools
112. Hacking Tools For Pc
113. Game Hacking
114. Hacking Tools Windows
115. Hacker Tools 2020
116. Hacking Tools For Windows
117. How To Hack
118. Free Pentest Tools For Windows
119. Nsa Hack Tools
120. Game Hacking
121. Hack Tools For Games
122. Pentest Tools Download
123. Underground Hacker Sites
124. Pentest Tools Android
125. Ethical Hacker Tools
126. Pentest Tools Review
127. Hack Website Online Tool
128. Pentest Tools
129. Hacker
130. Hacking Tools For Pc
131. Hacker Tools For Pc
132. Hacking Tools Free Download
133. Kik Hack Tools
134. Hacking Apps
135. Pentest Tools Github
136. Tools For Hacker
137. Hacking Tools And Software
138. Pentest Tools Github
139. Pentest Tools Github
140. How To Make Hacking Tools
141. Hack Tools For Windows
142. Hacking Tools Usb
143. Hack Tool Apk
144. Nsa Hack Tools
145. Hack Tools Mac
146. Hak5 Tools
147. Hack And Tools
148. Nsa Hack Tools Download
149. Pentest Tools For Android