Enabling DNSSEC in Securd

DNSSEC (Domain Name System Security Extensions) is a security protocol that provides authentication for DNS data. It is used to protect the internet's global Domain Name System (DNS) infrastructure from various types of attacks, such as spoofing and cache poisoning.

DNSSEC works by adding cryptographic signatures to DNS records, which allows users to verify the authenticity of DNS data received from a server. These signatures are created using public key cryptography, and are stored in special resource records in the DNS.

When a client sends a DNS query to a server, the server can use DNSSEC to provide a digital signature along with the DNS response. The client can then use the public key associated with the domain to verify the authenticity of the response. This ensures that the client is receiving genuine DNS data, and not fake data that has been injected by an attacker.

DNSSEC also includes mechanisms for detecting tampering with DNS data. If an attacker tries to alter a DNS record or its associated signature, the client will be able to detect the tampering and reject the response.

How to Enforce DNSSEC in Securd

Securd supports DNSSEC by performing validation on queries sent from Securd resolvers to upstream authoritative servers. When you edit a policy, find the "Require DNSSEC" option in the policy editor, and select "Enable" and then "Save" the policy to make the change active.

As a Securd customer, you can access the Internet with confidence that Securd is defending your organization from any cache poisoning or DNS spoofing attacks.