DNSSEC, From An End-User Perspective, Part 3

In the first post of this DNSSEC series, I have shown the problem (DNS vulnerabilities), and in the second post, the "solution." In this third post, I am going to analyze DNSSEC. Can DNSSEC protect the users against all of the attacks? Or just part of them? What about corner cases?

The following list are the attack types from the first post, where DNSSEC can protect the users:

• DNS cache poisoning the DNS server, "Da Old way"
• DNS cache poisoning, "Da Kaminsky way"
• ISP hijack, for advertisement or spying purposes
• Captive portals
• Pentester hijacks DNS to test application via active man-in-the-middle
• Malicious attacker hijacks DNS via active MITM

The following list are the attack types from the first post, where DNSSEC cannot protect the users:

• Rogue DNS server set via malware
• Having access to the DNS admin panel and rewriting the IP
• ISP hijack, for advertisement or spying purposes
• Captive portals
• Pentester hijacks DNS to test application via active man-in-the-middle
• Malicious attacker hijacks DNS via active MITM

If you are a reader who thinks while reading, you might say "What the hell? Am I protected or not???". The problem is that it depends… In the case where the attacker is between you and your DNS server, the attacker can impersonate the DNS server, downgrade it to a non DNSSEC aware one, and send responses without DNSSEC information.

Now, how can I protect against all of these attacks? Answer is "simple":

1. Configure your own DNSSEC aware server on your localhost, and use that as a resolver. This is pretty easy, even I was able to do it using tutorials.
2. Don't let malware run on your system! ;-)
3. Use at least two-factor authentication for admin access of your DNS admin panel.
4. Use a registry lock (details in part 1).
5. Use a DNSSEC aware OS.
6. Use DNSSEC protected websites.
7. There is a need for an API or something, where the client can enforce DNSSEC protected answers. In case the answer is not protected with DNSSEC, the connection can not be established.

Now some random facts, thoughts, solutions around DNSSEC:

• Did you know .SE signed its zone with DNSSEC in September 2005, as the first TLD in the world?
• Did you know DNSSEC was first deployed at the root level on July 15, 2010?
• Did you know .NL become the first TLD to pass 1 million DNSSEC-signed domain names?
• Did you know that Hungary is in the testing phase of DNSSEC (watch out, it is Hungarian)?
• Did you know that you can also use and test that cool DNSSEC validator?
• Did you know that there are alternative solutions like DNSCrypt?
• Did you know that in the future you might be able to enforce HSTS via DNSSEC?
• Did you know that in the future you might be able to use certificate pinning via DNSSEC?

That's all folks, happy DNSSEC configuring ;-)

Note from David:

Huh, I have just accidentally deleted this whole post from Z, but then I got it back from my browsing cache. Big up to Nir Sofer for his ChromeCacheView tool! Saved my ass from kickin'! :D

Related articles

1. Hacker Techniques Tools And Incident Handling
2. Hacker Tools Linux
3. Hacker Tools Free Download
4. Hack Tools Online
5. Hacking Tools
6. Hack Rom Tools
7. Nsa Hacker Tools
8. Hacker
9. Hack Tools For Mac
10. Hack Tools
11. Top Pentest Tools
12. Hacker Tools For Pc
13. Hacker Tools Apk Download
14. Hacker Hardware Tools
15. Hacking Tools Windows 10
16. Hacker Tools Mac
17. Hacker Tools Apk Download
18. Hacker Search Tools
19. Tools 4 Hack
20. Pentest Tools Subdomain
21. Pentest Tools Review
22. Free Pentest Tools For Windows
23. Pentest Tools Open Source
24. Ethical Hacker Tools
25. Bluetooth Hacking Tools Kali
26. Pentest Tools Website
27. Tools For Hacker
28. Hacking Tools For Mac
29. Computer Hacker
30. Hack Tools Mac
31. Hacking Tools For Kali Linux
32. Hacking Tools Github
33. Best Pentesting Tools 2018
34. How To Install Pentest Tools In Ubuntu
35. Hacker Techniques Tools And Incident Handling
36. Hacks And Tools
37. Hak5 Tools
38. Best Pentesting Tools 2018
39. Hacking Tools Online
40. Hack And Tools
41. Pentest Tools Port Scanner
42. Hack Tools Download
43. Pentest Tools List
44. Hacker Tools Github
45. Hacking Tools Download
46. Pentest Tools Online
47. Android Hack Tools Github
48. Hack Apps
49. Computer Hacker
50. Hacker Tools Free Download
51. Hacking Tools Download
52. Hack Tools
53. Hacker Tools Online
54. Pentest Tools Port Scanner
55. Hacking Tools Software
56. Hacking Tools For Windows
57. Hacker Tools Free
58. Hacker
59. How To Make Hacking Tools
60. Hack Tools
61. Underground Hacker Sites
62. What Is Hacking Tools
63. Hacking Tools For Windows Free Download
64. How To Install Pentest Tools In Ubuntu
65. Nsa Hacker Tools
66. Hackers Toolbox
67. Usb Pentest Tools
68. Hacker Tools 2019
69. Hacking Tools For Mac
70. Hacker Tools Hardware
71. Pentest Tools Bluekeep
72. Kik Hack Tools
73. Hacking Tools Free Download
74. Hacking Tools For Games
75. Hacking Tools Download
76. Hacker Security Tools
77. Pentest Tools Windows
78. Pentest Tools Open Source
79. Hacking Tools Hardware
80. Best Hacking Tools 2020
81. Hacker Tools Free
82. How To Hack
83. Hacking Tools Usb
84. Hackrf Tools
85. Hacking Tools Free Download
86. Hacker Tools Apk Download
87. Hacking Tools Windows
88. Pentest Tools Kali Linux
89. Hacking Tools Pc
90. Hacking Tools Download
91. Tools Used For Hacking
92. Hacking Tools For Pc
93. Hacking Tools Usb
94. Hack Tools
95. World No 1 Hacker Software
96. Ethical Hacker Tools
97. Hacking Tools Name
98. Hacker Tools Linux
99. Android Hack Tools Github
100. Hacker Tools Free Download
101. Hacking Tools For Kali Linux
102. Hacker Tools
103. Kik Hack Tools
104. Best Pentesting Tools 2018
105. Hacking Tools For Windows 7
106. Pentest Tools Website
107. Hack Tool Apk
108. Underground Hacker Sites
109. Hacking Tools For Windows 7
110. Hack Tools Github
111. Ethical Hacker Tools
112. Hacker Tools Free Download
113. Hacking Tools Software
114. Android Hack Tools Github
115. Hack Tool Apk
116. Pentest Tools Nmap
117. How To Hack
118. Underground Hacker Sites
119. Hacker Tools Windows
120. Hack Tools Github
121. Hacker Techniques Tools And Incident Handling
122. Hacker Security Tools
123. Pentest Tools Linux
124. Pentest Tools For Android
125. Hack Tools For Windows
126. Pentest Tools Download
127. Hacker Tools For Windows
128. Bluetooth Hacking Tools Kali
129. Pentest Tools Url Fuzzer
130. Hacker Tools Free
131. Pentest Tools Subdomain
132. Pentest Tools Framework
133. Hacker Tools
134. Hacker Tools Windows
135. Hacker Tools Apk Download
136. Hacking Tools Windows
137. Free Pentest Tools For Windows
138. Hacking Tools 2019
139. Hak5 Tools
140. Hacking Tools Free Download
141. Pentest Tools Windows
142. Hack Tool Apk No Root
143. Pentest Reporting Tools
144. Hacker Tools Windows
145. Tools For Hacker
146. Free Pentest Tools For Windows
147. Hacker Tools Free Download
148. Hack Tools For Games
149. Hackrf Tools
150. Hacking Tools 2019
151. Hacking Tools For Beginners
152. Hack Tools For Games
153. Pentest Tools Url Fuzzer