DNSSEC, From An End-User Perspective, Part 3

In the first post of this DNSSEC series, I have shown the problem (DNS vulnerabilities), and in the second post, the "solution." In this third post, I am going to analyze DNSSEC. Can DNSSEC protect the users against all of the attacks? Or just part of them? What about corner cases?

The following list are the attack types from the first post, where DNSSEC can protect the users:

• DNS cache poisoning the DNS server, "Da Old way"
• DNS cache poisoning, "Da Kaminsky way"
• ISP hijack, for advertisement or spying purposes
• Captive portals
• Pentester hijacks DNS to test application via active man-in-the-middle
• Malicious attacker hijacks DNS via active MITM

The following list are the attack types from the first post, where DNSSEC cannot protect the users:

• Rogue DNS server set via malware
• Having access to the DNS admin panel and rewriting the IP
• ISP hijack, for advertisement or spying purposes
• Captive portals
• Pentester hijacks DNS to test application via active man-in-the-middle
• Malicious attacker hijacks DNS via active MITM

If you are a reader who thinks while reading, you might say "What the hell? Am I protected or not???". The problem is that it depends… In the case where the attacker is between you and your DNS server, the attacker can impersonate the DNS server, downgrade it to a non DNSSEC aware one, and send responses without DNSSEC information.

Now, how can I protect against all of these attacks? Answer is "simple":

1. Configure your own DNSSEC aware server on your localhost, and use that as a resolver. This is pretty easy, even I was able to do it using tutorials.
2. Don't let malware run on your system! ;-)
3. Use at least two-factor authentication for admin access of your DNS admin panel.
4. Use a registry lock (details in part 1).
5. Use a DNSSEC aware OS.
6. Use DNSSEC protected websites.
7. There is a need for an API or something, where the client can enforce DNSSEC protected answers. In case the answer is not protected with DNSSEC, the connection can not be established.

Now some random facts, thoughts, solutions around DNSSEC:

• Did you know .SE signed its zone with DNSSEC in September 2005, as the first TLD in the world?
• Did you know DNSSEC was first deployed at the root level on July 15, 2010?
• Did you know .NL become the first TLD to pass 1 million DNSSEC-signed domain names?
• Did you know that Hungary is in the testing phase of DNSSEC (watch out, it is Hungarian)?
• Did you know that you can also use and test that cool DNSSEC validator?
• Did you know that there are alternative solutions like DNSCrypt?
• Did you know that in the future you might be able to enforce HSTS via DNSSEC?
• Did you know that in the future you might be able to use certificate pinning via DNSSEC?

That's all folks, happy DNSSEC configuring ;-)

Note from David:

Huh, I have just accidentally deleted this whole post from Z, but then I got it back from my browsing cache. Big up to Nir Sofer for his ChromeCacheView tool! Saved my ass from kickin'! :D

Related news

1. Pentest Tools Android
2. Pentest Recon Tools
3. Pentest Tools Framework
4. Nsa Hacker Tools
5. Hacker Tools Free Download
6. Hack App
7. Pentest Tools Tcp Port Scanner
8. Hack Tools Download
9. Hack Tools For Windows
10. Usb Pentest Tools
11. Hack And Tools
12. Github Hacking Tools
13. Pentest Tools For Ubuntu
14. Bluetooth Hacking Tools Kali
15. Hacker Search Tools
16. Hacker Tools For Mac
17. Top Pentest Tools
18. Pentest Tools Open Source
19. Hacking Tools Usb
20. Beginner Hacker Tools
21. Hacking Tools Pc
22. Hacker Tools For Windows
23. Tools 4 Hack
24. Beginner Hacker Tools
25. What Are Hacking Tools
26. Hack Tools Online
27. Hack Tools
28. Hacking Tools For Mac
29. Pentest Tools For Android
30. Hacking Tools For Windows
31. Pentest Tools Framework
32. Free Pentest Tools For Windows
33. What Is Hacking Tools
34. Pentest Tools
35. Hacker Tools Free
36. Hack Tools For Ubuntu
37. Hackers Toolbox
38. Hacker Tool Kit
39. Best Hacking Tools 2020
40. Pentest Tools Bluekeep
41. Pentest Tools Nmap
42. Nsa Hack Tools
43. Computer Hacker
44. Pentest Tools Free
45. Hacking Tools Windows
46. Hacking Tools Download
47. Underground Hacker Sites
48. Hack Rom Tools
49. Install Pentest Tools Ubuntu
50. Hacking Apps
51. Hacker Tools For Pc
52. Pentest Tools For Android
53. Hack Tool Apk No Root
54. Hacker Search Tools
55. Pentest Recon Tools
56. Hacker Tools Software
57. Hacker Tools List
58. Hack Tools
59. Pentest Tools For Ubuntu
60. Hackrf Tools
61. Black Hat Hacker Tools
62. Pentest Tools Website Vulnerability
63. Bluetooth Hacking Tools Kali
64. Hack App
65. Usb Pentest Tools
66. Hacker Tools List
67. Pentest Tools Kali Linux
68. Hacking Tools 2019
69. New Hack Tools
70. Hacking Tools Hardware
71. What Are Hacking Tools
72. Github Hacking Tools
73. Hack Tools For Mac
74. Hacking Tools
75. Nsa Hacker Tools
76. Tools 4 Hack
77. Hak5 Tools
78. Pentest Tools Kali Linux
79. Hacker Tools List
80. Pentest Tools For Windows
81. Ethical Hacker Tools
82. Hacking Tools For Games
83. Hacker Tools Free
84. Tools 4 Hack
85. Usb Pentest Tools
86. Pentest Tools Android
87. Easy Hack Tools
88. Hak5 Tools
89. Pentest Tools Download
90. Nsa Hack Tools
91. Blackhat Hacker Tools
92. Pentest Recon Tools
93. Hackrf Tools
94. Hack Tool Apk
95. Easy Hack Tools
96. Hacker Tools 2020
97. Hack Tools Online
98. Pentest Tools Online
99. Pentest Tools Free
100. Hack App
101. Pentest Tools Website
102. Hack Tool Apk No Root
103. Hacker Tools Hardware
104. Hacking App
105. Pentest Tools For Windows
106. How To Install Pentest Tools In Ubuntu
107. World No 1 Hacker Software
108. Hacking Tools Hardware
109. Hackers Toolbox
110. Wifi Hacker Tools For Windows
111. Physical Pentest Tools
112. Wifi Hacker Tools For Windows
113. Hack Tools 2019
114. Pentest Tools Android
115. Pentest Tools Kali Linux
116. Free Pentest Tools For Windows
117. Hack Tools For Pc
118. Tools 4 Hack
119. Beginner Hacker Tools
120. Hacking Tools And Software
121. Physical Pentest Tools
122. Hacker
123. Hacking Tools Software
124. Hacker Tools Apk Download
125. Hacking Tools For Beginners
126. Hack Apps
127. Hacker Tool Kit
128. Hacker Tools 2020
129. Pentest Tools Find Subdomains
130. Hacking Tools Pc
131. Hacker Tools Apk Download
132. Pentest Tools Linux
133. Hack Website Online Tool
134. Pentest Tools Subdomain
135. Hacker Tools Online
136. Pentest Tools For Android
137. What Are Hacking Tools
138. Pentest Tools Bluekeep