DNSSEC, From An End-User Perspective, Part 3

In the first post of this DNSSEC series, I have shown the problem (DNS vulnerabilities), and in the second post, the "solution." In this third post, I am going to analyze DNSSEC. Can DNSSEC protect the users against all of the attacks? Or just part of them? What about corner cases?

The following list are the attack types from the first post, where DNSSEC can protect the users:

• DNS cache poisoning the DNS server, "Da Old way"
• DNS cache poisoning, "Da Kaminsky way"
• ISP hijack, for advertisement or spying purposes
• Captive portals
• Pentester hijacks DNS to test application via active man-in-the-middle
• Malicious attacker hijacks DNS via active MITM

The following list are the attack types from the first post, where DNSSEC cannot protect the users:

• Rogue DNS server set via malware
• Having access to the DNS admin panel and rewriting the IP
• ISP hijack, for advertisement or spying purposes
• Captive portals
• Pentester hijacks DNS to test application via active man-in-the-middle
• Malicious attacker hijacks DNS via active MITM

If you are a reader who thinks while reading, you might say "What the hell? Am I protected or not???". The problem is that it depends… In the case where the attacker is between you and your DNS server, the attacker can impersonate the DNS server, downgrade it to a non DNSSEC aware one, and send responses without DNSSEC information.

Now, how can I protect against all of these attacks? Answer is "simple":

1. Configure your own DNSSEC aware server on your localhost, and use that as a resolver. This is pretty easy, even I was able to do it using tutorials.
2. Don't let malware run on your system! ;-)
3. Use at least two-factor authentication for admin access of your DNS admin panel.
4. Use a registry lock (details in part 1).
5. Use a DNSSEC aware OS.
6. Use DNSSEC protected websites.
7. There is a need for an API or something, where the client can enforce DNSSEC protected answers. In case the answer is not protected with DNSSEC, the connection can not be established.

Now some random facts, thoughts, solutions around DNSSEC:

• Did you know .SE signed its zone with DNSSEC in September 2005, as the first TLD in the world?
• Did you know DNSSEC was first deployed at the root level on July 15, 2010?
• Did you know .NL become the first TLD to pass 1 million DNSSEC-signed domain names?
• Did you know that Hungary is in the testing phase of DNSSEC (watch out, it is Hungarian)?
• Did you know that you can also use and test that cool DNSSEC validator?
• Did you know that there are alternative solutions like DNSCrypt?
• Did you know that in the future you might be able to enforce HSTS via DNSSEC?
• Did you know that in the future you might be able to use certificate pinning via DNSSEC?

That's all folks, happy DNSSEC configuring ;-)

Note from David:

Huh, I have just accidentally deleted this whole post from Z, but then I got it back from my browsing cache. Big up to Nir Sofer for his ChromeCacheView tool! Saved my ass from kickin'! :D

More info

1. Hack Tools Pc
2. Hacker Tools For Mac
3. Hacker Tools Windows
4. Tools For Hacker
5. Hack Tools Online
6. Android Hack Tools Github
7. Hacking Tools For Beginners
8. Hacking Tools Kit
9. Game Hacking
10. Hak5 Tools
11. New Hack Tools
12. Pentest Tools Android
13. Hacker Tools Github
14. Pentest Recon Tools
15. Best Pentesting Tools 2018
16. Termux Hacking Tools 2019
17. Hacker Tools Software
18. Pentest Tools Windows
19. Pentest Tools Find Subdomains
20. Hacking Tools For Pc
21. Game Hacking
22. Hacker Tools
23. World No 1 Hacker Software
24. How To Hack
25. Hacking Tools Usb
26. Nsa Hack Tools
27. Pentest Tools Url Fuzzer
28. Pentest Tools Port Scanner
29. Hacker Tools For Pc
30. Pentest Tools Url Fuzzer
31. Hack App
32. Hacker Tools For Mac
33. Pentest Tools
34. Pentest Tools Tcp Port Scanner
35. What Are Hacking Tools
36. Blackhat Hacker Tools
37. Wifi Hacker Tools For Windows
38. Growth Hacker Tools
39. Pentest Tools Tcp Port Scanner
40. Hacking Tools
41. Android Hack Tools Github
42. Pentest Tools Nmap
43. Github Hacking Tools
44. Hacking Tools For Pc
45. Github Hacking Tools
46. Hacker Tools For Mac
47. Easy Hack Tools
48. Android Hack Tools Github
49. Pentest Tools Website
50. Best Pentesting Tools 2018
51. How To Make Hacking Tools
52. How To Hack
53. Nsa Hacker Tools
54. Best Hacking Tools 2020
55. Hacking Tools Online
56. Pentest Recon Tools
57. Hack Tools Online
58. Black Hat Hacker Tools
59. Hacking Tools 2019
60. Pentest Tools Open Source
61. Pentest Tools Apk
62. Hack Tools
63. Hacking Tools
64. Pentest Box Tools Download
65. Game Hacking
66. Hacker Security Tools
67. Pentest Recon Tools
68. Hacker Tools Software
69. Beginner Hacker Tools
70. Hacking Tools Hardware
71. Pentest Tools Github
72. Hacking Tools Github
73. Game Hacking
74. How To Install Pentest Tools In Ubuntu
75. Install Pentest Tools Ubuntu
76. Hacking Tools Name
77. Hack Tools Download
78. How To Hack
79. Tools For Hacker
80. Hacking Tools Kit
81. Physical Pentest Tools
82. Hacking Tools Windows 10
83. Hacker Tools For Pc
84. Hacker Tools For Windows
85. Nsa Hack Tools Download
86. How To Make Hacking Tools
87. Hack Tools For Mac
88. Pentest Tools For Mac
89. Pentest Tools Review
90. Hacker Tools Github
91. Hack Tools For Pc
92. Pentest Tools Windows
93. Pentest Automation Tools
94. Hack Tools For Games
95. Hacks And Tools
96. Hacker Tools For Pc
97. Hacking Tools For Windows Free Download
98. Hacking Tools
99. Tools Used For Hacking
100. Black Hat Hacker Tools
101. Hack Tools
102. Hacking Tools For Windows Free Download
103. Hacker Tools Windows
104. Wifi Hacker Tools For Windows
105. Pentest Tools Find Subdomains
106. Hackrf Tools
107. Hack Tools Pc
108. Pentest Tools Linux
109. Easy Hack Tools
110. Hacker Tools Online
111. Pentest Reporting Tools
112. Beginner Hacker Tools
113. Pentest Tools Free
114. Hacker Tool Kit
115. Hack Tools Pc
116. How To Make Hacking Tools
117. Easy Hack Tools
118. Tools 4 Hack
119. Kik Hack Tools
120. Hacking Tools 2019
121. Pentest Tools Website Vulnerability
122. Pentest Tools List
123. Hack Tools Github
124. Termux Hacking Tools 2019
125. What Is Hacking Tools
126. Hacking Tools Pc
127. Hack Tools For Pc
128. Pentest Tools Find Subdomains
129. Hacking Tools For Beginners
130. Nsa Hack Tools Download
131. Best Pentesting Tools 2018
132. Hacker Tools For Mac
133. Hacker Tools
134. Github Hacking Tools
135. Tools Used For Hacking
136. Hacks And Tools
137. Kik Hack Tools
138. Hacker Tools Online
139. Hacker Tools Free Download
140. Pentest Tools Port Scanner
141. Hacker Tools 2019