Cloudflare is now making it possible to switch DNSSEC on in their dashboard. In doing this, Cloudflare hopes it removes a major web security weak point, which countless websites haven’t implemented, either because it was so complicated or too expensive.

This move is part of the San Francisco-based networking giant’s aim of building a better internet.

In my lifetime, I’ve always been able to open up a website and take it’s accessibility for granted. The Domain Name System, which is responsible for translating web addresses into computer-readable IP addresses, has been exposed to countless vulnerabilities making it fairly easy to hack any step of the process to send users to fake or malicious sites.

In the past year, there are two incidents that indicate this; traffic from Amazon, Google Facebook, Apple and Microsoft were hijacked and rerouted for a time period between minutes and hours at a time.

Hijack of Amazon’s internet domain service used to reroute internet traffic for two hours unnoticed

Suspicious event routes traffic for big-name sites through Russia

This is why there’s a new security-centered DNS standard – DNSSEC. It’s like DNS, but it protects request end-to-end, from computer or mobile device to the web server of the site you’re trying to visit, by signing the data so that it is reasonably more difficult to spoof. DNSSEC adoption has been surprisingly low until now, largely because the domain owners can’t be bothered, but also because their DNS operators either don’t support it or charge unreasonable prices for the setting.

Traditionally, setting up a DS record was notoriously difficult.. Cloudflare has now done the hard work in setting those DS records up for us, so customers (like me) on a supported registrar can now set up DNSSEC.

Similar to the adoption pattern of HTTPS, which was slow over the years and then finally took off sometime in 2015, there is still hope that DNSSEC can follow the same path. The more website owners adopt the technology, internet users all over the world become less vulnerable to DNS attacks.

Alex

Posted by Alex

Founder & CEO of The Mainframe