Articles on: DNS

How to secure your DNS configuration with DNSSEC to prevent spoofing and cache poisoning

DNS cache poisoning and spoofing attacks can redirect your website's visitors to malicious sites without you knowing. To prevent these attacks, dotCanada.com recommends enabling DNSSEC (Domain Name System Security Extensions) on your domains.
DNSSEC adds digital signatures to DNS data to verify its authenticity. This prevents forged or manipulated DNS data from being accepted by resolvers.
Here are the steps to enable DNSSEC on your cPanel server:

Log into your cPanel account

Navigate to the "Security" section and click on "DNSSEC"

Click "Generate New Keys" to create DNSSEC keys for your domain

Once generated, click "Add DNSSEC Records" to add the DNSSEC records to your zone file

That's it! DNSSEC is now enabled for your domain. However, there are a few additional optional steps you can take:
• Upload the DS record to your domain registrar to enable DNSSEC validation across resolvers
• Configure DNSSEC validation in BIND to only accept validated responses
• Set up DNSSEC key rollover to automatically update keys periodically

Benefits of Using DNSSEC:
• Prevents cache poisoning attacks that redirect traffic
• Ensures end-users reach the legitimate website
• Cryptographically proves DNS data is not tampered with
• Improves security and trust in your domain

At dotCanada.com, we highly recommend enabling DNSSEC on all your domains to take advantage of these security benefits.

Updated on: 19/04/2024

Was this article helpful?

Share your feedback

Cancel

Thank you!