Tuesday, December 10, 2013

dnssec godaddy & validations

Godaddy offer dnssec within their premium dns servers. They also manage  DS records. Here's hyperfeed.net  dnssec enable via godaddy dns-servers.

I'm using the dnsviz debugger to verify the  key tags , and to ensure that we are secured from the root down to the subdomain of hyperfeed dot net.

( http://dnsviz.net/d/hyperfeed.net/dnssec/ )

Ahe above graphical representation shows the key-tags  and by hovering over the  Root/  gTLD / domain  levels we can validate we are indeeed secured and get greater details.


By using  dig we can  validate the key tags , which should match the above graphical representations.


 dig +multiline +dnssec hyperfeed.net @pdns03.domaincontrol.com dnskey

( output shorten )

Remember DNSSEC on validates the authenticity of the response if a dnssec query is submitted. It provides no encryption ( review my earlier blog on dnscurve )

So by querying a resource-record we can validate the response by the "ad " flags;

So dnssec can be enabled with ease and validated very simple.

Ken Felix
Freelance Network / Security Engineer
kfelix  ----a---t---socpuppets ---d---o---t---com

     ^      ^
=(  @   @ )=
       /     \

No comments:

Post a Comment