dnssec godaddy & validations

Godaddy offer dnssec within their premium dns servers. They also manage  DS records. Here's hyperfeed.net  dnssec enable via godaddy dns-servers.


I'm using the dnsviz debugger to verify the  key tags , and to ensure that we are secured from the root down to the subdomain of hyperfeed dot net.

( http://dnsviz.net/d/hyperfeed.net/dnssec/ )

Ahe above graphical representation shows the key-tags  and by hovering over the  Root/  gTLD / domain  levels we can validate we are indeeed secured and get greater details.


e.g

By using  dig we can  validate the key tags , which should match the above graphical representations.

e.g

 dig +multiline +dnssec hyperfeed.net @pdns03.domaincontrol.com dnskey


( output shorten )

Remember DNSSEC on validates the authenticity of the response if a dnssec query is submitted. It provides no encryption ( review my earlier blog on dnscurve )

So by querying a resource-record we can validate the response by the "ad " flags;

So dnssec can be enabled with ease and validated very simple.

Ken Felix

Freelance Network / Security Engineer

kfelix  ----a---t---socpuppets ---d---o---t---com

     ^      ^

=(  @   @ )=

          o

       /     \