What is DNS?
Today, there are many concepts that are necessary for internet use and many technologies that explain these concepts. One of the most important of these concepts is DNS. In the early days, the use of IP addresses for accessing web pages was not a practical and memorable method. The smartest and most applicable protocol used today for www and other name-based web access is DNS.
DNS, (Domain Name server) is the method and technology that converts name-based services circulating in internet and intranet environments into IP addresses. In short, we can say that it is a naming and matching and matching service.
How does DNS work?
The DNS system consists of name servers and resolvers. Computers organized as name servers keep IP address information corresponding to hostnames. Resolvers are DNS clients. DNS clients contain the DNS server or the addresses of the servers.
When a DNS client wants to find the IP address of a computer against its name, it consults the name server. The name server, that is, the DNS server, sends the IP address corresponding to this name to the client, if there is such a name in its database. Records must be manually entered into the DNS database one by one.
Why is DNS security necessary?
DNS is a protocol that was created 40 years ago and put forward according to the needs of that time, but it is also open to many threats. Required for almost all web traffic. There are many methods for DNS exploits such as DNS hijacking and exploit attacks. These attacks can redirect inbound traffic from a website to a fake copy of the site, collect sensitive user information and put businesses in a difficult position. One of the best-known ways to protect against DNS threats is to adopt the DNSSEC protocol.
What is DNSSEC?
DNSSEC, which stands for " DNS Security Extensions ", was found by the IETF in order to prevent scenarios like the one we just saw. As the name suggests, this time the main goal was determined as security and work began in the 90s.
DNSSEC has increased the validation of DNS with “public-key cryptography”. With DNSSEC, DNS data itself, not DNS queries and responses, is encrypted by the data owner.
In DNSSEC, each DNS zone has a public/private key mapping. The zone administrator signs the DNS data in the zone using the zone's private key and creates a digital signature on that information. The private key is kept by the zone owner. However, public key (public key), it is clear that access to public access. If a random resolver does a DNS query in that zone, it will return the public key and this information will be used to validate the DNS data. If the key is valid, the DNS data is also valid and DNS data is returned to the user. If not, a defect notification to the user is displayed and the contact is automatically cut off.
DNSSEC adds 2 valuable features to the DNS protocol:
· The decoder verifies where the information came from with a cryptographic password. If the password is not valid, it cuts off the connection with the server. This is called “data origin authentication”.
· With "data integrity protection”, the decoder knows that the incoming information is not changed while incoming and is encrypted with the special password of the region.
