OpenDNSSEC to the rescue

Summary:The release of a working version of OpenDNSSEC gives the open source process another shot at getting DNS right.

The Internet's domain name service (DNS) is based on open source BIND.

Trouble is BIND is insecure. As security expert Dan Kaminsky discovered in 2008 the cache can be poisoned, people redirected to malware sites.

So do you go with something proprietary, like Skye? You could, but there is another option, OpenDNSSEC, which hit Version 1.0 this week.

OpenDNSSEC adds digital signatures to DNS requests before they are acted upon. It's still not perfect. Until standards are developed you need to connect with your parent zone registrar periodically to assure security.

But it's a lot better than nothing. Nothing is, unfortunately, what a lot of sites are offering.

The release of a working version of OpenDNSSEC gives the open source process another shot at getting DNS right. Big companies are earning big money keeping customers' DNS secure. If you are a big company such protection will look cheap.

If you are not a big company, however, you may not be able to afford that kind of security. The fact so many companies can't afford it also helps the bad guys.

Like everyone else I don't know everything, and I do make mistakes. But I try to fix my mistakes and when I don't know something I know who to call, or how to find who to call.

OpenDNSSEC should be on every good security manager's bookmarks.

Topics: Browser, Security

About

Dana Blankenhorn has been a business journalist since 1978, and has covered technology since 1982. He launched the Interactive Age Daily, the first daily coverage of the Internet to launch with a magazine, in September 1994.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.