Protect your data from DNS cache poisoning
A DNS server obtains the IP address that corresponds to a specific domain name (the website URL). It can be seen as a sort of directory. Your browser needs the IP address to contact the web server hosting the website you want to visit. The IP address identifies each machine connected to the internet in a unique manner, exactly like a phone number. It's a small but crucial link for internet security.
In recent years, hackers have developed methods of poisoning DNS servers that enable them to divert traffic to their servers (phishing etc.) by falsifying the responses given by the DNS directory.Enable DNSSEC
This guide will show you how to configure a DNSSEC zone on your dedicated server.See the guide
What is a DNS?
The internet browser now knows the IP address of the server hosting the page. It then sends a query to this IP address which returns the content of the page.
What's the danger? Cache Poisoning
When the user enters www.ovh.com in their browser, the DNS server will retrieve the IP address added by the hacker instead of the real one.
What is DNSSEC?
DNSSEC guarantees the authenticity of the DNS response. When the browser sends a request, it receives an authentication key, certifying that the IP provided is correct.
An IP validated by DNSSEC therefore guarantees that the user will be granted access to the correct website.
If a hacker tries to modify the table in a DNS server protected by DNSSEC, it will refuse the request, as the information supplied will not have been signed.