CO.NL and DNSSEC are one!

21 September 2016

DNSSEC is an extension to the long-existing DNS protocol and stands for ‘DNS Security Extensions‘. This extension on the DNS protocol further secures the use of domain names. With DNSSEC, it is no longer possible to use so-called cache poisoning or ‘man-in-the-middle‘-attacks to influence traffic to a domain name.

To prevent this type of attack, DNSSEC links the response to a DNS query to a digital signature. This makes it possible to check whether the records sent by a DNS server are valid. To achieve this, DNS servers are equipped with an asymmetric cryptography system, or ‘public-key cryptography’. DNS information is thus signed with a private key. This allows users with a public key to verify that the information sent is correct and that there are no problems with this information.