Today is DNSSEC Day. A day where German IT publisher Heise focusses on DNSSEC, the technology behind it, and the security benefits. There is a live stream with the creators of DNSSEC and useful tips and tricks for admins. The event is sponsored by DENIC and the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik).
DNSSEC in IPFire
IPFire is using DNSSEC since IPFire 2.15 – Core Update 80 which was released a year ago. The DNS proxy that is working inside IPFire will validate all DNS queries for domains that use DNSSEC and will pass only validated results back to the clients. That makes forging DNS responses from the Internet almost impossible and your network safer.
To use DNSSEC with IPFire you do not need to do anything except installing IPFire. It is enabled by default and there is no configuration needed to make your network safer – this is the default setting in IPFire.
DNSSEC Deployment
ipfire.org supports DNSSEC for a long time and many other domains are protected by DNSSEC as well. Although there is criticism that not all domains are using DNSSEC, yet, many important ones like financial institutes and the top-level domains of course are using DNSSEC already.
If you are using IPFire, you are already well equipped with what it takes to use DNSSEC. IPFire also enables you to use DANE, an other technology that makes the web safer. I recommend paying Heise a visit and learn why DNSSEC was invented and how it works.
Using it is easy.
Just use IPFire and you are ready to go!