Brutkey

nixCraft 🐧
@nixCraft@mastodon.social

DNSSEC uses digital signatures to verify the authenticity of DNS data. It's needed for a domain to prevent attackers from hijacking traffic through DNS spoofing or cache poisoning. DNSSEC ensures that when a user looks up your domain, they are directed to the correct IP address and not a malicious, fraudulent site or recoreds. So how do you verify DNSSEC enabled or validated? Simply run:
delv domain-name-tld
delv domain @8.8.8.8

For more info see https://www.cyberciti.biz/faq/unix-linux-test-and-validate-dnssec-using-dig-command-line/

Anders Gulden Olstad
@andersgo@infosec.exchange

@nixCraft@mastodon.social It’s striking to see how many organisations that are not using DNSSEC, even large financial institutions. Still they tell us to trust their DNS resolvable FQDNs when we ask for IPs to list in our firewall filters.