Google now Supports DNS Security Extensions

Posted by John Onwuegbu | Thursday, March 21, 2013 |

Google debuted its public DNS service about 3 years ago with much emphasis on speed and security. The company had always advocated for faster internet, hence the need for building infrastructures to support that goal. And now that internet security seems to have taken a different level of importance, Google have taken a major step towards enhancing internet security as it announced support for DNS Security Extensions.

DNS Security Extensions (DNSSEC) is an emerging internet security standard which enables domain names and IP addresses to be verified through digital signatures and public-key encryption. It's aimed at preventing domain name hijacking, whereby traffic can be redirected from a legitimate website to a fake one by hackers without the knowledge of end users.

Albeit, DNS Security Extensions require some implementation, as ISPs must need to configure their systems to support the new standard, domain owners have to ensure that their websites are digitally signed.

Google stated that it has commenced checking for digital signatures on DNSSEC formatted messages, and that if it cannot validate a domain name, it will return an error message. However, if the domain name that fails to validate is a popular domain, it may exclude the site from blacklisting until fixed.

Additional information are available on Google's technical pages, particularly on DNSSEC support and security pages.