Protect your data from DNS cache poisoning
A DNS server obtains the IP address that corresponds to a specific domain name (the website URL). It can be seen as a sort of directory. Your browser needs the IP address to contact the web server hosting the website you want to visit. The IP address identifies each machine connected to the internet in a unique manner, exactly like a phone number. It's a small but crucial link for internet security.
In recent years, hackers have developed methods of infecting DNS servers which enable them to divert traffic to their servers (phishing etc.) by falsifying the responses given by the DNS directory.Enable DNSSEC
Learn how to configure a DNSSEC zone on your dedicated server.See the guide
What is a DNS?
The internet browser now knows the IP address of the server hosting the page www.ovh.co.uk. It then sends a query to this IP address which returns the content of the page.
What's the danger? Cache Poisoning
When the user enters www.ovh.co.uk in their browser, the DNS server will retrieve the IP address added by the hacker, instead of the real one: 203.0.113.78.
What is DNSSEC?
DNSSEC secures the authenticity of the DNS response. When the browser sends a request, it comes back with an authentication key, certifying that the IP given is correct.
The user is then guaranteed access to the correct website, when they receives an IP validated by DNSSEC
If a hacker tries to modify the table contained in the DNS server, protected by DNSSEC, it will refuse the requests, because the sent information is not signed.