- 17-03-23BIT-2A upgrade: Nieuwe koelmachines
- 30-12-22Wijziging stroomtarieven en portal updates
- 25-11-22BIT Friday
- 21-09-22BIT levert restwarmte aan Warmtebedrijf Ede
- 14-09-22Ruim helft organisaties kijkt naar duurzaamheid in keuze voor datacenter of cloudprovider
- 17-08-22Grand Prix Radio kiest voor betrouwbare hosting van radio-automatisering bij datacenter BIT
- 10-08-22Helft IT-beslissers gaat bij keuze voor nieuwe cloudleverancier voor grote naam
- 21-07-22Ruim een derde van IT-beslissers wil overstap maken naar Europees cloudplatform
- 30-06-22Eén op de vijf IT-beslissers heeft weinig vertrouwen in databescherming en privacy in de cloud
- 27-05-22Update RFO netwerk incident 17-04-2022
BIT now has reverse DNS zones signed with DNSSEC
19-08-2018 09:44:07
Internet operates with domain names and IP addresses. An IP address is connected to a domain name and that connection has been protected at BIT for the last few years by the implementation of DNSSEC signatures on the DNS traffic.
DNSEC
Clients who wish to do so can enable DNSSEC for their domain names in the BIT-Portal. Simply put, this means that answer of the DNS cannot be altered ‘on route’, which creates more security that when you access httsp://example.nl, you are truly accessing the servers of example.nl.
Reverse DNSSEC
Since the start of august, BIT also has all its ‘reverse DSN zones’ signed with DNSSEC. Both for IPv4 as for IPv6 addresses! Because domain names come with IP addresses, but you could (roughly) say that IP addresses are always connected to a name. This is called the ‘reverse’ of an IP address and is also in the DNS, like domain names. Since august, BIT has also secured this ‘reverse DNS’ with DNSSEC!
Why now? While we have been implementing ‘forward’ DNSSEC for years? The step from IP to domain name is much less important for the safe operation of the internet than the step from domain name to IP. The chance of someone causing problems by ‘changing’ the name connected to an IP address into something that is not correct, is very small. The biggest risk is in ‘changing’ the IP address connected to a domain name to redirect internet traffic to an incorrect site. We have mostly activated this DNSSEC protection ‘because we can’ and we like to do things thoroughly.
Did you, in consultation with BIT, get the reverses for IP addresses delegated to you and did you arrange their signing yourself? Give us a call, so we can ensure that the delegation to you is also secure!
By: Sander Smeenk