Back in 2008, security researcher Dan Kaminsky discovered a poisoning flaw in DNS that could have enabled attackers to infect DNS servers and trick them into pointing to a possibly incorrect IP address. While the underlying DNS server technologies have been patched for the Kaminsky flaw, DNSSEC is regarded as the longer-term solution to improving DNS integrity. DNSSEC support for Virtual DNS is currently a beta feature, according to Prince.
“We’re able to add DNSSEC records into the response even if the provider doesn’t support DNSSEC, as long as the individual domain is signed,” Matthew Prince, CEO of CloudFlare said.
By making it easier to enable DNSSEC, CloudFlare can help secure more of the Internet, Prince said. “DNS is the heart of the Internet, and DNS poisoning is a real problem, and it’s a type of attack that happens daily on the Internet,” Prince said. “DNSSEC is a way of solving that problem, and it’s a protocol that has been hard and complex to implement.”
Read the full story at eWEEK:
CloudFlare Introduces Virtual DNS Security Service
Sean Michael Kerner is a senior editor at InternetNews.com. Follow him on Twitter @TechJournalist.