The Domain Name System (DNS) plays a critical part in Internet communications, as it's used to translate a human-readable computer hostname into an IP address -- such as searchsecurity.co.uk to 65.214.43.49 -- so that it can be understood and used by networking equipment, computers and software programs.
It's the world's largest distributed database, but when it was originally designed back in 1984, scalability and availability were the key goals and little attention was given to security.

This lack of security has lead to a series of DNS-related vulnerabilities. For example, if attackers can change your DNS zone data -- the DNS namespace for which you're administratively responsible -- they can set up counterfeit Web servers, or cause email to be redirected to other servers. Cybercriminals are increasingly using false DNS servers to intercept legitimate Web addresses and redirect users to fake sites in order to capture personal information or install malware.

A fix for the critical shortcomings of DNS server security has been a long time coming, in large part due to the problem of maintaining backwards compatibility. But Domain Name System Security Extensions (DNSSEC) has finally been rolled out, and this new security layer is a major step towards a more secure Web address

The link for this article located at Search Security is no longer available.