Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Implements DNSSEC Validation For Public DNS

Posted by Soulskill on from the internet-dragging-its-feet-slightly-less dept.

wiredmikey writes "Google on Tuesday announced that it now fully supports DNSSEC (Domain Name System Security Extensions) validation on its Google Public DNS resolvers. Previously, the search giant accepted and forwarded DNSSEC-formatted messages but didn't actually perform validation. 'With this new security feature, we can better protect people from DNS-based attacks and make DNS more secure overall by identifying and rejecting invalid responses from DNSSEC-protected domains,' Yunhong Gu, Team Lead, Google Public DNS, wrote in a blog post. According to Gu, about 1/3 of top-level domains have been signed, but most second-level domains remain unsigned. According to NIST, there has been no progress in enabling DNSSEC on 98 percent of all 1,070 industry domains tested as of March 18, 2013. 'Overall, DNSSEC is still at an early stage and we hope that our support will help expedite its deployment,' Gu said."

3 of 101 comments (clear)

  1. Re:What web sites and hosts do you visit? by Nerdfest · · Score: 3, Insightful

    I think your ISP has a much better log of your activities.

  2. Re:DNSSEC is inferior to custom HOSTS file by Wamoc · · Score: 3, Insightful

    Could Slashdot please put in some sort of filter to automatically detect this nut and not let him post this on every story? Most the time I am against censorship, but this same comment does not belong on every story posted.

  3. Re:more data for google -- a LOT more by ledow · · Score: 3, Insightful

    Please explain how you know that, for example, Microsoft doesn't already do a lot of similar things?

    For a start, every new connection you check in with Microsoft by connecting to a Microsoft server and downloading a text file (look up NCSI - and, yes, you can change the registry entries to your own server if you wish, but so can you NOT use Google's DNS servers. I actually use it as a primitive "call home" device should someone be stupid enough to steal my laptop - as soon as it's turned on on an unknown Internet connection, it will try to talk to my server as a connection test, which would give me their IP).

    Or time.microsoft.com. Same sort of thing. Hell, a lot of security suites "call home" with details of what pages you're going to in order to see if they are malware, etc. Opera Mini/Mobile "calls home" to a server that could even cache your SSL connections in theory, etc. Just what precisely distinguishes Google from anything else that you have voluntarily installed on your computer?