DNSSEC setup on DNS Server Google Cloud DNS. This guide helps you to setup DNSSEC to secure your domain name from DNS cache poisoning.

What is DNSSEC?

Domain name system security extensions (DNSSEC) is a set of protocol that adds a layer of security to the domain name system (DNS) lookup and exchange processes. This was introduced in 2005 to improve DNS security.

How Does it Work?

DNSSEC signs all the data sent on DNS records so that the resolvers can verify it’s authenticity. This makes sure that you are connecting to the DNS records that belong to the real domain name you are trying to reach, instead of a hacked one. This will prevent the attackers from manipulating or poisoning the responses to DNS requests.

How to Setup DNSSEC

Make sure have you have created a DNS zone for your domain in Google Cloud DNS.

You can also enable DNSSEC while creating a DNS zone. Just select the DNSSEC to On and click save.

If you already have your DNS zone setup you can easily select the DNSSEC option to On and shown in the image.

How to Setup DNSSEC

Once you have selected On Google Cloud DNS will create DNSSEC records for public keys (DNSKEY), signatures (RRSIG), and non-existence (NSEC, or NSEC3 and NSEC3PARAM) to authenticate your zone’s contents and manages them automatically.

Now click on your Zone name and click the Registrar Setup at the top right to view the DNSSEC resource records to update in your domain.

How to Setup DNSSEC records
  • Key tag: Numeric value that refers to an existing DNSKEY record.
  • Algorithm: Encryption algorithm that created the security key in the DNSKEY record.
  • Digest type: Algorithm used to create the digest of DNSKEY record.
  • Digest: Hashed value of the DNSKEY record that uniquely identifies it without exposing the value of the key.

Configure DS records with the registrar

Now update the above mentioned values at your registrar to secure a domain name.

  • Sign in to Google Domains.
  • Select the name of your domain.
  • In the left navigation panel, click DNS.
  • Scroll to DNSSEC.
  • Create an entry using the values from previous steps.
Configure DS records with the registrar

Now DNSSEC is activated for your domain and it’s secured from DNS cache poisoning.

DNSSEC Test

You can validate your DNSSEC using these websites (http://dnsviz.net/, https://dnssec-analyzer.verisignlabs.com/

DNSSEC Validation

Check and confirm your DNSSEC validation and have a secured DNS server.

Write A Comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Like this post...

Signup for FREE Cloudbooklet Newsletter
SUBSCRIBE
close-link
Please help us get 1000 likes in Facebook. Thank You!
LIKE NOW

Stay Connected!

Get latest tutorials on Google Cloud and Open Source topics
SUBSCRIBE
close-link