DNS Protection

As enterprises begin the transition to IPv6, they face the daunting challenge of adapting existing tools to match the specifications of the new standard, this tied with the onslaught of 5G creates complexities on managing networks and resources moving forward. Nowhere will this be more apparent than in the basic infrastructure services such as network configuration, security, and naming services. The DNS appliances should be designed to address the critical need for domain name services in an IPv6 environment while providing backward compatibility with existing IPv4 networks all while addressing DNSSEC requirements recently mandated by ICANN to address both existing and future DNS attack vectors at you network edge and your organizations public-facing presence on the internet .

What benefits will the enterprise derive by implementing the solution?

Some of the key benefits of deploying a DNSSEC solutions is as follows :-

• Secure zone and domain signing

DNSSEC adds security to DNS and provides secure DNS zone and domain signing to prevent forged DNS data and DNS cache poisoning by authenticating the origin of DNS data. Furthermore, DNSSEC provides data integrity to ensure that clients are confident the site they are visiting is the site they intended to visit and not a malicious re-direct while providing authenticated denial of existence. DNSSEC relies on digital signatures and certificates and can protect such authentication information stored in the CERT records in DNS to compare against authoritative DNS servers and correct incorrect entries.

• Future proof IPv6-only network support, along with backwardly compatible IPv4/6 dual stack and stand-alone IPv4

Truly mature solutions support DNS and DNSSEC in a pure-IPv6 environment while also supporting dual-stack IPv4 and IPv6 environments in addition to IPv4-only environments. IPv6-only networks are becoming more prevalent as service providers convert their core networks and offerings to an IPv6 only environment as IPv4 addresses become no longer available and no longer able to support the developments in technology such as 5G and IoT.

• ENUM (DNS enumeration) support in readiness for 5G support where E.164 standard telephone numbers are replaced with SIP URI’s

With the onslaught of 5G, standard telephone numbers (E.164) will be slowly migrated to future-ready SIP URI’s, a standard phone number of +44 1234 5678 will be initially translated (and eventually replaced) with a SIP URI such assip:person@example.com. As this occurs at the DNS level, it is imperative that DNS infrastructure supports this prior to the deployment of 5G and ensure that such infrastructure is future-proof

• IPv6 prefix renumbering

IPv6 addresses are very different to IPv4 addresses and prefix renumbering can take hours and days depending on how many IP addresses need to be renumbered when addresses move from temporally allocated to permanently allocated addresses. DNSSEC solutions automates this for you through auto device configuration