FRITZ!Box 7560
72
DNSSEC: Security for DNS Queries
12.8
DNSSEC: Security for DNS Queries
DNSSEC is short for Domain Name System Security Exten-
sions. As the name says, this is an extension of DNS, the do-
main name system.
DNSSEC ensures that both the DNS server and the informa-
tion returned by the DNS server are authentic, or genuine.
Security with DNSSEC
When a home user surfs the web, she or he sends queries to
the Internet by entering URLs in the address bar of the brows-
er. A URL is the name of a website that is easy to remember,
for instance
. Every query is sent to the DNS server
first. The DNS server resolves the URL into the corresponding
IP address. There is one unique IP address for every URL.
The home user relies on the authenticity of the IP address re-
turned by the DNS server. Authentic means that the response
is the IP address of the desired website, and not a faked IP
address that leads to a fake website. DNSSEC can ensure that
the returned addresses are authentic.
Support with the FRITZ!Box
The FRITZ!Box supports DNSSEC queries over UDP.
The FRITZ!Box has a DNS proxy. The computers in the home
network use the FRITZ!Box as a DNS server. The FRITZ!Box for-
wards DNSSEC queries from the home network to the Inter-
net. The FRITZ!Box forwards DNSSEC responses from the
Internet to the home network. The DNSSEC information must
be validated on the computer in the home network. For this
DNSSEC must be supported in the operating system.