2

I have TLS installed for a website, does it matter if DNSSEC is enabled for this domain or there is no real need for that then?

Motaz M. El Shazly
  • 21
  • 2

1 Answers1

0

Check out Cloudflare: How DNSSEC works - they do a great write up on this and why its important. If you are concerned about providing a secure experience to your end users, or use your domain to provide email services that you send or receive from. DNSSEC would be a good (and easy to setup) choice for you.

Matt
  • 57
  • 1
  • 7
  • 1
    Thank you, but my question then is, if I am using a TLS certificate but the DNS was altered for user to point to a fraud server, wouldn't that show a broken SSL flag on the browser? if not blocking access entirely in modern browsers. – Motaz M. El Shazly Oct 25 '18 at 16:18
  • Ah! you are part of today's lucky 10,000! Allow me to introduce you to: https://github.com/kgretzky/evilginx2 A MITM attack that uses valid SSL certs and steals the data to then be used by the attacker while delivering you the CORRECT AND REAL websites you were attempting to access. – Matt Oct 25 '18 at 16:26
  • Bit late to the party, but evilginx2 isn't really relevant here since it's really an automated phishing tool; even with properly set up TLS/SSL and DNSSEC your users would still be vulnerable since evilginx2 uses the attacker's domain. – adrian May 05 '22 at 02:34