Route 53 Support for DNSSEC
DNSSEC Signing in Amazon Route 53
DNS attacks are fairly common because DNS was not designed with security at the center. In a DNS attack, the attacker exploits the communication between clients and servers. Amazon’s DNS web service, Route 53, provides DNSSEC signing to combat the inherent vulnerabilities in DNS. The DNSSEC feature in Route 53 enable DNSSEC signing for all existing and new public hosted zones, as well as DNSSEC validation for Amazon Route 53 Resolver. This validates that a DNS response coming from Amazon Route 53 and has not been tampered with.
To learn more, visit the AWS documentation for configuring DNSSEC signing in Amazon Route 53.
DNS is the target of many attacks. If an attacker can undermine the reliance we place on DNS to ensure that we have ended up on a verified website because of the URL that we’ve put in and it has not passed us over to some malicious server somewhere over in another country, then we just can’t trust what we’re doing on the web. That’s why DNSSEC is a very important service to utilize and now Amazon Route 53 supports the use of DNSSEC. You are able to enable it so that Route 53 cryptographically signs your hosted zone and it ensures that the data origin authentication and data integrity verification is occurring, so we can be assured the session has not been tampered with in transit. Be sure to look into this today to ensure you are utilizing this important service.