For consumer electronics vendors, DNSSEC can provide a mechanism to ensure that the information you are retrieving from DNS is in fact the correct information. This can ensure that your device is connecting to the correct locations for signing in, retrieving configuration information, downloading content and more.
To receive this additional layer of protection, in most cases what you need to do is to enable the DNS resolver inside your device to perform “DNSSEC validation”.
1. Understand the basics of DNSSEC. If you would like to understand more of the basics of DNSSEC, we suggest starting with this video (and this video interview) and also viewing the following resources:
2. Learn how to deploy DNSSEC-validating DNS resolvers. To assist in the development of DNSSEC in your products, it would be good to deploy “DNSSEC-validating DNS resolvers” that allow users on your network to be able to have their DNS queries validated with DNSSEC. This whitepaper is a great place to start:
3. Determine what tools may be out there to help automate your usage of DNSSEC.
4. Understand what developer libraries are out there that support DNSSEC:
5. Explore how you could use DANE to provide an extra layer of trust and protection to TLS/SSL certificates:
6. Sign your own domains:
7. Build the case for management about your deployment of DNSSEC:
8. Keep up-to-date on the latest DNSSEC news and activities:
Please let us know how we can help you get DNSSEC deployed!