Resources & Tools
Simple, Stress Free UltraDNS DNSSEC
Neustar
May 1, 2022 12:00:00 PM
Protection Against Cache Poisoning and User Theft
DNSSEC is Vital to Your Digital Defense
Stolen usernames, passwords and personal information. Not what you want associated with your organization's website. But without DNS security extensions (DNSSEC) that's exactly what you could face. These days, it's easier than ever to poison DNS server caches and redirect your traffic to phony, malicious sites. Your organization's reputation could take a major hit. With Neustar Security Services UltraDNS, you've got the right protection.
Neustar Security Services UltraDNS: Stress-Free DNSSEC
DNSSEC digitally signs your DNS records, allowing DNS recursive servers to check and validate them. This exposes false responses and prevents cache poisoning attacks.
Like other aspects of DNSSEC, key management can be complex. UltraDNS makes it simple and cost-efficient with:
- A DNSSEC-compliant DNS platform
- Easy-to-use Web management portal
- Automated zone signing
- Automated or manual ZSK key rollovers
- Automated key rollover notifications
Neustar Security Services UltraDNS eases the challenges of new policies and procedures, DNS server upgrades and larger domain zones. (Domain zones signed with DNSSEC are traditionally larger and contain more records to accommodate cryptographic signatures, but not so with UltraDNS.) As a fully managed service, UltraDNS avoids the need for costly DNSSEC training or additional staff to manage private and public key management.
More About Cache Poisoning
When users connect to websites, their requests must be routed to the correct host. A DNS server, typically run by the user’s ISP, transparently converts the FQDN (Fully Qualified Domain Name) to a corresponding IP address. When the correct answer is found, DNS servers cache it for a certain amount of time to decrease network traffic and allow faster future responses. When cyber criminals “poison” these caches with incorrect data, they can redirect people to phony sites and steal usernames, passwords and credit card data.
DNSSEC secures the DNS zone data, providing end to end data integrity and authenticated denial of existence. Developed specifically to counter cache poisoning attacks, DNSSEC protects your users from receiving forged DNS responses. By including this extra security as a standard feature, UltraDNS delivers peace of mind.

Benefits
- Security extensions for your DNS traffic
- Protects against cache poisoning
- Sign zones with traffic management and other dynamic features
- Supports ECDSA for fast, compact signing
- Standard with all UltraDNS packages - no extra cost