Federal Office for Information Security (BSI)

DNSSEC Support by Home Routers

The present study investigates the compatibilty of Internet access routers, used on private Internet connections, with the DNS protocol extension DNSSEC (Domain Name Security Extensions). Besides checking the compatibility with DNSSEC, other safety features were also checked. In contrast, comprehensive coverage of the German market and/or preparation of individual assessments or product recommendations were not in the focus. The study was undertaken in cooperation with interested manufacturers and Internet service providers.

The Domain Name System (DNS) is the relevant authority for resolving domain names into IP addresses for the Internet. However, there are conceptional weak points that permit an attacker to take control of the domain name resolution process. For example, an attacker can redirect the access from a valid web page to a fraudulent web page. DNS protocol extension DNSSEC (Domain Name Security Extensions) was developed to improve the safety against such phishing attacks.

DNSSEC Support by Home Routers (PDF, 624KB, File is accessible)