CloudFlare launched Universal DNSSEC to protect any Internet property from DNS poisoning attacks.
DNSSEC is a set of security extensions that ensure the integrity of DNS by cryptographically guaranteeing DNS records have not been altered in transit.
The company said the Universal DNSSEC guarantees a website’s traffic is safely routed to the correct servers so that a site’s visitors are not intercepted by a hidden “man-in-the-middle” attacker.
These attacks usually go unnoticed by sites’ visitors, increasing the risk of phishing, malware infections, and personal data leakage.
CloudFlare CEO Matthew Prince said the number of DNS poisoning attacks increased dramatically over a year.
“By providing DNSSEC to all our customers at no cost, we thwart these attacks and ensure our customers can trust the fidelity of their DNS.”
CloudFlare noted that current protocols still require customers manually copy records to their domain’s registrar.
CloudFlare said it is working with registrars, registries, and industry organizations to develop a new protocol for DNS providers to be able to automatically propagate DNSSEC records on behalf of their customers.
CloudFlare has partnered with the registries for .CA and .CL top level domains (TLDs) for a large scale demonstration of the new protocol in the coming months.
CloudFlare customers with domains under one of these partner TLDs will get automatically enabled DNSSEC by default — no record copying required.