The DNSSEC risk vector determines if a company is using the DNSSEC protocol, which is a public key encryption that authenticates DNS servers, and then assesses the effectiveness of its configuration. The DNSSEC protocol protects against DNS spoofing, which involves diverting traffic to an attacker’s computer, creating an opportunity for loss of confidentiality, data theft, etc.
The details include the data in Findings, Diligence details, and also the following information:
|This flag indicates whether this NSEC3 record can cover unsigned delegations.
|The cryptographic algorithm used to generate the hash.
|The hashed owner name immediately following the requested record.
|The hashed owner name immediately preceding the requested record.
|The hash of the requested record.
|The type of record returned for this domain.
|The value appended to the domain name before the hash is calculated.
|The DNS record of the original owner.