- December 12, 2023: Linked to no findings definition.
- December 4, 2023: Finding lifetime definition link changed to Finding Lifetime section.
- September 11, 2023: Separated finding messages.
For the DNSSEC risk vector, we look at a variety of criteria when determining the effectiveness of a Domain Name System Security Extensions (DNSSEC) record. Without DNSSEC configured, some data from the DNS server may not be secure.
Though DNSSEC is not standard in the industry, this risk vector is evaluated since DNSSEC protects DNS resolvers from receiving bad data by using public key encryption to sign domains or other zones to ensure authenticity of records. In short, this technology helps to protect everyday users from malicious redirects when looking up domain names. Refer to the list of registrars that support end-user DNSSEC management.
|Details & Values
|How findings behave, depending on the action taken.
|Impact is immediate.
|The number of days a finding will impact the risk vector grade, assuming nothing changes in the future and the finding is not updated with new information. Learn why findings have a decay and lifetime period.
|There are no findings for this risk vector or we are temporarily unable to collect data. A default risk vector grade is assigned.
Default: – “C (Beta)” Letter Grade
This risk vector does not currently affect security ratings. It is being evaluated for a period before being factored into Bitsight Security Ratings.
|The Bitsight platform regularly checks for new observations. Bitsight findings are updated as these observations change, e.g., newly observed Diligence findings or an existing finding was remediated.
|Automated Scan Duration
|The duration of a regularly scheduled finding refresh, as the Bitsight platform checks for new observations.
|User-Requested Refresh Duration
|The duration of a user-requested refresh, which initiates a refresh of eligible findings upon request. This is recommended when a change in the finding is expected, such as when a finding has been remediated.
|1 Business Day
|Out of 70.5% in Diligence.
DNSSEC findings are evaluated and then graded as GOOD, WARN, BAD, or NEUTRAL. See finding messages: