How do I make an iOS application * * required * DNSSec?

Question

How do I make an iOS application * * required * DNSSec?

I need to make sure that my iOS application requires DNSSec when connecting to a specific server. How can I make sure that DNS calls always use this?

+4

security ios iphone networking

CHI Coder 007 Dec 25 '12 at 17:24

source share

4 answers

user1976968 · Answer 1 · 2013-01-14T10:13:30+0000

You need to include the DNS library in the source code. Try using libunbound. With libunbound you can check the DNSSEC response. In doing so, you can try to use DANE to protect your SSL certificate.

cmittendorf · Answer 2 · 2018-02-27T15:00:38+0000

DNSSEC is available at OS level with iOS 10+ as part of the dnssd Framework . You use it using the kDNSServiceFlagsValidate flag when querying DNS using DNSServiceQueryRecord .

If you want to protect your TLS connection, you need to fulfill the dns request in URLSessions urlSession(_:didReceive:completionHandler:) .

However, you should be aware that there are public DNS servers (such as OpenDNS) that do not support DNSSEC .

mpontillo · Answer 3 · 2012-12-27T06:19:35+0000

Since DNSSEC is not available at the OS level, I think the best option you have is to protect your application by checking your SSL server more carefully than the OS, naturally. See this question for more details. I would recommend implementing the CA certificate that you expect to receive in your application, and compare it by bytes with the root of the trust chain.

This is called certificate attaching .

Black frog · Answer 4 · 2012-12-26T21:06:06+0000

DNSSec is at the OS level. The only thing you can control in your application is the method of connecting to your server. Just use Secure Sockets Layer - SSL in all your messages.

How do I make an iOS application * * required * DNSSec?

More articles: