Discuss this help topic in SecureBlackbox Forum

Use DNSSEC and custom DNS servers

SecureBlackbox includes own DNS and DNSSEC client implementation. This implementation lets you make transport classes (SSL / TLS, FTP, HTTP, SMTP, POP3, IMAP, WebDAV, LDAP, SSH, SFTP, AS2, AS3, Cloud) use the DNS server of your choice instead of default servers defined in the system.

With DNSSEC support enabled you protect your socket connection from being fooled by possible DNS cache poisoning and other malicious DNS activities. DNSSEC requires that the DNS record for the destination server contains a certified signature.

You can use TElHTTPSClient.DNS property to configure the list of desired DNS servers. To enable custom DNS service you should set TElDNSSettings.Enabled property to 'true' and add custom servers IPs using TElDNSSettings.Servers property.

TElDNSSettings.UseSecurity should be turned on to enable DNSSEC.

One can handle the next events of a DNSSEC-enabled class:

  • OnKeyNeeded - This event is fired when a key is required to verify a signature. Provide the corresponding key record via Key parameter.
  • OnKeyValidate - This event is fired when a key needs to be validated. Provide the validation result via Valid parameter.

How To articles about socket-related questions

Discuss this help topic in SecureBlackbox Forum