Domain Name System Security Extension (DNSSec) is designed to protect against forged and manipulated DNS data, thus ensuring that DNS records received are identical to the records published on the DNS server. Traditional DNS records can be forged/modified however this becomes extremely difficult with DNSSEC.
How does it work?
DNSSEC works by digitally signing records for DNS lookup using public-key cryptography. The correct DNSKEY record is authenticated via a chain of trust, starting with a set of verified public keys for the DNS root zone.
By checking the digital signature, a DNS resolver is able to check if the information is identical (i.e. unmodified and complete) to the information published by the zone owner and served on an authoritative DNS server.
DNSSEC can protect any data published in the DNS, including text records (TXT), mail exchange records (MX), etc.
How do I set it up?
Currently we do not offer hosted DNSSec services, however, as a registrar we provide the tools to allow you to configure your domain to work with third party DNS providers that offer DNSSec.
To configure the service you will need to get the Delegation Signer Records (DS) for the domain from your DNSSEC provider.
In order to do so, follow these steps:
1. Sign the domain with DNSSec at your DNS provider and note the information from the DS records that was generated.
2. Complete the fields below.
3. Send the completed fields to the following address: email@example.com
Please note: It can take up to 48 hours for your application to be processed. Additional time may be required for DNS propagation as well though this timeframe varies depending on the company.
Please sign in to leave a comment.