i

Buy a domain and host your business online free for 3 months. **

Claim offer
.com
$ 5.99 $ 26.99 /1st year
.one
$ 1.99 $ 16.99 /1st year

Log in

Control Panel Webmail Website Builder Online Shop File Manager WordPress

What is DNSSEC?

Find out why you should implement DNSSEC

vector

Brief Summary

Glossary

DNSSEC is a security measure that strengthens authentication in DNS. It helps protect the internet from hackers by making sure that the websites you visit are actually the ones you intended to visit.

In order to understand what DNSSEC is, you need first to understand what DNS is, also known as Domain name system or Domain name server. 

DNS translates the URL of a website that you want to visit into numbers so that your computer understands what you are trying to achieve. Your computer understands numbers better than a URL. Thus, the DNS will translate that URL into an IP address when you type in the URL. You can dig deeper into DNS in this article, explaining it all for you. 

But what is DNSSEC? DNSSEC stands for Domain name system security extensions. As a website owner, you can always stay secure and keep your customers protected by implementing DNSSEC, security keys that protect your website and your customers. 

Why should you implement DNSSEC?

Let’s start with what can happen if you don’t implement DNSSEC. For example, if you decide to visit a website to make some purchases, you might be scammed by hackers. You probably won’t notice, in a situation like this, that the website you’ve entered is a malicious duplicate of the actual website you wanted to visit, so you’ve just purchased an item and submitted your credit card information to hackers. 

When you visit a website, your computer will start making queries to various name servers to get the page location (the numbers/IP address) as a response. If the queries are not secure, you might end up in a hijacked environment; a malicious website duplicate. The hijacked environment might look exactly like the website you intended to visit, with one significant difference. To steal from you or, even worse, steal your identity. 

If the website you wanted to visit initially had DNSSEC, this would not happen. Thus, if you’re a website owner or planning on owning a website in the near future, we recommend that you use DNSSEC to keep your website and customers protected. 

How does DNSSEC work? 

DNSSEC validates queries made by you and your computer to make sure that you don’t end up in a hijacked environment. Once DNSSEC has looked through the queries, you can get a DNSSEC validated response, or a DNSSEC signed response. This response will let you know that the IP address/website you’re about to visit is validated and correct. If you receive a response that says DNSSEC status not signed, it’s not validated and accurate. 

ICANN has developed a chain of trust system. In 2010, ICANN signed the root-level domain and is now available as a DNSSEC validation. This means that based on the signed root-level domain, the top-level domains can also get signed and be trusted. This continues as a waterfall effect in this chain of the trust system. It’s all thanks to the fact that the ICANN organisation signed on the root level domain and validated its security that we can have a chain of trust system. DNSSEC is very important because DNS is not as secure on its own. Today, you can get DNSSEC validated responses to anyone who wants to find out the correct IP address on behalf of your web application.

DNSSEC Test

If you want to test DNSSEC on your website, go to https://dnssec-analyzer.verisignlabs.com/

Enter your URL and wait for the results.