Introduced on our web hosting platform some time ago, the DNSSEC protocol helps protect domains from being hijacked and used for phishing purposes.
Initially, DNSSEC support was enabled only for the most popular generic TLDs, namely .COM, .NET, .ORG, .INFO and .BIZ. After a series of API implementations, we expanded the list of DNSSEC validation-eligible Top-Level Domains.
Learn more about the DNSSEC-compatible TLDs on our platform and the benefits of enabling the validation protocol for your domain names from our post.
What is DNSSEC all about?
DNSSEC was brought to life in response to a decades-old vulnerability in the DNS lookup process that re-surfaced a few years ago.
Cyber security experts found out that the DNS system did not actually check for credentials when DNS lookups were being performed, which allowed hijackers to sneak through the DNS lookup process and to take control of a session in order to exploit it for their own phishing purposes.
This made experts conclude that the Domain Name System could not fully guarantee the validity and the integrity of the data being sent in response to a DNS query.
That’s when the need for a security protocol like DNSSEC arose.
The technology behind the protocol is called DNS Security Extensions (DNSSEC) and is aimed at securing namely this vulnerable part of the Internet’s infrastructure.
DNSSEC protects against hijacking attacks by ‘signing’ data digitally so as to ensure it is valid.
In order for the DNSSEC protocol to operate efficiently, it must be deployed at each step of the DNS lookup process.
This means that there is a whole host of entities that have to contribute to making the DNSSEC validation process work, including registries, registrars, hosting companies, software developers, hardware vendors, Internet technologists, etc.
To put it simply – ICANN has to take charge of the DNSSEC validation at the root level, registries need to ensure that the TLDs they are administering are DNSSEC-compatible, whereas domain registrars and web hosting providers need to enable support for the DNSSEC protocol at the end of the DNS lookup chain.
In contrast to another Internet security protocol – SSL, DNSSEC does not encrypt data. It only verifies the validity of the given web address.
You can learn more about the DNSSEC validation mechanism from our dedicated post.
DNSSEC – main security benefits
As a security extension of the DNS system itself, DNSSEC represents a very important implementation on the way to a more secure, vulnerability-free Internet.
Here are the key benefits the DNSSEC protocol brings to the table:
- minimized cyber security risks – DNSSEC eliminates the potential for man-in-the-middle (MITM) and cache poisoning attacks;
- an increased level of trust for online activities – DNSSEC makes e-commerce, online banking, online software distribution, VoIP, etc. activities more secure;
- a growing variety of online data transactions – the more DNSSEC-validated data circulates online, the more types of secure data transactions will come on the scene;
Which TLDs are DNSSEC-compatible on our platform?
At first, DNSSEC support was enabled for the following generic TLDs: .COM, .NET, .ORG, .INFO and .BIZ.
Over time, the list has grown to include more TLDs, both generic and country-code.
Here is what the list of DNSSEC-compatible TLDs looks like today:
DNSSEC support is offered for both the “non-WWW” and “WWW” zones in the DNS lookup chain.
How to enable DNSSEC from the Hepsia Control Panel?
Your customers can enable DNSSEC support for their domains with a click from the Web Hosting Control Panel.
In the Hosted Domains section, they will see a new column named DNSSEC.
To enable DNSSEC for a specific domain, they will need to just click on the corresponding DNSSEC icon:
NOTE: If a domain name is not registered through us, the respective DS records will be made available to the client (they need to click on the DNSSEC icon once more) so that they can add them to their domain management account with the other registrar.
How to enable DNSSEC from the Reseller Control Panel?
DNSSEC has been enabled on behalf of all our partners. You can find the option in the Reseller Control Panel, under My Domains (My Store -> My Domains).
You will immediately recognize the DNSSEC icon, since it is the same as the one in the Hepsia Control Panel.
The DNSSEC icon will be visible if:
- a store domain has been registered through us and its status is OK;
- a store domain is only hosted with us (using the “Add a store domain” option);
To enable DNSSEC, you will just need to click on the icon and select the preferred algorithm.
NOTE: If the given store domain is registered somewhere else – you can get its corresponding DS records (just click again on the DNSSEC icon) and set them with the present registrar.