Domain name server security, or short DNSSEC, is a feature of the Domain Name System (DNS) that authenticates responses from a domain lookup. In plain English, DNSSEC makes sure that the domain you are intending to visit, is the one you are actually visiting.
Whenever you type a domain name into your browser’s address bar, you are basically sending a request to the internet asking the DNS to take you to whatever it is you will find at that address, most commonly a website. Humans are good with letters, computers and servers are good with numbers. DNS acts as the translator and converts a domain name into an IP address.
How to enable DNSSEC
DNSSEC needs to be enabled in three locations:
1. The DNS zone for your domain must serve records for public keys, signatures, and non-existence.
2. The registry operator (e.g. .COM or .INFO or .BIZ) must support DNSSEC. SafetyNames only works with registry operators that support DNSSEC. To enable it, just contact the SafetyNames Support Concierge.
3. Lastly, you’ll need to use a DNS resolver that validates domains signed with DNSSEC. You can set up your own, or use for example Google’s Public DNS.
With these three simple steps, your website will have full DNSSEC protection. This benefits both you because search engines will always analyze trusted domains and rank them higher than their non-trusted counterparts. Additionally, you make it harder for bad actors to spoof your domains or use a poisoning attack.
DNSSEC has been labeled as one of the most underestimated hot security topics out there. It is expected that in the very near future, Google will take a strong position against websites and even registrars that do not support DNSSEC. Google already did this for websites not using an SSL certificate, by adding the “Not Secure” label to Chrome’s browser bar:
DNSSEC is the future and it might hit website administrators and business owners without much warning. If your registrar does not support DNSSEC, you will not be able to activate it at all. Find out how to move your domains to SafetyNames and have our concierge team help you out getting online.
CTA: Get DNSSEC
What is DNS?
What is an SSL certificate and why should you care?