What is DNSSEC?
Domain Name System Security Extensions (DNSSEC) add digital signatures to a domain name's DNS (Domain Name System) to determine the authenticity of the source domain name.
DNSSEC is a set of extensions to DNS that provides:
- Origin authentication of DNS data
- Data integrity
- Authenticated denial of existence
DNSSEC addresses an identified security risk and helps prevent malicious activities like cache poisoning, pharming, and man-in-the-middle attacks. It uses a digital signature to create a chain of authority. Then, it uses the chain to verify that the source domain name, which the DNS resolver returns, matches the DNS record stored at the authoritative DNS. If it cannot validate the source, it discards the response.
We currently offer two types of DNSSEC: self-managed and fully managed. The criteria differ depending on which type you want to use.
To Use Self-Managed DNSSEC Services:
- Your domain name must be registered through us.
- The domain name's registry must be DNSSEC-aware, and we must support it for the domain name's extension:
- .com
- .net
- .biz
- .us
- .org
- .eu
- .se
- .at
- .co.uk, .me.uk, and .org.uk
- .co, .com.co, .net.co, and .nom.co
- The domain name must use custom nameservers. That is, it is not hosted, parked, or forwarding with us.
- The domain name must be in active status, not flagged by the registry, and have valid Whois data.
To Use Fully Managed DNSSEC Services:
- You must have a Premium DNS account. For more information, see Upgrading to Premium DNS.
- The domain name's registry must be DNSSEC-aware, and we must support it for the domain name's extension:
- .com
- .net
- .biz
- .us
- .org
- .eu
- .se
- .at
- .co.uk, .me.uk, and .org.uk
- .co, .com.co, .net.co, and .nom.co
- The domain name must use our nameservers.
Related Material:
About Self-Managed DNSSECManaging DNSSEC for Your Domain Name
