什么是DNSSEC?

DNSSEC是域名系统(DNS)的一项功能,用于验证对域名查找的响应。它可以防止攻击者操纵或毒害对DNS请求的响应。DNS技术的设计没有考虑到安全性。对DNS基础架构的攻击的一个示例是DNS欺骗。在这种情况下,攻击者会劫持DNS解析程序的缓存,导致访问网站的用户接收到错误的IP地址,并查看攻击者的恶意站点,而不是他们想要的站点。

价格

DNSSEC管理服务是我们DNS托管套餐(Premium DNS, DDoS Protected DNS, and GeoDNS)的一部分,您不需要为了更好的安全性而产生额外的成本!

Premium S
$2.95/月 		Premium M
$4.95/月 		Premium L
$14.95/月
? 使用DNSSEC的托管Anycast DNS:
? DNS域: 5 50 400
? DNS记录: 200 2,000 20,000
? 每月的DNS查询: i 5M i 200M 无限
? 邮件转发: 10 100 1,000
? DNS故障转移检查: 1 2 3
完全免费试用。不需要信用卡。没有小把戏。
开始免费30天试用
开始免费7天试用
立即购买
Premium S
$2.95/月
  • +4Anycast DNS服务器
  • 5 DNS域
  • 200 DNS记录
  • 5M 每月的DNS查询
  • 1 DNS故障转移确认
  • 10 邮件转发
  • DNSSEC
  • 扩展功能
完全免费试用。不需要信用卡。没有小把戏。
DDoS Protected S
$5.95/月
  • +4Anycast DNS服务器
  • 针对DNS的DDoS防御
  • 5 DNS域
  • 200 DNS记录
  • 5M 每月的DNS查询
  • 1 DNS故障转移确认
  • 10 邮件转发
  • DNSSEC
  • 扩展功能
完全免费试用。不需要信用卡。没有小把戏。
GeoDNS Start
$9.95/月
  • 4Anycast DNS服务器
  • 针对DNS的DDoS防御
  • DNS地理定位
  • 1 DNS域
  • 1,000 DNS记录
  • 100M 每月的DNS查询
  • 1 DNS故障转移确认
  • 3 邮件转发
  • DNSSEC
  • 扩展功能
完全免费试用。不需要信用卡。没有小把戏。
Absolutely Free Trial Period
无需信用卡
24/7实时聊天支持

DNSSEC是如何工作的

When you activate DNSSEC, we'll generate a public-private key pair for your zone. The public key, provided as DS or DNSKEY records, should be configured with your domain provider. Our network will use the private key to sign your records during zone deployment. The end-user resolver checks these signatures against the public keys to authenticate record integrity during transfer.

DNSSEC aims to enhance user safety by verifying digital signatures after a user enters a domain name. Information can only reach the user's device when digital signatures match between the data and the Primary DNS server, ensuring connection to a legitimate website. It utilizes digital signatures and public keys to validate information, adding new records to existing DNS entries like A, CNAME, and MX. DNSKEY and RRSIG digitally sign DNS data using public-key cryptography. Each DNS zone's name server holds public and private keys. When a user queries, the server provides information signed with its private key, which the recipient opens with the public key. If information is modified, it won't open correctly, triggering an error message.

优势&功能

轻松设置

只需单击控制面板中的激活按钮,我们的系统就会保护该区域。只需在提供程序中添加DS记录,即可完成安装。

安全

我们对所有签名使用椭圆曲线算法(ECDSA P-256),该算法比标准RSA密钥更强、更小。

性能

保持DNS答案尽可能小意味着更快的速度!此外,我们的Anycast DNS网络可以从距离解析器最近的位置提供更快速的响应。

7x24小时支持

无论哪一天,无论何时,我们都能提供连续不间断的网络监控和支持。 我们的技术支持团队通过实时聊天和工单为您提供24/7在线服务。您可以免费迁移您的区域,在这里了解更多.

如何在ClouDNS中配置DNSSEC?

To activate DNSSEC signing and obtain the domain DS records and DNSKEY records, you need to process the following steps:

  1. Log into your ClouDNS control panel.
  2. Navigate to the zone you wish to configure.
  3. Locate the "DNSSEC" menu at the top of the zone's control panel and click on it.
  4. From here, choose to either activate or deactivate DNSSEC zone signing.

Optional: For additional details and guidance about DNSSEC implementation, refer to the ClouDNS DNSSEC wiki page.

我为什么要关心DNSSEC?

When you want to connect to a particular website, your browser should get the corresponding IP address. Unfortunately, there is a chance an attacker to intercept your DNS queries and place fake information. As a result, your browser will connect to a forged website where you could potentially enter personal information, like bank details.

Thanks to DNSSEC, there is an additional level of security, and your browser is able to check if the DNS data is actually correct and not changed. In addition, DNSSEC is used not only for the web but also by any other Internet service or protocol, for instance, SMTP and Voice-over- IP (VoIP).

With DNSSEC, you can protect your domain from vulnerabilities like:

DNSSEC-Enabled vs Non-DNSSEC Domains

Domains with enabled DNSSEC offer cryptographic security, ensuring authentic DNS data and protecting users from attacks and traffic interception. They safeguard brands from DNS hijacking and reputation damage. In contrast, domains without DNSSEC lack this protection, making them more vulnerable to attacks and putting both users and brands at risk.

Feature DNSSEC-Enabled Domains Non-DNSSEC Domains
安全 Cryptographically secured Vulnerable to DNS attacks
Trust Verified, authentic DNS data Unverified, prone to spoofing
User Safety Guaranteed traffic integrity Risk of traffic interception
Brand Protection Shielded from DNS hijacking Open to reputation damage

什么是DNSSEC验证

DNSSEC验证是一个简单的过程,包括以下步骤:

For more insights, read our full blog post about DNSSEC.

Who can take advantage of DNSSEC?

DNSSEC can benefit anyone with an online presence, from large companies to individual website owners. It helps protect against cyber threats like DNS spoofing and cache poisoning, making it essential for businesses that rely on secure communication, such as e-commerce sites, financial institutions, government agencies, and healthcare providers. Even small businesses and personal websites can use DNSSEC to protect their data and reputation. By securing domain information, DNSSEC ensures users can trust the integrity and authenticity of a site, providing safer, more reliable online experiences for everyone.

经常被问到的问题

常问问题

  • How to start using DNSSEC? - To get started, select a plan that best suits your needs and click on the orange button below the chosen plan.
  • What does DNSSEC protect against? - DNSSEC protects against forged DNS data, like that from DNS cache poisoning. It ensures resolvers receive authentic responses, mitigating the risk of accepting incorrect data. By verifying DNS responses, it prevents potential impacts on individual users or entire networks caused by malicious responses.
  • What types of DNS records does DNSSEC use? - DNSSEC uses DNSKEY, RRSIG, NSEC, and DS records. DNSKEY stores public keys, RRSIG contains digital signatures, NSEC provides denial of existence proof, and DS establishes trust chains.
  • Still have questions about DNSSEC? - 您可以通过我们的24/7 实时聊天支持联系我们,或者如果愿意,您可以通过 support@cloudns.net给我们发送消息。

DNSSEC is available in all of our Premium DNS, DDoS Protected DNS and GeoDNS plans!

获取优惠

What our clients say

    “与你们的公司在一起我非常开心。你们是真正的互联网上最好的DNS提供商。你们的客户支持,价格及功能是第一流的。”

    Christopher Nofal
    Manager @ DreamLab LLC

    “最好的服务,漂亮的控制面板,100%的正常运行时间而且费用低廉。”

    Vadim Mikheev

    "Got frustrated with the lack of knowledgeable support at GoDaddy, searched for alternate DNS providers and found ClouDNS. Could. Not. Be. Happier..."

    Phillip McMahon

    "Working with the team at ClouDNS has been very supportive. My experience has been excellent. The team is attentive, knowledgeable and skilled when it comes to Cloud DNS, and I can recommend their professionalism."

    J. May
    Marketing Chief @ Amaze Communication

    “我可以在这里推荐这项服务。
    关于托管和控制:
    -您需要的每个部分都有大量的可能性(DNS、SSL等)。。。"

    Patrick Jud

    “自2014年以来,我一直在使用Clouds,我不得不说,他们真的很棒。他们为我和我的客户提供的服务是首屈一指的。他们提供了非常好的价值服务,尤其是DDoS订阅。。。“

    Daniel Ives
    CEO @ Ives Network t/a Daniel Ives

    “亲切的支持,通畅的交流,出色的服务,优势的价格。
    再也不能要求更多的了。“

    Steven Pearson

    “非常感谢你们能提供给我们使用比特币来支付服务的机会。在乌克兰银行系统崩溃的情况下,这对于你们那些来自乌克兰的客户来说是极其重要的。”

    Mikhail Chutowski

    “CloudDNS 太棒了!我已经用过它一段时间了,它运行非常完美。我想对你们提供的针对DNS服务的完美解决方案表示感谢。“

    Helinton Dias
    @ CloudExperts Consultoria

    “作为一个Web服务代理商,我们给我们的客户共享主机。我们想保证这些客户的代理服务在即便我们的服务器有问题的情况下仍能保持运行。这是为什么我转到ClouDNS。。。”

    Grigor Yosifov
    CEO @ Forci Web Consulting Ltd

    “你们的客户服务是我的首选,请继续努力!”

    Sami Sälö
    Chairman of the Board @ Salskea Oy

    "ClouDNS provides the best in class DNS services. Prior to ClouDNS we were hosting and managing our DNS servers which was not core to our business so when we compared alternatives ClouDNS was the right fit..."

    James Aker
    President at Explait @ EXPLAIT, LLC

    "Outstanding Service. I'm using ClouDNS since 2015 for personal domains. In 2018 moved the domains of the company were i work and we use your services since then. Would never though to go back!!!..."

    Stanislav Filavtev

    """谢谢你们所有这些完美的工作!

    我已经使用你们的DNS服务的免费版本大约4年了,没有停机。。。“"

    Iskren Slavov
    Founder/Full Stack Developer @ Wish Development Ltd

受信任:

Online - Live Chat
Cookies帮助我们提供我们的服务。通过使用我们的服务,您同意我们使用cookies。 了解更多