DNSSEC is a feature of the Domain Name System (DNS) that authenticates responses to domain name lookups. It prevents attackers from manipulating or poisoning the responses to DNS requests. DNS technology was not designed with security in mind. One example of an attack on DNS infrastructure is DNS spoofing. In which case an attacker hijacks a DNS resolver’s cache, causing users who visit a website to receive an incorrect IP address and view the attacker’s malicious site instead of the one they intended.
When you activate DNSSEC, we will generate a public and private key for your zone. The public key is provided to you in the form of DS or DNSKEY records. The records should be configured at the domain provider, where the domain name is registered. During the deployment of your zone in our network, we will use the private key to sign all your records. These signatures will be received and checked by the end-user resolver if they match with the public keys and the resolver will be able to authenticate that the records are not manipulated during the network transfer.
DNSSEC management services are part of our DNS hosting plans - Premium DNS, DDoS Protected DNS, and GeoDNS. No extra costs for better security!
|
Premium S $2.95/月 |
Premium M $4.95/月 |
Premium L $14.95/月 |
|
|---|---|---|---|
| Managed Anycast DNS with DNSSEC: ? | |||
| DNS域: ? | 25 | 75 | 400 |
| DNS記錄: ? | 1,000 | 3,500 | 20,000 |
| DNS queries per month: ? | 5M i | 無限 | 無限 |
| 郵件轉發: ? | 50 | 150 | 1,000 |
| DNS Failover & Monitoring checks: ? | 1 | 2 | 3 |
| Completely free trial. No credit cards required. No tricks. |
Just click the activation button in the control panel, and our system will secure the zone. You will be required only to add the DS records at the provider, and the setup will be completed.
We are using the Elliptical Curve Algorithm (ECDSA P-256) for all signatures, which is stronger and smaller than the standard RSA keys.
Keeping DNS answers as small as possible means faster speed for you! Additionally, our Anycast DNS Network provides more rapid responses from the closest location to the resolver.
No matter what day, no matter when, we provide continuous, uninterrupted network monitoring and support. Our Technical Support team is online for you 24/7 by live chat and tickets. We can migrate your zones for free, read more here.
To activate DNSSEC signing and obtain the domain DS records, you have to log into your control panel and to navigate to the zone. In the zone's control panel you will see a menu on top called "DNSSEC". From this page you can activate or deactivate DNSSEC zone signing. We recommend you to check our DNSSEC wiki page to find more detailed information about DNSSEC implementation!