DNSSEC is a feature of the Domain Name System (DNS) that authenticates responses to domain name lookups. It prevents attackers from manipulating or poisoning the responses to DNS requests. DNS technology was not designed with security in mind. One example of an attack on DNS infrastructure is DNS spoofing. In which case an attacker hijacks a DNS resolver’s cache, causing users who visit a website to receive an incorrect IP address and view the attacker’s malicious site instead of the one they intended.
When you activate DNSSEC, we'll generate a public-private key pair for your zone. The public key, provided as DS or DNSKEY records, should be configured with your domain provider. Our network will use the private key to sign your records during zone deployment. The end-user resolver checks these signatures against the public keys to authenticate record integrity during transfer.
DNSSEC aims to enhance user safety by verifying digital signatures after a user enters a domain name. Information can only reach the user's device when digital signatures match between the data and the Primary DNS server, ensuring connection to a legitimate website. It utilizes digital signatures and public keys to validate information, adding new records to existing DNS entries like A, CNAME, and MX. DNSKEY and RRSIG digitally sign DNS data using public-key cryptography. Each DNS zone's name server holds public and private keys. When a user queries, the server provides information signed with its private key, which the recipient opens with the public key. If information is modified, it won't open correctly, triggering an error message.
DNSSEC management services are part of our DNS hosting plans - Premium DNS, DDoS Protected DNS, and GeoDNS. No extra costs for better security!
Premium S $2.95/月 |
Premium M $4.95/月 |
Premium L $14.95/月 |
|
---|---|---|---|
? Managed Anycast DNS with DNSSEC: | |||
? DNSゾーン: | 5 | 50 | 400 |
? DNSレコード: | 200 | 2,000 | 20,000 |
? 一ヶ月当たりのクエリの数: | i 5M | i 200M | 無制限 |
? Eメール転送: | 10 | 100 | 1,000 |
? DNSフェイルオーバーとモニタリングのチェック: | 1 | 2 | 3 |
完全に無料のトライアル。クレジットカードなどはいりません。トリックなどはありません。 |
Just click the activation button in the control panel, and our system will secure the zone. You will be required only to add the DS records at the provider, and the setup will be completed.
We are using the Elliptical Curve Algorithm (ECDSA P-256) for all signatures, which is stronger and smaller than the standard RSA keys.
Keeping DNS answers as small as possible means faster speed for you! Additionally, our Anycast DNS Network provides more rapid responses from the closest location to the resolver.
平日や休日を問わず、どんな時間であろうと当社は継続的で、円滑なネットワーク監視やサポートを提供しております。 Our Technical Support team is online for you 24/7 by live chat and tickets. We can migrate your zones for free, read more here.
To activate DNSSEC signing and obtain the domain DS records and DNSKEY records, you need to process the following steps:
Optional: For additional details and guidance about DNSSEC implementation, refer to the ClouDNS DNSSEC wiki page.
When you want to connect to a particular website, your browser should get the corresponding IP address. Unfortunately, there is a chance an attacker to intercept your DNS queries and place fake information. As a result, your browser will connect to a forged website where you could potentially enter personal information, like bank details.
Thanks to DNSSEC, there is an additional level of security, and your browser is able to check if the DNS data is actually correct and not changed. In addition, DNSSEC is used not only for the web but also by any other Internet service or protocol, for instance, SMTP and Voice-over- IP (VoIP).
DNSSEC validation is a simple process that includes the following steps: