What is DNSSEC?

DNSSEC is a feature of the Domain Name System (DNS) that authenticates responses to domain name lookups. It prevents attackers from manipulating or poisoning the responses to DNS requests. DNS technology was not designed with security in mind. One example of an attack on DNS infrastructure is DNS spoofing. In which case an attacker hijacks a DNS resolver’s cache, causing users who visit a website to receive an incorrect IP address and view the attacker’s malicious site instead of the one they intended.


How does DNSSEC work?

When you activate DNSSEC, we will generate a public and private key for your zone. The public key is provided to you in the form of DS or DNSKEY records. The records should be configured at the domain provider, where the domain name is registered. During the deployment of your zone in our network, we will use the private key to sign all your records. These signatures will be received and checked by the end-user resolver if they match with the public keys and the resolver will be able to authenticate that the records are not manipulated during the network transfer.

The main purpose of DNSSEC is to keep the users safe. That happens after the user types the domain name in the browser and the resolver verifies the digital signature. Only when the digital signatures in the data and those in the Primary DNS server match the information can reach the user's device. That way, it guarantees that the user is connecting with the legitimate website. DNSSEC implements a combination of digital signatures and public keys to validate the information, and it adds new records to the existing DNS records. DNSKEY and RRSIG digitally "sign" the DNS data using a public-key cryptography technique. They stick to the other popular records, like A, CNAME, and MX.
The name server holds the public and private keys for each DNS zone. So, when a user makes a query, the server provides the information signed with its private key. Then the recipient has to open it with the public key. That way, if the information is modified and misleading, it won't open correctly with the public key. As a result, the recipient is going to receive an error message.

価格設定

DNSSEC management services are part of our DNS hosting plans - Premium DNS, DDoS Protected DNS, and GeoDNS. No extra costs for better security!

Premium S
$2.95/月
Premium M
$4.95/月
Premium L
$14.95/月
Managed Anycast DNS with DNSSEC: ?
DNSゾーン: ? 5 75 400
DNSレコード: ? 200 3,500 20,000
一ヶ月当たりのクエリの数: ? 5M i 無制限 無制限
Eメール転送: ? 10 150 1,000
DNSフェイルオーバーとモニタリングのチェック: ? 1 2 3
完全に無料のトライアル。クレジットカードなどはいりません。トリックなどはありません。
無料の30日間のトライアルを開始する
無料の30日間のトライアルを開始する
無料の30日間のトライアルを開始する
Premium S
$2.95/月
  • +4エニーキャストDNSサーバー
  • 5 DNSゾーン
  • 200 DNSレコード
  • 5M 一ヶ月当たりのクエリの数
  • 1 DNS Failover check
  • 10 Eメール転送
  • DNSSEC
  • 拡張の機能
完全に無料のトライアル。クレジットカードなどはいりません。トリックなどはありません。
無料の30日間のトライアルを開始する
DDoS Protected S
$5.95/月
  • +4エニーキャストDNSサーバー
  • DNS 用のDDoS攻撃の対策
  • 25 DNSゾーン
  • 1,000 DNSレコード
  • 無制限 一ヶ月当たりのクエリの数
  • 1 DNS Failover check
  • 50 Eメール転送
  • DNSSEC
  • 拡張の機能
完全に無料のトライアル。クレジットカードなどはいりません。トリックなどはありません。
無料の30日間のトライアルを開始する
GeoDNS Start
$9.95/月
  • 4エニーキャストDNSサーバー
  • DNS 用のDDoS攻撃の対策
  • ジオロケーションによるDNSダイレクション
  • 1 DNSゾーン
  • 1,000 DNSレコード
  • 100M 一ヶ月当たりのクエリの数
  • 1 DNS Failover check
  • 3 Eメール転送
  • DNSSEC
  • 拡張の機能
完全に無料のトライアル。クレジットカードなどはいりません。トリックなどはありません。
無料の30日間のトライアルを開始する

利点や特徴

簡単な設定

Just click the activation button in the control panel, and our system will secure the zone. You will be required only to add the DS records at the provider, and the setup will be completed.

セキュリティ

We are using the Elliptical Curve Algorithm (ECDSA P-256) for all signatures, which is stronger and smaller than the standard RSA keys.

Performance

Keeping DNS answers as small as possible means faster speed for you! Additionally, our Anycast DNS Network provides more rapid responses from the closest location to the resolver.

24/7サポート

平日や休日を問わず、どんな時間であろうと当社は継続的で、円滑なネットワーク監視やサポートを提供しております。 Our Technical Support team is online for you 24/7 by live chat and tickets. We can migrate your zones for free, read more here.

How to configure DNSSEC in ClouDNS?

To activate DNSSEC signing and obtain the domain DS records, you have to log into your control panel and to navigate to the zone. In the zone's control panel you will see a menu on top called "DNSSEC". From this page you can activate or deactivate DNSSEC zone signing. We recommend you to check our DNSSEC wiki page to find more detailed information about DNSSEC implementation!

Why should I care about DNSSEC?

DNSSEC provides a way for authenticating DNS response data. When you want to connect to a particular website, your browser should get the corresponding IP address. Unfortunately, there is a chance an attacker to intercept your DNS queries and place fake information. As a result, your browser will connect to a forged website where you could potentially enter personal information, like bank details.
Thanks to DNSSEC, there is an additional level of security, and your browser is able to check if the DNS data is actually correct and not changed. In addition, DNSSEC is used not only for the web but also by any other Internet service or protocol, for instance, SMTP and Voice-over- IP (VoIP).

What is DNSSEC validation

DNSSEC validation is a simple process that includes the following steps:

クッキーは弊社のサービス提供を支えています。サービスのご利用に伴って、準拠したクッキーの使用に同意しているとみなします。 もっと知る