Introduced on our web hosting platform some time ago, the DNSSEC protocol helps protect domains from being hijacked and used for phishing purposes.
Initially, DNSSEC support was enabled only for the most popular generic TLDs, namely .COM, .NET, .ORG, .INFO and .BIZ. After a series of API implementations, we expanded the list of DNSSEC validation-eligible Top-Level Domains.
Learn more about the DNSSEC-compatible TLDs on our platform and the benefits of enabling the validation protocol for your domain names from our post.
What is DNSSEC all about?
DNSSEC was brought to life in response to a decades-old vulnerability in the DNS lookup process that re-surfaced a few years ago.
Cyber security experts found out that the DNS system did not actually check for credentials when DNS lookups were being performed, which allowed hijackers to sneak through the DNS lookup process and to take control of a session in order to exploit it for their own phishing purposes.
This made experts conclude that the Domain Name System could not fully guarantee the validity and the integrity of the data being sent in response to a DNS query.
That’s when the need for a security protocol like DNSSEC arose.
The technology behind the protocol is called DNS Security Extensions (DNSSEC) and is aimed at securing namely this vulnerable part of the Internet’s infrastructure.
DNSSEC protects against hijacking attacks by ‘signing’ data digitally so as to ensure it is valid.
In order for the DNSSEC protocol to operate efficiently, it must be deployed at each step of the DNS lookup process.
This means that there is a whole host of entities that have to contribute to making the DNSSEC validation process work, including registries, registrars, hosting companies, software developers, hardware vendors, Internet technologists, etc.
To put it simply – ICANN has to take charge of the DNSSEC validation at the root level, registries need to ensure that the TLDs they are administering are DNSSEC-compatible, whereas domain registrars and web hosting providers need to enable support for the DNSSEC protocol at the end of the DNS lookup chain.
In contrast to another Internet security protocol – SSL, DNSSEC does not encrypt data. It only verifies the validity of the given web address.
DNSSEC – main security benefits
As a security extension of the DNS system itself, DNSSEC represents a very important implementation on the way to a more secure, vulnerability-free Internet.
Here are the key benefits the DNSSEC protocol brings to the table:
- minimized cyber security risks – DNSSEC eliminates the potential for man-in-the-middle (MITM) and cache poisoning attacks;
- an increased level of trust for online activities – DNSSEC makes e-commerce, online banking, online software distribution, VoIP, etc. activities more secure;
- a growing variety of online data transactions – the more DNSSEC-validated data circulates online, the more types of secure data transactions will come on the scene;
Which TLDs are DNSSEC-compatible on our platform?
At first, DNSSEC support was enabled for the following generic TLDs: .COM, .NET, .ORG, .INFO and .BIZ.
Over time, the list has grown to include more TLDs, both generic and country-code.
Here is what the list of DNSSEC-compatible TLDs looks like today:
DNSSEC support is offered for both the “non-WWW” and “WWW” zones in the DNS lookup chain.
How to enable DNSSEC from the Hepsia Control Panel?
Our customers can enable DNSSEC support for their domains with a click from the Web Hosting Control Panel.
In the Hosted Domains section, they will see a new column named DNSSEC.
To enable DNSSEC for a specific domain, they will need to just click on the corresponding DNSSEC icon: