DNS Security Extensions, or DNSSEC, are a method of authenticating DNS response data. Before you can connect to a website, your browser must first obtain the site’s IP address using DNS. An attacker, on the other hand, may intercept your DNS requests and offer false information, causing your browser to link to a bogus website where you could possibly disclose personal information (for example, what you think is a bank website). DNSSEC adds an extra layer of security by allowing the web browser to verify that the DNS information is correct and has not been altered. It’s also worth noting that DNSSEC isn’t only for the Web; it may be utilized by any other Internet service or protocol.
In an ideal situation, your local DNS resolver will do “DNSSEC validation” and simply block sites that fail due to erroneous DNSSEC signatures. This DNS resolver might be located at your ISP or on your local network.
How do I configure DNSSEC for my domain?
Signing your domain using DNSSEC entails two actions:
- The registrar of your domain name must be able to receive “Delegation Signor (DS)” records and transmit them up to the Top-Level-Domain (TLD) for your domain (ex. .com, .org, .net).
- The DNS hosting provider that operates your domain’s DNS name servers must support DNSSEC and be able to sign (and re-sign) your DNS zone files.
Now, each of these components may be part of a single service provided by a registrant. In other words, you may not even realize they are distinct — your registrar may serve in both capacities for you. Other times, your domain’s DNS records may be hosted by another provider — or you may host them yourself on your own DNS servers.
ZOFixer.com security scan helps to find this vulnerability in your software and server, you can easily use it by registering on our website and activating the 30-day trial.