DNSSEC (Domain Name System Security Extensions)
DNS attacks are on the rise. With Netim DNSSEC service, you can protect your domain name against DNS cache poisoning and DNS spoofing.
What does a nameserver do?
DNS (Domain Name System) is the “GPS” of the internet, its invention made it possible for the internet as we know it to emerge. nameservers translate domain names (www.netim.com) into IP addresses (185.26.104.158). This is what is known as DNS resolution.
We need DNS resolution to access web content, send emails and a lot more. But DNS was created in the 1980s and the challenges it presented then were very different, especially where security was concerned.
It is almost impossible for a nameserver to authenticate DNS responses, because it deals with IP addresses. IP addresses can be easily spoofed so DNS responses can in turn be just as easily manipulated for malicious purposes.
DNSSEC, the answer to DNS vulnerabilities
In order to lower those risk factors, a new, more secure DNS process was developed: DNSSEC.
DNSSEC adds encrypted digital signatures to communications between nameservers in order to secure them.
DNSSEC is more and more commonly used and recommended for the additional layer of security it provides. Some TLDs (Top-Level Domains) even have DNSSEC enabled by default. Other TLDs still require you to manually activate it via your domain control panel.
How do I enable DNSSEC?
- Select the domain name you want to enable DNSSEC for in your Netim control panel.
- Click the DNSSEC option.
DNSSEC is available for the following TLDs
Frequently Asked Questions
DNSSEC allows for more secure communications between nameservers by authenticating the resolution of IP addresses.
We recommend our customers enable DNSSEC to further protect their domain names. It comes at no additional cost and can be set up from your control panel with a click of the mouse.
DNSSEC is used to secure DNS data. It adds digital signatures based on public key cryptography to DNS data. This is what makes it possible to guarantee the authenticity of DNS resolutions.