DNSSEC – Safe domains
If a domain uses DNSSEC, those who visit the site or receive e-mail can truly be certain that the website or e-mail comes from the stated sender. In other words, DNSSEC makes domains more secure and using DNSSEC for your domain name can be seen as a service to those who visit your site.
You can obtain DNSSEC from your web hosting service or name-server operator, provided that they offer the service and that their name servers also support DNSSEC. We offer the service free of charge but a name-server operator may charge for the service.
Generally speaking, your web hosting service handles key management, although if you have your own name servers, you can naturally manage this on your own, in which case you do this in the DomainManager, where you publish DNSSEC keys.
The holder of a domain name administers and publishes DNSSEC keys independently through the DomainManager. With DNSSEC the customer’s responsibilities are expanded to also encompass the administration of their DNSSEC keys and to sign their own DNS data using these keys, unless they want to have a technical contact perform this.
Prevents attacks on DNS queries
DNSSEC makes it easier for internet users to establish that they are in fact communicating with the right bank or store, instead of with a fraudulent party, thus reducing the risk of being deceived when making bank transactions or shopping online.
It is important to remember that DNSSEC does not stop all types of fraud. It is only constructed to prevent attacks in which the attacking party manipulates responses to DNS queries to achieve their goals.
For websites with many visitors
A target group for DNSSEC is everyone who operates very popular websites and where there could be a commercial or ideological interest for an attacker to redirect visitors to their own website. For this category of users, DNSSEC is a key piece of the puzzle in the effort to offer visitors a reliable and secure internet environment.