DNSSEC is basically an extension of the DNS. DNS stands for “Domain Name System” and represents an important interface between calling up domains and assigning and converting them to suitable IP addresses on the Internet. In order to make this conversion and assignment or the DNS response, which the user receives on his DNS request, more secure, DNSSEC is available. This in turn stands for “Domain Name System Security Extensions”. The extension checks the authenticity and integrity of the data transmitted in the DNS response.
How does DNSSEC work and what is it used for?
To ensure authenticity and integrity, simply the security and authenticity of data from DNS responses, the DNSSEC extension uses cryptographic signatures. This means that DNS replies cannot be manipulated without being noticed, because it is precisely these forgeries that pose the greatest danger to DNS queries and their replies. Counterfeiters try to route DNS responses to false servers. Since almost all encryptions on the Internet are also DNS queries, data is tapped and stolen via these forgeries. Both the simple calling up of websites and the sending of e-mails, as well as online banking and instant messaging, use DNS queries. The DNSSEC extension prevents the undetected falsification of a DNS response with the help of the DNSSEC extension. In addition, the security enhancements are also an important security factor in other online areas. Especially in the area of e-mails, it is possible to send e-mails secured with DANE, which are sent encrypted to the selected server. DNSSEC thus not only provides the security for DNS queries, but also provides the security basis for further transcriptions in the network, which must be strongly secured. DNSSEC therefore plays an important and decisive role in the area of Internet and online security. DNSSEC ensures security in the insecure DNS protocol, which is indispensable for communication in the network.
How can I use DNSSEC?
The security extension can be used without effort or problems. Basically, Internet users don’t have to do anything to use DNSSEC because the extension is fully integrated automatically. As soon as your own Internet access supports and accepts the DNSSEC extension, any DNS requests are checked and secured. Every Internet user therefore enjoys the security protection provided by the DNSSEC extension completely free of charge and without any time or effort. Domain holders, on the other hand, should actually take action to protect their domain name with the help of the security extension. To do this, domain holders should contact the server operator. Since this is in most cases a web hosting provider, they often very quickly take care of the DNSSEC extension for their customers. In case companies own their own name server and actively manage and operate it, the IT department should be able to take care of the DNSSEC extension without any problems. Contact persons for domain holders are either the company’s own IT department with its own name server or the web hosters of the name server.
Which DNSSEC encryptions are available?
The DNSSEC extension was introduced in 2010 and has been in increasing demand ever since. Internet security is not only important to the operators and owners of domains and servers, but also to Internet users. Since they want their data and information encrypted and secured, the number of DNSsec encryptions is increasing. However, the automatic activation of DNSSEC is currently only possible for the following Top Level Domains: .ch, in Switzerland, .li, in Lichtenstein.
You can find more information under: