DNSSEC 101 - what is it, and why do I need it?
What is DNSSEC?
DNSSEC (short for Domain Name System Security Extensions) verifies certain kinds of information provided by the DNS (Domain Name System). When you get a response from a DNS resolver, DNSSEC will verify that the answer is true.
In simple terms, DNSSEC is used when you are visiting a website. It means that when you type in a URL, and it sends you to the associated IP address, it will verify that the IP address you are looking to visit is true, and hasn’t been modified or spoofed along the way.
As an example, you might be visiting your bank’s website to pay some bills. DNSSEC will ensure that you are actually visiting the right site, and not a different website that someone has spoofed/cloned to appear in place of your bank’s website.
Still lost? Here’s an analogy that might help!
Imagine someone tries to prove their identity to you using a business card. It has their name, phone number and email address on it, so you have no reason to believe it’s not true – but it’s also not verified or validated information. You’re trusting a piece of paper with ink on it.
After all, anyone can print a business card these days; there’s no checks or security to make sure that people are printing the right information, or not pretending to be someone else.
In this case, the business card is the regular DNS response – you can generally trust it, but there’s no guarantee that it will be true and secure.
On the other hand, DNSSEC DNS responses are much more secure and safe. It would be like if someone showed you their driver’s licence. There’s a photo of the person, there’s generally some sort of security layer (a magnetic strip or chip embedded), there’s holographs, and special ink. You can trust that it is the right person if they are showing you this card, because there are specific technical measures in place to make them hard to forge.
Why was it created?
When DNS was designed back in the 1980s, there was no consideration for strong security measures – no one had heard of spoofing or exploitation!
However, in response to the ease of exploitation and vulnerability of DNS technology, DNSSEC was published and released in 2005 to help protect internet users.
Why do you need it?
It’s not essential to have DNSSEC on your website, but it’s good to have especially if you are collecting financial information e.g. payments from customers on an online store.
Customers are more secure because it guarantees that they are getting the right DNS response for your website. It means no one can hijack and steal credit card information – good for your customers, and good for you.
DNSSEC goes hand in hand with having an SSL certificate on your site. Between the two, they will ensure that your customer’s data is encrypted and secure, as well as verified as coming from the correct source
Where do you get it?
If you have a shared hosting service with VentraIP Australia, you can enable it in cPanel – easy! Just have a chat to our Tech Support team to find out more.
Is it easy to use?
Very much so. If your domain is using your shared hosting name servers, then as soon as you enable it in cPanel, you can set and forget! Our Tech Support team can explain this more if you need their help.