What is DNSSEC?

Domain Name System Security Extensions (DNSSEC) is a method of adding security to DNS to protect against forged or manipulated DNS information.

Standard DNS information is not authenticated, name servers trust any response they receive. Since they trust any response, it is possible for somebody to send incorrect information to a name server. Once the name server has the incorrect information, anyone else who uses that name server will see the incorrect info. An attacker could use this to temporarily disable or redirect a domain.

DNSSEC adds security by letting name servers verify that DNS info is coming from the correct place. When DNSSEC is set up, DNS records are digitally signed. When checking records, name servers check for a signature and compare it to the correct signature. If there is no signature or if the signatures don’t match, the name server will not trust or save the incorrect information.

Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more
Reclaim Hosting Support Hours
8:00 am - 5:00 pm ET, Monday through Friday
Submit a Ticket
Get a quick and helpful response from the pros.
Need Extra Support?
No problem, we're here to help! Talk to us about Professional Services or custom Service Level Agreements.