What is DNSSEC?
Understanding DNSSEC first requires basic knowledge of how the DNS system works.
The DNS is used to translate domain names (like example.com) into numeric Internet addresses (like 198.161.0.1).
Although this address system is very efficient for computers to read and process the data, it is extremely difficult for people to remember. Let’s say that every time when you need to check a website, you should remember the IP address of the machine where it is located. People often call the DNS system the "phone book of the Internet".
To solve this problem, a numeric IP address was attached to every domain name. The website addresses we know are actually domain names.
Domain name information is stored and accessed on special servers, known as domain name servers, that convert domain names into IP addresses and vice versa.
The top level of the DNS resides in the root zone where all IP addresses and domain names are kept in databases and sorted by top-level domain name, such as .com, .net, .org, etc.
When the DNS was first implemented, it was not secured, and soon after being put into use, several vulnerabilities were discovered. As a result, a security system was developed in the form of extensions that could be added to the existing DNS protocols.
Domain name system security extensions (DNSSEC) are a set of protocols that add a layer of security to the domain name system (DNS) lookup and exchange processes, which have become integral in accessing websites through the Internet.
Advantages of DNSSEC
DNSSEC is aimed at strengthening trust in the Internet by helping to protect users from redirection to fraudulent websites and unintended addresses. In such a way, malicious activities like cache poisoning, pharming, and man-in-the-middle attacks can be prevented.
DNSSEC authenticates the resolution of IP addresses with a cryptographic signature, to make sure that answers provided by the DNS server are valid and authentic. In case DNSSEC is properly enabled for your domain name, the visitors can be ensured that they are connecting to the actual website corresponding to a particular domain name.
How Do I enable DNSSEC?
Domain Name System Security Extensions (DNSSEC) adds a layer of security to the old DNS system. There are two steps for using it:
- creating the DNSSEC record on your cPanel account.
- letting your domain registrar know that you want to use DNSSEC.
How to create a DNNSEC record in cPanel
- Connect to cPanel account
- Look for DOMAINS section, select Zone Editor
- Click DNSSEC link for your domain
- Click the Status field to enable DNSSEC. In a few seconds, a new key will be created for your domain.
- That’s everything on the cPanel side.
Registrar configuration
This step depends on your registrar. Anyway, you will need all the key details from cPanel: Key Tag, Algorithm(8 RSA/SHA-256 0 bits), Digest Type(1 SHA-1, 2 SHA-256 or 4 SHA-384) and Digest.
Log this in a support ticket to the Support team and someone will assist you.