1000 FAQs, 500 tutorials and explanatory videos. Here, there are only solutions!
Secure Web traffic with DNSSEC
This guide explains what DNSSEC is and how this protection enhances the security of Domains at Infomaniak and the traffic they generate.
Preamble
- Each URL corresponds to an IP address, and when an internet user enters the URL of your site into their web browser, they contact a DNS server whose role is to redirect them to the IP address that corresponds to the entered domain (technically, this is known as DNS resolution).
- When DNSSEC is not activated on your domain name, a malicious person could detect a vulnerability in a DNS server and modify the correspondence between your domain name and your site's IP address with an IP address of their choice. In such a case, the user who enters the URL of your site would be redirected to another website that does not match the content of your website.
- DNSSEC secures the authenticity of the response provided by the DNS server and thus ensures that users are viewing the website they actually want to see. If a hacker attempted to modify the IP address of your domain name in a DNS server protected by DNSSEC at the time of resolution, the server would reject their requests because they would not be authenticated.
- DNSSEC is therefore an additional security measure to the site's SSL certificate. DNSSEC ensures that the user is directed to the site that corresponds to the entered URL, and the SSL certificate then encrypts the exchanges between the user's web browser and the site's web server.
Enable DNSSEC
To find out if DNSSEC is available for a specific domain, refer to the specifics of the extensions that concern you from this page (under Frequently Asked Questions by first clicking on the relevant extension).
DNSSEC is available and already activated upon purchase for the vast majority of domain extensions.
If necessary, DNSSEC can be activated in a few clicks on domains fully managed by Infomaniak:
- Click here to access the management of your product on the Infomaniak Manager (need help?).
- Click directly on the name assigned to the concerned product.
- If necessary, activate DNSSEC from the Dashboard of the domain:
If the DNS zone of your domain is managed with another registrar, it will be necessary to provide the technical information provided by the latter. If the information entered is incorrect, your domain name will no longer be accessible. Therefore, it is recommended to transfer the complete management of your domain to Infomaniak before activating DNSSEC if you are not familiar with these manipulations.
Check if DNSSEC is activated
The propagation of DNSSEC to the registry may take several hours to take effect.
Enter the domain name to verify on this analysis site.