Get started for free Log in

Knowledge base

1000 FAQs, 500 tutorials and instructional videos. Here, there are only solutions!

Knowledge baseSecure Web traffic with DNSSEC
Search

Secure Web traffic with DNSSEC

This guide explains what DNSSEC is and how this protection enhances the security of Domains at Infomaniak and the traffic they generate.

 

Preamble

  • Each URL corresponds to an IP address, and when an internet user enters the URL of your site in their web browser, they call on a DNS server whose role is to redirect them to the IP address that corresponds to the entered domain (technically, this is known as DNS resolution).
  • When DNSSEC is not activated on your domain name, a malicious person could detect a flaw in a DNS server and modify the correspondence between your domain name and the IP address of your site with an IP address of their choice. In such a case, the internet user who enters the URL of your site would then be redirected to another website that does not correspond to the content of your website.
  • DNSSEC allows securing the authenticity of the response provided by the DNS server and thus guarantees to internet users that they are viewing the website they actually want to see. If a hacker attempted to modify the IP address of your domain name in a DNS server protected by DNSSEC at the time of resolution, the latter would refuse their requests, as they would not be authenticated.
  • DNSSEC is therefore an additional security measure to the SSL certificate of a site, by guaranteeing to the internet user that they are going to the site that corresponds to the entered URL, and the SSL certificate then intervenes to encrypt the exchanges between the internet user's web browser and the web server of the site they are visiting.

 

Activate or deactivate DNSSEC

To know the availability of DNSSEC for a specific domain, refer to the specifics of the extensions that concern you from this page (under Frequently Asked Questions by first clicking on the extension concerned).

DNSSEC is available and already activated upon purchase for the vast majority of domain name extensions.

If necessary, DNSSEC is activated in a few clicks on domain names fully managed at Infomaniak:

  1. Click here to access the management of your product on the Infomaniak Manager (need help?).
  2. Click directly on the name assigned to the product concerned.
  3. Activate or deactivate DNSSEC from the Dashboard of the domain:

 

If the DNS zone of your domain is managed by another registrar, it will be necessary to provide technical information provided by the latter. If the information provided is incorrect, your domain name will no longer be accessible. Therefore, it is recommended to transfer the complete management of your domain to Infomaniak before activating DNSSEC if you are not familiar with these manipulations.

 

Check if DNSSEC is activated

 

The propagation of DNSSEC to the registry may take several hours to be effective.

Enter the domain name to be checked on this analysis site.

 

Specific guide

Link to this FAQ:

https://faq.infomaniak.com/2208

Has this FAQ been helpful?