1000 FAQs, 500 tutorials and explanatory videos. Here, there are only solutions!
Understanding what DNSSEC is for
This guide explains what DNSSEC is and how this protection enhances the security of a domain name.
What is DNSSEC for?
Each URL address corresponds to an IP address, and when an internet user enters the URL address for your website in their internet browser, it calls a DNS server whose role is to redirect to the IP address which corresponds to the domain entered (technically, this is called DNS resolution).
When DNSSEC is not enabled on your domain name, an unauthorised person could detect a fault in a DNS server and modify the correspondence between your domain name and your website's IP address through the IP of their choice. In this case, the internet user entering the URL address for your website would be redirected to another website which would not correspond to your website's content.
DNSSEC allows the authenticity of the response provided by the DNS server to be secured and thus gives internet users the guarantee that they are seeing the website the actually wanted to see. If a hacker tried to modify your domain name's IP address in a DNS protected by DNSSEC at the time of resolution, the DNSSEC would therefore refuse its requests as they would not be authenticated.
DNSSEC is therefore a security measure which is additional to a site's SSL certificate. DNSSEC ensures that the internet user arrives at the site corresponding to the URL address entered, and the SSL certificate then intervenes by encrypting the exchanges between the internet user and the web server of the site they are visiting.
Enabling DNSSEC on a domain
- This guide explains how to enable DNSSEC on a domain managed with Infomaniak.
- Configuring DNSSEC with the CDN Cloudflare