What is DNSSEC and why is it important?
The internet is full of crooks who are constantly on the lookout for new vulnerabilities to take advantage of. Even DNS is a target. Fortunately, there is DNSSEC, a new technique that ensures that DNS records are more secure than before. Web hosts, domain name traders and registrars offer this technique for customers who have their domain registered with them. As a customer you have to activate it yourself in your Service Panel or Control Panel. But what exactly is DNSSEC? For that we first go back to the basics.
What is DNS again?
Simply explained, DNS is the telephone directory of the Internet. You must enter an address to visit a website. That address is a long number: the IP address. But a long number is difficult to remember, which is why there are domain names. The domain name system (DNS) translates the domain name into an IP address so that a connection can be established between the visitor’s computer and the server where the website is located. The translation from domain to IP address is also done in the name servers. You can set the DNS for each domain. If there are no name servers set in the DNS of a domain or the name servers do not work, a website cannot be reached.
Why is DNS vulnerable?
It is possible for a hacker to manipulate the process of looking up a website. This is also known as DNS spoofing: a visitor wants to visit a website, but during this process a hacker changes the DNS information so that the visitor is directed to another web server.
For example, it is possible for hackers to redirect traffic to a certain website to his/her own computer and then release malwares or scams on the visitor. As unsuspected visitor, you can be sent to a fake web shop where you share sensitive information such as email address and credit card information because you think you are dealing with a reliable website. It is also possible for hackers to read your emails or change your searches.
What are the advantages of DNSSEC?
To counter this, Domain Name System Security Extensions has been introduced. It specifically secures this part of the internet infrastructure. Domain Name System Security Extensions ensures that DNS records are digitally signed so that website traffic can no longer be manipulated by hackers.
It should not be confused with securing your website with an SSL certificate. Even if you have secured your website with an SSL certificate (HTTPS), the path visitors must take to your website can still be changed by malicious parties. DNSSEC protects the part between the typing of a domain name by a visitor and the actual visit to the website. So your website visitors can’t be stolen by someone else and subsequently robbed by the crook.
Importance of DNSSEC for web shops
Certain quality marks require web shops to use modern, reliable internet standards. The use of DNSSEC and SSL is part of this. The use of DNSSEC is therefore part of the audit so that you will be allowed to carry this important quality mark.
Disadvantages of DNSSEC.
What risks and disadvantages are there? DNSSEC is a lot more complex than regular DNS. For example, the keys used to put digital signatures in DNS must be replaced regularly and the digital signatures themselves must also be regularly refreshed. The chance that visitors cannot use your website optimally is therefore greater when DNSSEC is enabled. Another disadvantage of enabling it is that, if you want to turn it off again, it can take some time (hours to days). So if you are not sure whether you will continue to manage a domain through your current provider, we recommend that you wait to enable it until you have made a decision about your domain management provider.
How to disable DNSSEC?
What you should be aware of is that disabling it requires manual action. This can usually be done simply in the Control Panel. If you can’t find it, an email to your provider should be enough to get it disabled, either by them or by yourself.
Should I use DNSSEC?
Yes, but only on the condition that you have very good reasons to do so. Examples of such reasons are, among others, you have noticed that some of your website visitors have been victimized or a particular quality mark requires you to use it. Currently it has not been activated for my domains. But, of course that can change at any moment depending on events such as the good reasons mentioned above. Further, I’m also waiting for a more stable system without the disadvantages as mentioned in this article. When that happens I will surely activate it for my website. Did I answer your question “ What is DNSSEC? “. I certainly hope so!