DNSSEC stands for Domain Name System Security Extensions. It is a protocol that adds an extra layer of security to domains by applying cryptographic digital signatures to existing DNS records to determine the authenticity of the original domain name.
To understand what DNSSEC is, it is first necessary to briefly explain what DNS is.
What DNS is DNS?
When we type a domain name on the Internet, we are immediately redirected to the content of the website we want to visit. This is only possible thanks to DNS servers (Domain Name System).
On the Internet, each web page is identified by a serial number called an IP address. Remembering the IP address of each domain would be too complicated, and the task of DNS is precisely to redirect the user to the IP address that corresponds to the entered domain (technically this is called DNS resolution).
Technically, DNS is hierarchically arranged servers that interact with each other. DNSSEC is an advanced DNS feature, which adds digital signatures to the DNS of a domain name to verify the proper functioning of the DNS chain and prevent certain types of cyber attacks.
DNSSEC is based on the Key exchange. In DNSSEC, public and private keys are generated to verify the correctness and validity of the website's DNS.
Verifying the signature of these keys is the basis of the "chain of trust" that the authenticity of the responses provided by the DNS servers guaranteed, which come into play when the domain is resolved: If the digital signature does not match, the web page will not be displayed.
DNSSEC adds an extra layer of security to your domain by providing your users with guarantees of your website's authenticity.
DNSSEC protects your website from "Man In The Middle" attacks, DNS spoofing and cache poisoning attacks.
DNSSEC creates a network of reliable DNS and increases users' confidence to visit your website.
Activating DNSSEC for a domain with Swizzonic.ch DNS is simple and straightforward: you just need to click.
The DNSSEC protocol protects users from forged DNS data, by ensuring that the web page displayed is actually the one requested.
by ensuring that the web page displayed is actually the one requested.If DNSSEC is not active for a domain name, an attacker could discover a vulnerability in a DNS server and change the match between the domain name and its IP address. In such a case, the user entering the URL of the web page into the browser would be redirected to another web page.
DNSSEC on the other hand enables the Verification of the authenticity of the responses provided by the DNS serverby assuring users that the web page they are accessing is indeed the one they intended to visit. If a hacker were to try to change the IP address of a DNSSEC-protected domain, the DNS server would reject the requests at resolution and prevent the web page from being displayed.
DNNSSEC is therefore a additional level of basic safety, to certain types of cyber attacks to ward off, such as Cache Poisoning, which aims to modify the contents of the cache of DNS servers, DNS spoofing attacks, which attempts to manipulate the mappings between domain names and IP addresses on a DNS server, and so-called 'Man In The Middle' (MITM) attacks, where someone alters the communication between two parties who believe they are communicating directly with each other.
DNS stands for Domain Name System. It is a protocol used on the Internet to translate IP addresses into domain names.
In short, when you enter the name of the website you want to visit, the browser sends a request to the DNS server, which determines the IP address associated with the domain name you entered and sends it back to the browser. At this point, the browser uses the IP address of the domain to send a connection request and show you the content of the web page on the screen.
Technically, a DNS consists of a network of name servers that are arranged hierarchically and communicate with each other.
At Swizzonic.ch, DNNSSEC is free of charge and does not require the activation of a special contract. In fact, Swizzonic.ch offers DNSSEC for many TLDs free of charge.
A list of the endings for which DNSSEC can be activated can be found at on this page.
Swizzonic.ch offers the DNSSEC protocol for many TLDs free of charge.
A list of the endings for which DNSSEC can be activated can be found at on this page.
You can activate DNSSEC directly in your customer area with one click. To do this, perform the steps described in the instructions "How to enable DNSSEC on the domain". are described.
Yes, for the TLDs on which the DNSSEC service is present, it is possible to activate and manage DNSSEC protection also for domains that use other authoritative DNS than those of Swizzonic.ch.
You can act completely independently and in full ownership in the "Domain and DNS" section of the domain in question in your customer area.
No, if the DNS server of the provider through which one surfs the Internet does not verify the validity of the "chain of trust" that guarantees the authenticity of the answers provided by the DNS servers, the DNSSEC activity is effectively nullified.
Furthermore, to guarantee the user a secure browsing experience, DNSSEC must always be accompanied by a SSL-Certificate be coupled: DNSSEC guarantees the visitor that the web page corresponds to the URL address entered, and the SSL certificate then encrypts the exchange between the user's Internet browser and the web server of the website via the HTTPS protocol.