DNSSEC: Difference between revisions

Back up to the Domains Category
From AAISP Support Site
(Created page with "DNSSEC provides a means for you to sign domains to ensure they are secure. There is a lot of information on what DNSSEC is and how it works on the internet. It means that aut...")
 
mNo edit summary
 
Line 1: Line 1:
<indicator name="Domains">[[File:menu-globe.svg|link=:Category:Domains|30px|Back up to the Domains Category]]</indicator>

DNSSEC provides a means for you to sign domains to ensure they are secure.
DNSSEC provides a means for you to sign domains to ensure they are secure.



Latest revision as of 15:47, 26 Haziran 2015


DNSSEC provides a means for you to sign domains to ensure they are secure.

There is a lot of information on what DNSSEC is and how it works on the internet. It means that authoritative zones can now be signed so they cannot be spoofed, and DNS resolvers can check the signing. The signing delegated from the root down, and some zones can now be signed (notably this includes UK domains now).

For the DNS system itself this simply means some new record types. The impact in the longer term will be more resolvers checking signing, and more zones being signed, so less spoofing and forgery will be possible. It also has the chance to break things in various ways and so is being deployed slowly.

Resolvers

Our resolvers handle DNSSEC based queries, for the relevant records and for checking signed records if you want to trust our resolvers.

Registry

We can lodge DS data records with the registry where available. You can do this on our control pages for .uk domains. For other domains, contact support.

Zone files

Where we manage your domain we do not currently sign the zone, but plan to soon (as an option), signed with our keys.