DNSSEC: Difference between revisions
(Created page with "DNSSEC provides a means for you to sign domains to ensure they are secure. There is a lot of information on what DNSSEC is and how it works on the internet. It means that aut...") |
mNo edit summary |
||
Line 1: | Line 1: | ||
<indicator name="Domains">[[File:menu-globe.svg|link=:Category:Domains|30px|Back up to the Domains Category]]</indicator> |
|||
DNSSEC provides a means for you to sign domains to ensure they are secure. |
DNSSEC provides a means for you to sign domains to ensure they are secure. |
||
Latest revision as of 15:47, 26 Haziran 2015
DNSSEC provides a means for you to sign domains to ensure they are secure.
There is a lot of information on what DNSSEC is and how it works on the internet. It means that authoritative zones can now be signed so they cannot be spoofed, and DNS resolvers can check the signing. The signing delegated from the root down, and some zones can now be signed (notably this includes UK domains now).
For the DNS system itself this simply means some new record types. The impact in the longer term will be more resolvers checking signing, and more zones being signed, so less spoofing and forgery will be possible. It also has the chance to break things in various ways and so is being deployed slowly.
Resolvers
Our resolvers handle DNSSEC based queries, for the relevant records and for checking signed records if you want to trust our resolvers.
Registry
We can lodge DS data records with the registry where available. You can do this on our control pages for .uk domains. For other domains, contact support.
Zone files
Where we manage your domain we do not currently sign the zone, but plan to soon (as an option), signed with our keys.