1000 FAQs, 500 tutorials and explanatory videos. Here, there are only solutions!
Secure Web Traffic with DNSSEC
This guide explains what DNSSEC is and how this protection enhances the security of Domains at Infomaniak and the traffic they generate.
Preamble
- Each URL corresponds to an IP address, and when an internet user enters the URL of your site in their web browser, they call on a DNS server whose role is to redirect them to the IP address that corresponds to the entered domain (technically, this is called DNS resolution).
- When DNSSEC is not activated on your domain name, a malicious person could detect a flaw in a DNS server and modify the correspondence between your domain name and the IP address of your site with an IP of their choice. In such a case, the internet user who enters the URL of your site would then be redirected to another website that does not correspond to the content of your website.
- DNSSEC secures the authenticity of the response provided by the DNS server and thus guarantees to internet users that they are viewing the website they actually want to see. If a hacker attempted to modify the IP address of your domain name in a DNS server protected by DNSSEC at the time of resolution, the latter would refuse their requests, as they would not be authenticated.
- DNSSEC is therefore an additional security measure to the SSL certificate of a site, by guaranteeing to the internet user that they are accessing the site that corresponds to the entered URL, and the SSL certificate then intervenes to encrypt the exchanges between the internet user's web browser and the website's server that they are visiting.
Activate or deactivate DNSSEC
To know the availability of DNSSEC for a specific domain, refer to the specifics of the extensions that concern you from this page (under Frequently Asked Questions by first clicking on the extension concerned).
DNSSEC is available and already activated upon purchase for the vast majority of domain name extensions.
If necessary, DNSSEC can be activated in a few clicks on domains fully managed at Infomaniak:
- Click here to access the management of your product on the Infomaniak Manager (need help?).
- Click directly on the name assigned to the product concerned.
- Activate or deactivate DNSSEC from the Dashboard of the domain:
If the DNS zone of your domain is managed by another registrar, it will be necessary to provide technical information provided by the latter. If the information provided is incorrect, your domain name will no longer be accessible. Therefore, it is recommended to transfer the complete management of your domain to Infomaniak before activating DNSSEC if you are not familiar with these manipulations.
Check if DNSSEC is activated
The propagation of DNSSEC to the registry may take several hours to be effective.
Enter the domain name to be verified on this analysis site.