DNS is one of the corner stones of the Internet which was developed a very long ago, when the Internet was much safer place than today and therefore it is no longer sufficient.
DNSSEC was developed to increase security of DNS by preventing certain types of attacks on data security because DNS does not verify that the obtained data actually came from the correct server. DNSSEC provides users with assurance that the information obtained through the DNS are consistent and were given by the right source and that their integrity was not compromised during the connection. DNSSEC thus ensures the credibility of data acquired through DNS.
Currently we offer DNSSEC for .eu domains, other domains should be supported soon.
Every Internet service (website, e-mail,…) requires DNS for its functionality.
Basic function of DNS is to translate easy-to-remember domain names, such as exohosting.com to numeric addresses (IP addresses) which are understandable for devices in the Internet. If you enter a domain name of some Internet service (website, e-mail,…), computer uses DNS to translate the domain name into numeric address and then connects to this IP address to provide requested service.
However, this proccess can be interrupted by attacker who changes IP address so computer is connected to a completely different service.
DNSSEC uses public-key cryptography – key used fo encryption is different than key used for decryption.
Domain owner (or registrar) generates a pair of private and public key. Private key is then used to sign domain specification used in DNS. The authenticity of the signature can be verified only with the public key which is provided to the zone operator (e.g.: EURid for .eu). Zone operators also signs all domain specifications in DNS and public key for this signature is provided to DNS root zone.
If this hierarchy is not breached in any of its part and all electronic signatures are valid, the chain of trust is created. Chain of trust then ensures data reliability of DNS lookups.
To verify DNSSEC on your domain you can use Verisign verifier: