By translating domain names into IP addresses, the Domain Name System (DNS) makes client-server communication possible and is crucial for the operability of the Internet.
Over time, the DNS has yielded vulnerabilities that allow hijackers to sneak into sessions and deceive users into giving their secure details to fake websites, for example.
This has called for the introduction of the Domain Name System Security Extensions or DNSSEC technology so that this part of the Internet’s infrastructure can be made secure.
The DNSSEC digital signature ensures that you’re communicating with the site or Internet location you intended to visit. DNSSEC uses a system of public keys and digital signatures to verify data. It simply adds new records to DNS alongside existing records. These new record types, such as RRSIG and DNSKEY, can be retrieved in the same way as common records such as A, CNAME and MX.
A signed nameserver has a public and private key for each zone. When someone makes a request, it sends information signed with its private key; the recipient then unlocks it with the public key. If a third party tries to send untrustworthy information, it won’t unlock properly with the public key, so the recipient will know the information is bogus.
To know more about DNSSEC you can visit this page on the ICANN website.
In line with the global end-to-end deployment trend, we have added DNSSEC on our platform as well for your hosted domains hosted in your iWebz Web Hosting account. This option is currently available for .COM, .NET, .ORG, .INFO and .BIZ domains.