Get DNSSEC, first line of defence against DNS security threats

DNSSEC provides an added layer of security for your domain name. It verifies the DNS records associated with your domain, ensuring that users aren't redirected to a deceptive site. Learn how DNSSEC can help you target this particular DNS security vulnerability - and how easy it is to enable directly from your EuroDNS account!

by Daniel - 26.06.2018

DNS security threats must be addressed

Every domain name needs to be turned into an IP address which is what the Domain Name System (DNS) does. DNS turns a readable domain name - say, Example.com - into an Internet Protocol (IP) address, a string of numbers that a computer can understand. ICANN (Internet Corporation for Assigned Names and Numbers) coordinates IP addresses so no two are alike.

DNS is foundational to the Internet. However, it wasn’t designed with security in mind. Vulnerabilities in the system make is possible for cybercriminals to hijack the IP address look up process. Hackers can take control of a lookup and redirect users to a deceptive website where they can then access a user’s personal information.


To illustrate, imagine you want to go to Example.com. You type Example.com into your web browser. Your web browser connects to web servers that help you establish a connection, allowing you to browse the site, select products, and make purchases. But, in order for that to happen in a safe manner, Example.com must be secured so that you are not put at risk.

If your domain is not secured, you could end up being exposing to fraud. A cybercriminal could, for example, set up a false website that is deceptively similar to Example.com. When your web browser begins its search for Example.com, the cybercriminal could intercept your inquiry and redirect you to their site. Your computer, having received a fake IP address unbeknownst to you, displays a fake website from another server. You end up making purchases from the fake site, all the while assuming you’re visiting the authentic Example.com site. Consequently, someone else now has access to all your personal data: passwords, bank account, credit card numbers.

And therein lies the problem with DNS and the need for DNSSEC.

How DNSSEC Signed works

To avoid the problem described above, every domain name must be secured with the DNSSEC protocol. DNSSEC (DNS Security Extensions) validates the different directory services involved in a search: the root (the top level of the Internet directly), the TLD (in our example, .COM), and the domain name (again, in our example, Example.com). This process of validation produces an authentication chain.

Each of these directory services is managed by a different entity. For example, the root is managed by ICANN but .COM is managed by the registry Versign. The DNSSEC validation process ensures that your look up is being directed to the right entity (as opposed to an imposter) and, thus, producing the result you’re actually looking for. This validation process is called DNSSEC Signed.

Once a domain name has been DNSSEC Signed, it cannot be hijacked by a cybercriminal. A connection can no longer be intercepted and redirected to a fake site. Consequently, a user is no longer at risk of providing a hacker their personal details and your own reputation as a trustworthy site remains intact.

DNSSEC now available through EuroDNS!

DNSSEC is one of the most effective ways to protect your site visitors and protect your own reputation. EuroDNS is committed to making it as easy as possible for you to enable DNSSEC.

In fact, you can enable it right now through your domain management page:

DNS-zone-mgmt-page.jpg#asset:13368

And you’ll find all the information you need to activate and manage DNSSEC in our knowledge base. If you don’t find the information you’re looking for in our help articles, don’t hesitate to get in touch. We’re happy to help!

We strongly encourage you to consider implementing DNSSEC. With DNS-based security threats on the rise, it could make all the difference.


photo credit


Domain securityHow to guides

Next article:
.ONLINE domain name: new horizons for international brands

Previous article:
New registrar data escrow service agent coming to EuroDNS

Related articles: