Do you have a website? Have you registered a domain name? If so DNS Security Extensions (DNSSEC) can provide an added layer of security and help protect your web content from attackers by ensuring that visitors to your site see the content you want them to see. To get started with DNSSEC, follow these steps:
1. Understand the basics of DNSSEC. If you would like to understand more of the basics of DNSSEC, we suggest starting with this video (and this video interview) and also viewing the following resources:
2. Determine if your top-level domain (TLD) supports DNSSEC
If your domain ends in one of the common domains such as .COM, .NET, .ORG, .EDU, etc., those zones as well as many country code TLDs (ccTLDs) have all been signed with DNSSEC. To check if your TLD has been signed, you can visit ICANN’s list of signed TLDs. If your TLD has not been signed, you can still sign your own domain but you cannot link it in to the global “chain of trust” that gives DNSSEC its power.
3. Sign your own domains
You will need to determine if:
- Your domain name registrar supports accepting DNSSEC records; and
- Your DNS hosting provider will sign your zone files for you.
Note that in some cases these two functions may be performed by the same company. A good place to start is:
4. Deploy DNSSEC-validating DNS resolvers.
To make use of DNSSEC on your own network, you need to deploy “DNSSEC-validating DNS resolvers” that allow users on your network to be able to have their DNS queries validated with DNSSEC. A great place to start is:
5. Build the case for management about your deployment of DNSSEC:
6. Consider adding a widget to your site to help promote DNSSEC:
- DNSSEC Client Check for Websites
- (Need to list any others out there)
7. Keep up-to-date on the latest DNSSEC news and activities:
Please let us know how we can help you make the transition to IPv6!