Help Center

DNSSEC What is it?

May 8, 2023Uncategorized

Introduction to DNSSEC

If you are not familiar with DNSSEC, you are not alone. However, understanding this security protocol is crucial for protecting your website from DNS redirection attacks. DNSSEC provides an additional layer of security to the domain name system (DNS), which translates domain names into IP addresses.  

If you want to learn more about DNS, check this blog post. 

In this blog post, we will explore what DNSSEC is, how it works, and why it’s important for securing your website. We will also discuss how to enable DNSSEC for .radio domains on the website register.radio  

Whether you are a website owner or just curious about internet security, read on to learn more about DNSSEC.

DNSSEC Definition 

DNSSEC (Domain Name System Security Extensions) is a security protocol for the domain name system (DNS). The DNS is responsible for translating domain names into IP addresses. However, it was originally designed without an integrated security mechanism, which means that users can be redirected to malicious websites by attackers who modify DNS responses. This is where DNSSEC comes in. 

What is DNSSEC Used For? 

DNSSEC aims to improve the security and integrity of the DNS. Without DNSSEC, attackers can easily redirect users to malicious websites or intercept their communications. DNSSEC adds an extra layer of security to prevent attackers from modifying DNS records. 

DNSSEC uses a pair of cryptographic keys (public and private) to digitally sign DNS records. The digital signatures allow clients to verify that DNS responses are authentic and have not been tampered with. 

 This way, DNSSEC provides an additional layer of security to ensure that visitors are directed to the correct website. When a client queries a DNS server for a DNS response, it also receives an associated digital signature. The client can then verify that the response was signed with the corresponding public cryptographic key. 

dnssec image

DNSSEC Support on register.radio 

On register.radio, we support DNSSEC for .radio domains. To secure a .radio domain with DNSSEC, you need to follow these steps: 

Send us a message to support@register.radio to request the setup of DNSSEC for your domain with the following information: 

  1. .radio domain name 
  2. The algorithm of the related keyData record.
  3. The digest type used for the hash of the related keyData record. 
  4. The Base64 or hexadecimal representation of the hash of the DNSSEC keyData record. 

Example: 

  1. Domain: sampl.radio 
  2. Algorithm of the related keyData record:  ECDSAP256SHA256 
  3. The digest type: SHA-256 
  4. The Base64 or hexadecimal representation of the hash of the DNSSEC keyData record: 

+HrygxNjYF53z2tTICptB0lrDxBlwgX6ybcixFsr/Zypz+YdCOvEHGJNZK7OprXTIU0RYjc0iDedBvSUbZ5ijJw== 

Do note that DS records are not supported. Only keyData records are allowed. 

As a reminder for experts, DNSSEC introduces a Delegation Signer (DS) record to allow the transfer of trust from a parent zone to a child zone. For DNSSEC to work, you must be able to add a DS record for your domain which appears in the DNS records in TLD name servers (the parent of the zone) to establish a chain of trust to your zone (the child zone). The DS record contains a hashed DNSKEY record containing the Key Signing Key (KSK), and acts as a pointer to the next key in the chain of trust. On register.radio, parent/child zones are not supported to keep things simple and secure. 
 

This seems a little bit complicated to you, good news… We are about to launch a one-button DNSSEC enabler. In the coming weeks, you will be able to enable DNSSEC for your domain(s) (registered on register.radio) by just clicking on a button! 

Conclusion

In conclusion, DNSSEC is an important security protocol that helps protect websites from DNS redirection attacks. It adds an additional layer of security to the domain name system by digitally signing DNS records with cryptographic keys. This ensures that visitors are directed to the correct website and prevents attackers from modifying DNS records. 

If you are a website owner, it is a good idea to enable DNSSEC to secure your website and protect your visitors. We will enable (on request) DNSSEC for your(s) domain(s) registered on register.radio . 

Understanding DNSSEC and taking steps to implement it, you can help keep your website secure and protect your users from malicious attacks. 

If you don’t feel comfortable creating your own keys to set it up, wait a bit for our fully automated DNSSEC feature. It will come very soon. 

We hope we have made this clear for you, don’t hesitate to contact us if you need more information. 

The DotRadio team. 

The DotRadio Team

Follow Us