DNSSEC activation for all customers on 4host.ch

DNSSEC in cluster logo cPanel

We are pleased to announce the availability of the clustered dnssec for all our valued 4host.ch customers.

What is the dnssec?

The engineers of the Internet Engineering Task Force (IETF), the organization responsible for the DNS protocol standards, have long understood that the lack of stronger authentication in the DNS was a problem. Work on a solution started in the 1990s and the result was the DNSSEC Security Extensions (DNSSEC).

DNSSEC (Domain Name System Security Extensions) is a set of protocols (rules) designed to protect the resolution of a domain in an address, strengthens authentication in the DNS using digital signatures based on public key cryptography. With DNSSEC, it is not DNS queries and the replies themselves that are encrypted, but rather the DNS data itself is signed by the data owner.

Each DNS zone has a public / private key pair. The area owner uses the private zone key to sign the DNS data in the area and generate digital signatures on that data. As the name "private key" suggests, this key material is kept secret from the owner of the area. The public key of the area, however, is published in the same area to be retrieved by anyone. Any recursive solver that searches for data in the zone also retrieves the zone's public key, which it uses to validate the authenticity of DNS data. The resolver confirms that the digital signature on the recovered DNS data is valid. In this case, the DNS data is legitimate and is returned to the user. If the signature is not validated, the resolver assumes an attack, deletes the data and returns an error to the user.

What are the benefits of having the dnssec active for a domain?

The engineers of the Internet Engineering Task Force (IETF), the organization responsible for the DNS protocol standards, have long understood that the lack of stronger authentication in the DNS was a problem. Work on a solution started in the 1990s and the result was the DNSSEC Security Extensions (DNSSEC).

DNSSEC (Domain Name System Security Extensions) is a set of protocols (rules) designed to protect the resolution of a domain in an address, strengthens authentication in the DNS using digital signatures based on public key cryptography. With DNSSEC, it is not DNS queries and the replies themselves that are encrypted, but rather the DNS data itself is signed by the data owner.

Each DNS zone has a public / private key pair. The area owner uses the private zone key to sign the DNS data in the area and generate digital signatures on that data. As the name "private key" suggests, this key material is kept secret from the owner of the area. The public key of the area, however, is published in the same area to be retrieved by anyone. Any recursive solver that searches for data in the zone also retrieves the zone's public key, which it uses to validate the authenticity of DNS data. The resolver confirms that the digital signature on the recovered DNS data is valid. In this case, the DNS data is legitimate and is returned to the user. If the signature is not validated, the resolver assumes an attack, deletes the data and returns an error to the user.

What are the benefits of having the dnssec active for a domain?

DNSSEC aims to strengthen Internet confidence by helping to protect users from redirecting to fraudulent websites and unintended addresses. In this way, it is possible to prevent malicious activities such as cache poisoning, pharming and man-in-the-middle attacks.

DNSSEC authenticates the resolution of IP addresses with a cryptographic signature, to ensure that the responses provided by the DNS server are valid and authentic. In the event that DNSSEC is properly enabled for your domain name, visitors can be assured of connecting to the actual website corresponding to a particular domain name.

How can I activate dnssec for my domain name?

The activation is done through the cpanel control panel in "zone editor" and with the necessary knowledge it is possible to create the cryptographic keys which are then to be shared with your registrar (domain name registration body).

It is a process that can be performed by an experienced professional with in-depth knowledge of cryptography and in-depth knowledge of dns, but it is also a service that 4host.ch can offer its customers.

Attention: 4host assumes no responsibility if unqualified people work with DNS without in-depth knowledge! Performing incorrect manipulations leads your website to not be reached and therefore to be completely unattainable!

The activation can be requested at sales@4host.ch or at support@4host.ch at the cost of Fr. 120.- instead of Fr. 180.-

 

 

 



Friday, November 8, 2019

« Back