Whether you think DNS is just one of those boring things you’ve heard IT nerds talking about, or something you’d like to understand, you should know that DNS is very important for the security of your website and emails.
DNS in a nutshell
DNS or domain name system is the internet “telephone directory” that connects your domain name (ie https://xyzuluhosting.com ) to the webserver where the actual website is stored. It’s also the system that directs the emails that are sent to you.
At your domain registrar (where you register and renew your domain) a record is kept of the Domain Name Server that holds the records of where your domain and email is hosted. These records point names, ie xyzuluhosting.com to numbers (IP addresses) that correspond to the address of the server that hosts your website or accepts your emails.
What you need to know
It’s a very old system, but it works. It does however rely on a measure of trust between ISP’s and other main providers of the internet infrastructure.
If someone gains access to your domain name or DNS record, they can easily hijack your emails and redirect all visitors away from your website to a fake page. You probably know some of this, which is why you secure the logins to your domain name registrar and store that login securely. (For security tips see our previous articles: Overwhelmed with passwords? and Why do I need 2FA? )
How can you make your DNS more secure?
The best way you can secure your DNS is by implementing DNSSEC.
What is DNSSEC?
DNSSEC creates a secure domain name system by adding cryptographic signatures to existing DNS records. These digital signatures are stored at your domain registrar, and at your authoritative domain name server. By checking its associated signature, you can verify that a requested DNS record comes from its authoritative name server and wasn’t altered.
When a potential customer attempts to visit your website or send you an email, DNSSEC (if enabled) will protect your traffic from being hijacked.
To enforce or implement this system, a record needs to exist at your domain name registrar and your domain name server. These cryptographic records “match” one another and ensure another server cannot pretend to host the correct records and redirect your traffic and emails elsewhere.
How do I enable DNSSEC?
Transfer your domain names to us and submit a request via our Customer Portal. If you are an exiting customer, simply request this be setup for your domain via a support request and we’ll make it happen for you. Your security is important to us, we offer this service at no additional charge.
This is how a successful DNSSEC test should look <– feel free to test your own domain using the same tool.
We hope this has helped you understand more about how to secure your domain and remember, we’re ready to help.
Not all web hosts are equal xyzuluhosting.com take the blah blah out of technical information and empower our customers with knowledge, this can protect and increase productivity for your business.
Your security is so important to us, we are constantly striving to serve you better.