Black Friday promo up to -50% Time left:

What is DNSSEC?

DNSSEC is a feature of the Domain Name System (DNS) that authenticates responses to domain name lookups. It prevents attackers from manipulating or poisoning the responses to DNS requests. DNS technology was not designed with security in mind. One example of an attack on DNS infrastructure is DNS spoofing. In which case an attacker hijacks a DNS resolver’s cache, causing users who visit a website to receive an incorrect IP address and view the attacker’s malicious site instead of the one they intended.

価格設定

DNSSEC management services are part of our DNS hosting plans - Premium DNS, DDoS Protected DNS, and GeoDNS. No extra costs for better security!

	Premium S $2.95/月	Premium M $4.95/月	Premium L $14.95/月
	DDoS Protected S $5.95/月	DDoS Protected M $11.95/月	DDoS Protected L $39.95/月
	GeoDNS Start $9.95/月	GeoDNS Professional $44.95/月	GeoDNS Business $79.95/月
? Managed Anycast DNS with DNSSEC:
? DNSゾーン:	5	50	400
? DNSレコード:	200	2,000	20,000
? 一ヶ月当たりのクエリの数:	i 5M	i 200M	無制限
? Eメール転送:	10	100	1,000
? DNSフェイルオーバーとモニタリングのチェック:	1	2	3
完全に無料のトライアル。クレジットカードなどはいりません。トリックなどはありません。	無料の30日間のトライアルを開始する	無料の30日間のトライアルを開始する	今すぐ買う
? Managed Anycast DNS with DNSSEC:
? DDoS対策機能:
? DNSゾーン:	5	50	400
? DNSレコード:	200	2,000	20,000
? 一ヶ月当たりのクエリの数:	i 5M	i 200M	無制限
? Eメール転送:	10	100	1,000
? DNSフェイルオーバーとモニタリングのチェック:	1	2	3
完全に無料のトライアル。クレジットカードなどはいりません。トリックなどはありません。	無料の30日間のトライアルを開始する	無料の30日間のトライアルを開始する	今すぐ買う
? Managed Anycast DNS with DNSSEC:
? DDoS対策機能:
? ジオロケーションによるDNSダイレクション:
? DNSゾーン:	1	5	10
? DNSレコード:	1,000	5,000	10,000
? 一ヶ月当たりのクエリの数:	i 100M	i 500M	i 1B
? Eメール転送:	3	15	30
? DNSフェイルオーバーとモニタリングのチェック:	1	2	3
完全に無料のトライアル。クレジットカードなどはいりません。トリックなどはありません。	無料の30日間のトライアルを開始する	今すぐ買う	今すぐ買う

Premium S

$2.95/月

+4エニーキャストDNSサーバー
5 DNSゾーン
200 DNSレコード
5M 一ヶ月当たりのクエリの数
1 DNS Failover check
10 Eメール転送
DNSSEC
拡張の機能

完全に無料のトライアル。クレジットカードなどはいりません。トリックなどはありません。

無料の30日間のトライアルを開始する

DDoS Protected S

$5.95/月

+4エニーキャストDNSサーバー
DNS 用のDDoS攻撃の対策
5 DNSゾーン
200 DNSレコード
5M 一ヶ月当たりのクエリの数
1 DNS Failover check
10 Eメール転送
DNSSEC
拡張の機能

完全に無料のトライアル。クレジットカードなどはいりません。トリックなどはありません。

無料の30日間のトライアルを開始する

GeoDNS Start

$9.95/月

4エニーキャストDNSサーバー
DNS 用のDDoS攻撃の対策
ジオロケーションによるDNSダイレクション
1 DNSゾーン
1,000 DNSレコード
100M 一ヶ月当たりのクエリの数
1 DNS Failover check
3 Eメール転送
DNSSEC
拡張の機能

完全に無料のトライアル。クレジットカードなどはいりません。トリックなどはありません。

無料の30日間のトライアルを開始する

30 day Free Trial

No credit cards required

24/7 Live chat support

How does DNSSEC work?

When you activate DNSSEC, we'll generate a public-private key pair for your zone. The public key, provided as DS or DNSKEY records, should be configured with your domain provider. Our network will use the private key to sign your records during zone deployment. The end-user resolver checks these signatures against the public keys to authenticate record integrity during transfer.

DNSSEC aims to enhance user safety by verifying digital signatures after a user enters a domain name. Information can only reach the user's device when digital signatures match between the data and the Primary DNS server, ensuring connection to a legitimate website. It utilizes digital signatures and public keys to validate information, adding new records to existing DNS entries like A, CNAME, and MX. DNSKEY and RRSIG digitally sign DNS data using public-key cryptography. Each DNS zone's name server holds public and private keys. When a user queries, the server provides information signed with its private key, which the recipient opens with the public key. If information is modified, it won't open correctly, triggering an error message.

利点や特徴

簡単な設定

Just click the activation button in the control panel, and our system will secure the zone. You will be required only to add the DS records at the provider, and the setup will be completed.

セキュリティ

We are using the Elliptical Curve Algorithm (ECDSA P-256) for all signatures, which is stronger and smaller than the standard RSA keys.

Performance

Keeping DNS answers as small as possible means faster speed for you! Additionally, our Anycast DNS Network provides more rapid responses from the closest location to the resolver.

24/7サポート

平日や休日を問わず、どんな時間であろうと当社は継続的で、円滑なネットワーク監視やサポートを提供しております。 Our Technical Support team is online for you 24/7 by live chat and tickets. We can migrate your zones for free, read more here.

How to configure DNSSEC in ClouDNS?

To activate DNSSEC signing and obtain the domain DS records and DNSKEY records, you need to process the following steps:

Log into your ClouDNS control panel.
Navigate to the zone you wish to configure.
Locate the "DNSSEC" menu at the top of the zone's control panel and click on it.
From here, choose to either activate or deactivate DNSSEC zone signing.

Optional: For additional details and guidance about DNSSEC implementation, refer to the ClouDNS DNSSEC wiki page.

Why should I care about DNSSEC?

When you want to connect to a particular website, your browser should get the corresponding IP address. Unfortunately, there is a chance an attacker to intercept your DNS queries and place fake information. As a result, your browser will connect to a forged website where you could potentially enter personal information, like bank details.

Thanks to DNSSEC, there is an additional level of security, and your browser is able to check if the DNS data is actually correct and not changed. In addition, DNSSEC is used not only for the web but also by any other Internet service or protocol, for instance, SMTP and Voice-over- IP (VoIP).

With DNSSEC, you can protect your domain from vulnerabilities like:

DNS Spoofing: Prevents hackers from redirecting your visitors to malicious websites.
Man-in-the-Middle Attacks: Blocks unauthorized parties from intercepting and altering your DNS traffic.
Cache Poisoning: Ensures the integrity of cached DNS records, stopping attackers from inserting fake data.

DNSSEC-Enabled vs Non-DNSSEC Domains

Domains with enabled DNSSEC offer cryptographic security, ensuring authentic DNS data and protecting users from attacks and traffic interception. They safeguard brands from DNS hijacking and reputation damage. In contrast, domains without DNSSEC lack this protection, making them more vulnerable to attacks and putting both users and brands at risk.

Feature	DNSSEC-Enabled Domains	Non-DNSSEC Domains
セキュリティ	Cryptographically secured	Vulnerable to DNS attacks
Trust	Verified, authentic DNS data	Unverified, prone to spoofing
User Safety	Guaranteed traffic integrity	Risk of traffic interception
Brand Protection	Shielded from DNS hijacking	Open to reputation damage

What is DNSSEC validation?

DNSSEC validation is a simple process that includes the following steps:

The user enters a domain name into the browser. Then it queries the computer's DNS resolver in order to discover the needed IP address.
If the IP address is not available there, the request proceeds to the Recursive DNS server managed by the Internet Service Provider (ISP).
In case the IP address is available in its cache, the recursive DNS server returns it to the browser. Otherwise, it starts a DNS lookup to find the responsible Authoritative DNS server for the requested domain name.
The Recursive DNS server queries the Root server, and it is directed to the responsible TLD (Top-Level Domain) server for the domain.
The TLD server gives information which is the responsible Authoritative DNS server holding all of the DNS records for that precise domain name.
At every stage, the DNS recursive server requests a DNSSEC key associated with the DNS zone to confirm that the server is authentic. The Authoritative DNS server requests a DNSSEC key for the DNS zone of the domain, and it returns a DNS response with RRSIG records included.
The DNS recursive server validates the RRSIG, verifying that the address record was really provided by the Authoritative DNS server and was not modified in the process. It then sends the validated DNS answer with the IP address to the user.

For more insights, read our full blog post about DNSSEC.

Who can take advantage of DNSSEC?

DNSSEC can benefit anyone with an online presence, from large companies to individual website owners. It helps protect against cyber threats like DNS spoofing and cache poisoning, making it essential for businesses that rely on secure communication, such as e-commerce sites, financial institutions, government agencies, and healthcare providers. Even small businesses and personal websites can use DNSSEC to protect their data and reputation. By securing domain information, DNSSEC ensures users can trust the integrity and authenticity of a site, providing safer, more reliable online experiences for everyone.

Frequently Asked Questions

よくある質問

How to start using DNSSEC? - To get started, select a plan that best suits your needs and click on the orange button below the chosen plan.
What does DNSSEC protect against? - DNSSEC protects against forged DNS data, like that from DNS cache poisoning. It ensures resolvers receive authentic responses, mitigating the risk of accepting incorrect data. By verifying DNS responses, it prevents potential impacts on individual users or entire networks caused by malicious responses.

What types of DNS records does DNSSEC use? - DNSSEC uses DNSKEY, RRSIG, NSEC, and DS records. DNSKEY stores public keys, RRSIG contains digital signatures, NSEC provides denial of existence proof, and DS establishes trust chains.
Still have questions about DNSSEC? - You can contact us via our 24/7 Live chat support or if you prefer, you can send a message on support@cloudns.net.

What our clients say

「ここのサービスは最高でお勧めするしかないんです！
ホスティングや管理については：自分が必要とするどんだけ数の多く、さまざまな利用が可能です（DNS, SSL等々です）。」

Patrick Jud

「皆さん、大変お疲れ様です！

ClouDNSの無料のDNSサービスを利用して今年4年になりますが、今まではずっとゼロのダウンタイムなのです…」

Iskren Slavov
Founder/Full Stack Developer @ Wish Development Ltd

「ClouDNSは凄いです：この間使い始めて、今までずっとうまく行っています。素晴らしいDNSサービスに対するソリューションは心からありがたいです。」

Helinton Dias
@ CloudExperts Consultoria

「ClouDNSを利用して、非常に嬉しいです。インターネット全体的で最高のDNSプロバイダーだと言って過言ではありません。ここの顧客サポート、値段や様々な特徴は一流なのです。」

Christopher Nofal
Manager @ DreamLab LLC

「ウェブエージェンシーである私達には、顧客に共有ホスティングを提供している間に弊社のサーバーに何かの問題が生じても彼らの独立したサービスがそのままでいられることを保証するのは非常に大切です。それでClouDNSにしました…」

Grigor Yosifov
CEO @ Forci Web Consulting Ltd

"ClouDNS provides the best in class DNS services. Prior to ClouDNS we were hosting and managing our DNS servers which was not core to our business so when we compared alternatives ClouDNS was the right fit..."

James Aker
President at Explait @ EXPLAIT, LLC

「親切なサポートに相当な通信：最高のサービス！
最高のサービスはまさにこれだ。」

Steven Pearson

「2014年以来ClouDNSのサービスを使っていますが、一言で言うと本当に最高です。当社が私や私の顧客に提供するサービスは比較できないくらい素晴らしいです。DDoSサブスクリプションをはじめ、本当に価値の高いサービスばかりです。」

Daniel Ives
CEO @ Ives Network t/a Daniel Ives

「本当に最高のサービス：使いやすくてきれいなコントロールパネルに100％の稼働時間、それに値段もお得です。」

Vadim Mikheev

"Got frustrated with the lack of knowledgeable support at GoDaddy, searched for alternate DNS providers and found ClouDNS. Could. Not. Be. Happier..."

Phillip McMahon

"Working with the team at ClouDNS has been very supportive. My experience has been excellent. The team is attentive, knowledgeable and skilled when it comes to Cloud DNS, and I can recommend their professionalism."

J. May
Marketing Chief @ Amaze Communication

"Your customer service is at the top of my list, keep up the good work!"

Sami Sälö
Chairman of the Board @ Salskea Oy

"Outstanding Service. I'm using ClouDNS since 2015 for personal domains. In 2018 moved the domains of the company were i work and we use your services since then. Would never though to go back!!!..."

Stanislav Filavtev

「ビットコインで支払いできるのが可能なことに特にありがたいです。国の銀行システムが破壊されたこの時期にウクライナの顧客に対してとても大事なメリットです。」

Mikhail Chutowski

次の会社に信頼されている:

クッキーは弊社のサービス提供を支えています。サービスのご利用に伴って、準拠したクッキーの使用に同意しているとみなします。もっと知る

What is DNSSEC?

価格設定

How does DNSSEC work?

利点や特徴

How to configure DNSSEC in ClouDNS?

Why should I care about DNSSEC?

DNSSEC-Enabled vs Non-DNSSEC Domains

What is DNSSEC validation?

Who can take advantage of DNSSEC?

Frequently Asked Questions

よくある質問

DNSSEC is available in all of our Premium DNS, DDoS Protected DNS and GeoDNS plans!

What our clients say

次の会社に信頼されている: