DNSSEC je funkcia systému názvov domén (DNS), ktorá overuje odpovede na vyhľadávanie doménových mien. Zabraňuje útočníkom manipulovať alebo prepísať odpovede na požiadavky DNS. Technológia DNS nebola navrhnutá s ohľadom na bezpečnosť. Jedným z príkladov útoku na infraštruktúru DNS je spoofing DNS. V takom prípade útočník prepíše vyrovnávaciu pamäť DNS prekladača, čo spôsobí, že používatelia, ktorí navštívia webovú stránku, dostanú nesprávnu IP adresu a namiesto originálnych webových stránok zobrazia útočníkovu škodlivú stránku.
Služby správy DNSSEC sú súčasťou našich plánov hostenia DNS - Premium DNS, DDoS Protected DNS a GeoDNS. Žiadne ďalšie náklady za lepšiu bezpečnosť!
Premium S $2.95/mesiac |
Premium M $4.95/mesiac |
Premium L $14.95/mesiac |
|
---|---|---|---|
? Anycast DNS spravovaný vďaka DNSSEC: | |||
? DNS zóny: | 5 | 50 | 400 |
? Záznamy DNS: | 200 | 2,000 | 20,000 |
? DNS queries za mesiac: | i 5M | i 200M | Neobmedzený |
? Mail forwards: | 10 | 100 | 1,000 |
? Kontroly zlyhania a monitorovania DNS: | 1 | 2 | 3 |
Úplne bezplatná skúšobná verzia. Nevyžadujú sa žiadne kreditné karty. Žiadne triky. |
When you activate DNSSEC, we'll generate a public-private key pair for your zone. The public key, provided as DS or DNSKEY records, should be configured with your domain provider. Our network will use the private key to sign your records during zone deployment. The end-user resolver checks these signatures against the public keys to authenticate record integrity during transfer.
DNSSEC aims to enhance user safety by verifying digital signatures after a user enters a domain name. Information can only reach the user's device when digital signatures match between the data and the Primary DNS server, ensuring connection to a legitimate website. It utilizes digital signatures and public keys to validate information, adding new records to existing DNS entries like A, CNAME, and MX. DNSKEY and RRSIG digitally sign DNS data using public-key cryptography. Each DNS zone's name server holds public and private keys. When a user queries, the server provides information signed with its private key, which the recipient opens with the public key. If information is modified, it won't open correctly, triggering an error message.
Stačí kliknúť na aktivačné tlačidlo na ovládacom paneli a náš systém zabezpečí zónu. Budete musieť iba pridať DS záznamy u poskytovateľa a nastavenie bude dokončené.
Používame algoritmus eliptickej krivky (ECDSA P-256) pre všetky podpisy, ktorý je silnejší a menší ako štandardné kľúče RSA.
Udržiavanie čo najmenších odpovedí na DNS znamená vyššiu rýchlosť pre vás! Naša sieť Anycast DNS navyše poskytuje rýchlejšiu reakciu z najbližšieho miesta na prekladač.
Bez ohľadu na to, v ktorý deň, a kedy, poskytujeme kontinuálne, nepretržité monitorovanie a podporu siete. Náš tím technickej podpory je pre vás online 24 hodín denne, 7 dní v týždni prostredníctvom živého chatu a správ. Vaše zóny môžeme migrovať zadarmo, viac tu.
To activate DNSSEC signing and obtain the domain DS records and DNSKEY records, you need to process the following steps:
Optional: For additional details and guidance about DNSSEC implementation, refer to the ClouDNS DNSSEC wiki page.
When you want to connect to a particular website, your browser should get the corresponding IP address. Unfortunately, there is a chance an attacker to intercept your DNS queries and place fake information. As a result, your browser will connect to a forged website where you could potentially enter personal information, like bank details.
Thanks to DNSSEC, there is an additional level of security, and your browser is able to check if the DNS data is actually correct and not changed. In addition, DNSSEC is used not only for the web but also by any other Internet service or protocol, for instance, SMTP and Voice-over- IP (VoIP).
With DNSSEC, you can protect your domain from vulnerabilities like:
Domains with enabled DNSSEC offer cryptographic security, ensuring authentic DNS data and protecting users from attacks and traffic interception. They safeguard brands from DNS hijacking and reputation damage. In contrast, domains without DNSSEC lack this protection, making them more vulnerable to attacks and putting both users and brands at risk.
Feature | DNSSEC-Enabled Domains | Non-DNSSEC Domains |
---|---|---|
Zabezpečenie | Cryptographically secured | Vulnerable to DNS attacks |
Trust | Verified, authentic DNS data | Unverified, prone to spoofing |
User Safety | Guaranteed traffic integrity | Risk of traffic interception |
Brand Protection | Shielded from DNS hijacking | Open to reputation damage |
DNSSEC validation is a simple process that includes the following steps:
DNSSEC can benefit anyone with an online presence, from large companies to individual website owners. It helps protect against cyber threats like DNS spoofing and cache poisoning, making it essential for businesses that rely on secure communication, such as e-commerce sites, financial institutions, government agencies, and healthcare providers. Even small businesses and personal websites can use DNSSEC to protect their data and reputation. By securing domain information, DNSSEC ensures users can trust the integrity and authenticity of a site, providing safer, more reliable online experiences for everyone.
"Túto službu môžem iba doporučiť.
Informácie o hosťovaní a ovládaní:
- Veľké množstvo možností v každej časti, ktorú potrebujete (DNS, SSL atď.) ... “
Patrick Jud