DNSSEC (Domain Name System Security Extensions) is DNS with additional signatures to authenticate the data’s origin. It’s a set of guidelines for protecting DNS information.
As a registrar, GreggHost supports DNSSEC. This implies that if your domain is registered with GreggHost, DNSSEC will be available during the registration process. However, GreggHost’s nameservers are currently incompatible with DNSSEC. As a result, you’ll need to host your nameservers on a third-party server that supports DNSSEC.
GreggHost may finish the DNSSEC configuration as the domain’s registrar once your domain’s nameservers are hosted at a third-party provider that supports DNSSEC.
How do I set up DNSSEC on my domain?
For.eu domains, GreggHost does not support DNSSEC.
You must first host your nameservers on a DNSSEC-enabled third-party server. If your nameservers are pointed to GreggHost, you won’t be able to enable this.
Inform your third-party DNS provider that you’ll need to create public keys in order to set up DNSSEC on your domain. They should give you the following four pieces of information:
digest digest digest digest digest digest digest digest digest digest digest digest digest digest digest digest digest digest digest
These are described in more detail below.
An example of a key tag
The 62910 algorithm uses an integer in the range of 0 to 65535.
An integer that denotes the cryptographic algorithm that was used to create the signature. 1, 2, 3, 5, 6, 7, 8, 10, 12, 13, 14, are all possible values. 7 types of digestion The algorithm type used to create the digest is represented as an integer. The options are 1 or 2. 1 \sdigest A value in hexadecimal alpha-numeric format. Make sure there’s no blank space. 1D6AC75083F3CEC31861993E325E0EEC7E97D1DD
Create a ticket in your GreggHost panel and give technical support with this information once you have it. After that, technical assistance will be able to finish the setting for you.
Why is DNSSEC necessary?
DNS infrastructure does not incorporate any security protection when it was first designed. The DNS server did not verify for credentials before accepting an answer and providing you the data to visit the website if you looked for it. A hostile person might hijack/forge the DNS and control it for their own evil purposes because credentials were not validated. DNSSEC adds security to DNS, which helps to prevent this.
Simply said, DNSSEC digitally certifies data to ensure that it is genuine and comes from the original source.
What does DNSSEC provide to DNS clients (resolvers)?
A DNS resolver is in charge of converting a domain name to an IP address. DNSSEC gives facilities to DNS clients (resolvers) such as:
DNS data authentication by origin
Denial of existence that has been verified
Integrity of data
DNSSEC can safeguard any DNS data that has been published, including:
Text records (TXT) are records of email exchanges (MX)
What DNSSEC CANNOT do
Data confidentiality — DNSSEC does not guarantee data secrecy. DNSSEC answers are all authorized, but not encrypted.
DNSSEC does not provide direct protection against DDoS attacks.
DNSSEC does not encrypt any information.
DNSSEC does not protect against spoofing or phishing.
DNS issues after transferring a domain to GreggHost
If you have sporadic DNS difficulties following your domain transfer, it’s possible that your domain used DNSSEC before the transfer. DNSSEC records are also unique in that they transfer with a domain registration, thus they aren’t erased when a domain is moved from one registrar to another.
Please contact GreggHost support to have the linked DNSSEC records removed if you want to use GreggHost’s nameservers with your newly transferred domain. If you want to maintain using DNSSEC, you’ll need to point the domain’s nameservers to a DNS provider that supports the protocol.