www.namecheap.com
Open in
urlscan Pro
104.16.99.56
Public Scan
Submitted URL: http://www.namecheap.com/support/knowledgebase/article.aspx/9717/2232/what-is-dnssec
Effective URL: https://www.namecheap.com/support/knowledgebase/article.aspx/9717/2232/what-is-dnssec/
Submission: On December 18 via api from FR — Scanned from FR
Effective URL: https://www.namecheap.com/support/knowledgebase/article.aspx/9717/2232/what-is-dnssec/
Submission: On December 18 via api from FR — Scanned from FR
Form analysis 4 forms found in the DOM
POST https://www.namecheap.com/myaccount/login/
<form class="gb-login-form" method="post" action="https://www.namecheap.com/myaccount/login/"><input type="text" name="LoginUserName" class="gb-form-control gb-mb-2" autocomplete="off" placeholder="Username"><input type="password"
name="LoginPassword" class="gb-form-control gb-mb-2" autocomplete="off" placeholder="Password"><input name="sessionEncryptValue" type="hidden"
value="MYTPGiBt53bRkLm+kBr2q2BdMTbsfAyoJfpLRuQEWYYa+T6Xb9IOS+A4G/VooOcwnF/e00o3Ld7JxDqoi8FoFKnyEhMns8/1"><button class="gb-btn gb-btn--block gb-btn--secondary gb-btn--lg gb-mb-2" type="submit"><span>Sign In</span></button>
<div class="gb-text-center"><a class="gb-login-form__link" href="https://ap.www.namecheap.com/ResetPassword"><span>Forgot your password?</span></a></div>
<a class="gb-btn gb-btn--primary gb-btn--block gb-d-sm-none gb-mt-2" href="https://www.namecheap.com/myaccount/signup/"><span>Sign Up</span></a>
</form>GET https://www.namecheap.com/support/knowledgebase/searchResult.aspx
<form class="gb-search-form" method="get" action="https://www.namecheap.com/support/knowledgebase/searchResult.aspx">
<div class="gb-search-form__slide">
<div class="gb-container">
<div class="gb-input-group"><input type="search" name="q" class="gb-input-group__item gb-form-control" placeholder="Search Namecheap"><button type="submit"
class="gb-input-group__item gb-btn gb-btn--primary"><i class="gb-icon gb-icon-search gb-d-lg-none gb-align-middle"></i><span class="gb-d-none gb-d-lg-block"><span>Search</span></span></button></div>
</div><button type="button" class="gb-search-form__close gb-d-none gb-d-lg-block"><i class="gb-icon gb-icon-close"></i></button>
</div>
</form>GET /knowledgebase/search/
<form action="/knowledgebase/search/" method="GET">
<div class="gb-search">
<div class="gb-search__wrap"><input type="search" class="gb-search__field" placeholder="Search knowledgebase" name="q" value="" required=""><span class="gb-search__bg"></span></div><button type="submit"
class=" gb-btn gb-btn--primary gb-search__submit">Search</button>
</div>
</form>GET https://www.namecheap.com/newsletter/signup/subscribe/
<form class="gb-mb-3" method="get" action="https://www.namecheap.com/newsletter/signup/subscribe/">
<div class="gb-input-group"><input type="email" name="email" class="gb-input-group__item gb-form-control" placeholder="you@yours.com"
pattern="[_A-Za-z0-9"-\+!#$%&'*.+\/=?^_`{|}~\s]+(\.[_A-Za-z0-9-\+!#$%&'*+\/=?^_`{|}~]+)*@(?!-)[A-Za-z0-9-]+(?<!-)(\.[A-Za-z0-9]+)*(\.[A-Za-z]{2,})$" required="" aria-labelledby="join-newsletter"><input type="hidden" name="action"
value="subscribe"><input type="hidden" name="source" value="/footer/"><button type="submit" class="gb-input-group__item gb-btn gb-btn--primary"><span>Join</span></button></div>
</form>Text Content
Contact us Submit TicketLive ChatReport Abuse Sign In Sign In Forgot your password? Sign Up Sign Up Your Cart Subtotal$0.00 View Cart USD U.S. DollarEuroBritish PoundCanadian DollarsAustralian DollarsIndian RupeesChina Yuan RMBMore Info → Search DomainsNEW Domain Name SearchDomain TransferNew TLDsHandshake domainsNEWBulk Domain SearchTLD ListMarketplaceWhois LookupPremiumDNSFreeDNS Hosting Shared HostingWordPress HostingReseller HostingVPS HostingDedicated ServersMigrate to Namecheap WordPress Managed WordPress HostingMigrate to WordPress EmailNEW AppsNEW MarketplaceRelateSocialNEWCDNID ValidationSubscriptionsVisualSite MakerNEWLogo MakerBusiness Card Maker SecurityNEW SSL CertificatesDomain PrivacyPremiumDNSCDNVPNUPDATEDID ValidationNEW2FAPublic DNSAnti-Spam ProtectionNEW Transfer to UsTRY ME Transfer DomainsMigrate HostingMigrate WordPressMigrate Email Help Center KnowledgebaseGuru GuidesExpert SummitBlogHow-To VideosStatus Updates Account DashboardExpiring SoonDomain ListHosting ListPrivate EmailSSL CertificatesProfile SupportKnowledgebaseDomainsDNSSEC Search * Apps * VPN * How to set up VPN? * Router VPN setup * Windows built-in VPN setup * Supersonic CDN * Google Workspace (formerly G Suite) * EasyWP * How-To Videos * Domains How-To * Hosting How-To * Sales & Payments How-To * cPanel Email How-To * EasyWP How-To * SSL How-To * General & Support * Checkout & Billing * Billing FAQ * Domains Billing * Hosting Billing * SSL Certificates Billing * Private Email * Domains * DNSSEC * Google Workspace (formerly G Suite) * Host records setup * Domain Management * DNS Questions * Dynamic DNS * Registrations * Renewal questions * Domains with extended attributes * FreeDNS * Marketplace * 3rd Party Services Setup * Handshake TLDs * Domain Privacy Protection * Domain Transfers * Transfer Information * Transfer to Namecheap * Transfer to another provider * Canceled Transfers * Hosting * PHP Configuration * SEO * InterWorx questions * Getting Started * Hosting Information * cPanel questions * cPanel: Software Management * cPanel: WordPress * cPanel Add-ons * VPS * Dedicated Server * WHM questions * DNS settings * LVE (CloudLinux) * SSH Access * FTP questions * MySQL questions * Hosting Migration * Tips & Tricks * WHMCS * SSL Installation * Email service * Spam Protection * Email Migration * Private Email Contacts and Calendars Setup * Private Email: General Information * Private Email: Mailbox Management * Email Forwarding * Private Email: DNS Settings * Private Email: Webmail Features * Private Email: Client Setup * Private Email: Active Sync (Exchange) Setup * cPanel Email FAQs * cPanel Email: Client Setup * Private Email: Video Overview * SSL Certificates * Renewal * cPanel SSL Plugin * Multi-Domain SSL Certificates * Cancellation * Browser errors * Site Seal, Logo * SSL installation errors * SSL General * Activation * Validation * Installation * Reissuance * My Account * Account Security * Profile Management * Account Access * Affiliates * API & Resellers * SSL Resellers * Hosting Resellers * Namecheap API * WHMCS module for SSL * Legacy Products * PremiumDNS * FastVPN * General * Chrome OS * Routers * TV * Gaming Consoles * macOS * iOS * Linux * Windows * Android WHAT IS DNSSEC? Understanding DNS Understanding DNSSEC first requires basic knowledge of how the DNS system works. The DNS is used to translate domain names (like example.com) into numeric Internet addresses (like 198.161.0.1). Although this address system is very efficient for computers to read and process the data, it is extremely difficult for people to remember. Let’s say that every time when you need to check a website, you should remember the IP address of the machine where it is located. People often call the DNS system the "phone book of the Internet". To solve this problem, a numeric IP address was attached to every domain name. The website addresses we know are actually domain names. Domain name information is stored and accessed on special servers, known as domain name servers, that convert domain names into IP addresses and vice versa. The top level of the DNS resides in the root zone where all IP addresses and domain names are kept in databases and sorted by top-level domain name, such as .com, .net, .org, etc. When the DNS was first implemented, it was not secured, and soon after being put into use, several vulnerabilities were discovered. As a result, a security system was developed in the form of extensions that could be added to the existing DNS protocols. Domain name system security extensions (DNSSEC) are a set of protocols that add a layer of security to the domain name system (DNS) lookup and exchange processes, which have become integral in accessing websites through the Internet. Advantages of DNSSEC DNSSEC is aimed at strengthening trust in the Internet by helping to protect users from redirection to fraudulent websites and unintended addresses. In such a way, malicious activities like cache poisoning, pharming, and man-in-the-middle attacks can be prevented. DNSSEC authenticates the resolution of IP addresses with a cryptographic signature, to make sure that answers provided by the DNS server are valid and authentic. In case DNSSEC is properly enabled for your domain name, the visitors can be ensured that they are connecting to the actual website corresponding to a particular domain name. How DNSSEC Works The original purpose of DNSSEC was to protect Internet clients from counterfeit DNS data by verifying digital signatures embedded in the data. When a visitor enters the domain name in a browser, the resolver verifies the digital signature. If the digital signatures in the data match those that are stored in the master DNS servers, then the data is allowed to access the client computer making the request. The DNSSEC digital signature ensures that you're communicating with the site or Internet location you intended to visit. DNSSEC uses a system of public keys and digital signatures to verify data. It simply adds new records to DNS alongside existing records. These new record types, such as RRSIG and DNSKEY, can be retrieved in the same way as common records such as A, CNAME and MX. These new records are used to digitally "sign" a domain, using a method known as public key cryptography. A signed nameserver has a public and private key for each zone. When someone makes a request, it sends information signed with its private key; the recipient then unlocks it with the public key. If a third party tries to send untrustworthy information, it won’t unlock properly with the public key, so the recipient will know the information is bogus. Note that DNSSEC does not provide data confidentiality because it does not include encryption algorithms. It only carries the keys required to authenticate DNS data as genuine or genuinely not available. Also, DNSSEC does not protect against DDoS Attacks. Keys used by DNSSEC There are two types of keys that are used by DNSSEC: · The zone signing key (ZSK) - is used to sign and validate the individual record sets within the zone. · The key signing key (KSK) - is used to sign the DNSKEY records in the zone. Both of these keys are stored as "DNSKEY" records in the zone file. Viewing the DS record The DS record stands for Delegation Signer, and it contains a unique string of your public key as well as metadata about the key, such as what algorithm it uses. Each DS record consists of four fields: KeyTag, Algorithm, DigestType and Digest and it looks like the following: We can break up different components of the DS record to see what information each part holds: * Example.com. - domain name that the DS is for. * 3600 - TTL, the time that the record may remain in cache. * IN stands for internet. * 2371 - Key Tag, ID of the key. * 13 - algorithm type. Each allowed algorithm in DNSSEC has a specified number. Algorithm 13 is ECDSA with a P-256 curve using SHA-256. * 2 - Digest Type, or the hash function that was used to generate the digest from the public key. * The long string at the end is the Digest, or the hash of the public key. All DS records must comply with RFC 3658. You can always use the DNSSEC Debugger in order to find out if there are any issues with the domain name settings. The detailed instructions on its usage can be found in the "How can I check that DNSSEC is working?" article. If you have any questions, feel free to contact our Support Team. ASSOCIATED ARTICLES Nameservers and TLDs supported/unsupported by DNSSEC How can I check that DNSSEC is working? Managing DNSSEC for domains pointed to Premium or BasicDNS Managing DNSSEC for domains pointed to Custom DNS Updated 9/7/2018 Viewed 99290 times Need help? We're always here for you. Go to Live Chat page We make registering, hosting, and managing domains for yourself or others easy and affordable, because the internet needs people. * Accessibility * About Namecheap * Read our blog Join Our Newsletter & Marketing Communication We'll send you news and offers. Join * * * * Domains * Domain Name Search * Domain Transfer * New TLDs * Handshake domainsNEW * Personal Domain * Marketplace * Whois Lookup * PremiumDNS * FreeDNS Hosting * Shared Hosting * WordPress Hosting * Reseller Hosting * VPS Hosting * Dedicated Servers * Private Email Hosting * Migrate to Namecheap WordPress * Shared Hosting * WordPress Hosting * Migrate WordPress Security * Domain Privacy * PremiumDNS * VPNUPDATED * 2FA * Public DNS * Anti-Spam ProtectionNEW Transfer to UsTRY ME * Domain Transfer * Migrate Hosting * Migrate WordPress * Migrate Email SSL Certificates * Comodo * Organization Validation * Domain Validation * Extended Validation * Single Domain * Wildcard * Multi-Domain Resellers * SSL Certificates * Reseller Hosting Promos Guru Guides Help Center * Status Updates * Knowledgebase * How-To Videos * Submit Ticket * Live Chat * Report Abuse Apps * Marketplace * Relate * RelateSocialNEW * CDN * Visual * Site Maker * Logo Maker * Business Card Maker * ID Validation * Subscriptions Careers Affiliates Send us Feedback Accessibility The entirety of this site is protected by copyright © 2000–2021 Namecheap, Inc. 4600 East Washington Street, Suite 305, Phoenix, AZ 85034, USA * Terms and Conditions * Privacy Policy * UDRP * Cookie Preferences WE SUPPORT Electronic Frontier Foundation Fight For The Future We are an ICANN accredited registrar. Serving customers since 2001. Payment Options * American Express * Bitcoin * MasterCard * PayPal * Visa * Discover * * Android app on google play * iOS App Store YOUR PRIVACY IS IMPORTANT TO US We use cookies to understand how you use our site and to improve your overall experience. This includes personalizing content and advertising. By continuing to use our site, you accept our use of cookies, revisedPrivacy Policy,Terms of Service andCookie Policy. Accept all Reject all Manage preferences