What is DNSSEC and what does it do?
DNSSEC is an end-to-end security layer designed to ensure secure communication throughout the domain name system. DNSSEC provides a layer of authentication so that an end user has certain assurances that they are reaching the actual website.
If your Registrar of choice does not offer DNSSEC, contact them and request that they support this important web security initiative.
Why is DNSSEC relevant to me, a .CA holder?
Is your .CA a popular hub for web traffic? Is it providing an important service to Canadians? Do you use it as the main portal for your business? Each day, sophisticated online attacks result in costly downtime and compromised valuable data for domain holders across the Internet. These online attacks come in many forms:
- DNS Spoofing, where a hacker gains access to a domain’s DNS names servers in order to redirect visitors to a website of the hackers choosing.
- DNS Hijacking, where a hacker can modify DNS information to gain control of the complete DNS information of the domain.
DNSSSEC gives .CA owners a head start in DNS security protection against these types of advanced and targeted online attacks.
How does DNSSEC work for a .CA holder?
Once enabled, DNSSEC applies digital signatures to incoming DNS data to scan for authenticity and to verify its integrity. This is established through a process called a “Chain of Trust”. What this ultimately means is that your DNSSEC enabled .CA domain is performing additional validation on incoming messages to help ensure that your domain remains protected from sophisticated attacks.
What can DNSSEC offer me?
- Reliability: Help ensure that what you are presenting to the online world on your .CA has not been tampered or compromised at the DNS level.
- Seal of Quality: Enabling your .CA with DNSSEC is a clear sign that you take online security seriously.
- Future proof: DNSSEC may soon become a compulsory security upgrade.
Read the full CIRA DNSSEC Practice Statement for .CA and CIRA’s DNSSEC Practice Statement for gTLDs.