Web site Operators

Domain Name System Security Extension (DNSSEC) provides additional online protection for your customers and your brand. Verisign is committed to working with members of the Internet community to ensure that DNSSEC is broadly successful. Find out what DNSSEC means for you, how you can prepare for DNSSEC and how Verisign can help.

Why Act Now

DNSSEC helps prevent cyber criminals from diverting web site visitors or email messages to imposter sites or addresses, where criminals can potentially extract credit card data, steal user passwords, eavesdrop on Voice over IP (VoIP) communications or defame brands.

DNSSEC adoption is gaining momentum. Given the trajectory of Secure Sockets Layer (SSL) and similar security initiatives, DNSSEC will most probably become a business imperative - driven by internal requirements such as risk management and consumer demand for a safer Internet experience.

DNSSEC is an important layer of security for organisations that have a significant online presence or have customers navigating to their site. It increases trust for a multitude of Internet activities, including e-commerce, online banking, email, VoIP, online software distribution and video on demand.

Although DNSSEC enhances DNS security, it is not a comprehensive solution. It does not protect against distributed denial of service (DDoS) attacks, ensure confidentiality of data exchanges, encrypt web site data, or prevent IP address spoofing and phishing. Other layers of protection, such as DDoS mitigation, security intelligence, Secure Sockets Layer (SSL) encryption and site validation and two-factor authentication are also critical to making the Internet more secure. You should use these mechanisms in conjunction with DNSSEC.

DNSSEC Benefits for Registrants
DNSSEC is a key ingredient in a layered approach to Internet security. By implementing DNSSEC, you can:

• Help protect your brand and customers.
• Mitigate risk.
• Maintain customer trust and loyalty.
• Attract and retain security-focused customers.
• Protect your core business by enhancing trust in the Internet.
• Build your reputation as an organisation that is on the forefront of Internet security and cares about protecting customers.

What to Do

DNSSEC is based on a hierarchy of trust. Entities at higher levels of the hierarchy vouch for entities below them. This means that the entity that provided your domain name (usually a registrar, ISP, or DNS hosting service) must implement DNSSEC before you can enable it.

To enable DNSSEC for your web site or network system, e.g. email, you must digitally sign your domain name information. In most cases, you would simply opt-in to this process when you register your domain name. If you have already registered your domain name and choose to implement DNSSEC for your zone, your DNSSEC-enabled registrar would probably have a process for modifying zone records after registration.

Where to Start

Registrants can take steps now to reach their goal of a DNSSEC-enabled environment that helps mitigate risk, maintain end-user trust and provide a competitive advantage.

Explore and Educate

• Understand how DNSSEC fits into your cyber security strategy.
• Know the benefits and challenges of implementing DNSSEC.
• Ensure that your IT and customer support staff receive appropriate training on DNSSEC.

Evaluate

• Review and update security policies and procedures to reflect your adoption of DNSSEC.
• Determine what your registrar, ISP or web host is planning to implement for DNSSEC.

Get Involved
Work within your industry to encourage DNSSEC adoption and help develop DNSSEC best practices and approaches that meet the needs of your organisation.