As the Internet continues to expand, we are committed to creating and driving advancements that keep the Internet fast, safe, and reliable for all users.
Website Operators (Registrants)
Domain Name System Security Extension (DNSSEC) provides additional online protection for your customers and your brand. Verisign is committed to working with members of the Internet community to ensure that DNSSEC is broadly successful. Find out what DNSSEC means for you, how you can prepare for DNSSEC, and how Verisign can help.
Given the trajectory of Secure Sockets Layer (SSL) and similar security initiatives, DNSSEC is a business imperative—driven by internal requirements such as risk management and consumer demand for a safer Internet experience.
DNSSEC is an important layer of security for organizations that have a significant online presence or have customers navigating to their site. It increases trust for a multitude of Internet activities, including e-commerce, online banking, email, VoIP, online software distribution, and video on demand.
DNSSEC helps prevent cyber criminals from diverting website visitors or email messages to imposter sites or addresses, where criminals can potentially extract credit card data, steal user passwords, eavesdrop on Voice over IP (VoIP) communications, and defame brands.
Although DNSSEC enhances DNS security, it is not a comprehensive solution. It does not protect against distributed denial of service (DDoS) attacks, ensure confidentiality of data exchanges, encrypt website data, or prevent IP address spoofing and phishing. Other layers of protection, such as DDoS mitigation, security intelligence, Secure Sockets Layer (SSL) encryption and site validation, and two-factor authentication, are also critical to making the Internet more secure. You should use these mechanisms in conjunction with DNSSEC.
Benefits for Registrants
By implementing DNSSEC, you can:
- Help protect your brand and customers.
- Mitigate risk.
- Maintain customers’ trust and loyalty.
- Attract and retain security-focused customers.
- Protect your core business by enhancing trust in the Internet.
- Build your reputation as an organization that is on the forefront of Internet security and cares about protecting customers.
DNSSEC is based on a hierarchy of trust. Entities at higher levels of the hierarchy vouch for entities below them. This means that the entity that provided your domain name (usually a registrar, ISP, or DNS hosting service) must implement DNSSEC before you can enable it.
To enable DNSSEC for your website or network system (e.g., email), you must digitally sign your domain name information. In most cases, you would simply opt-in to this process when you register your domain name. If you have already registered your domain name and choose to implement DNSSEC for your zone, your DNSSEC-enabled registrar would likely have a process for modifying zone records after registration.
Registrants can take steps now to reach their goal of a DNSSEC-enabled environment that helps mitigate risk, maintain end-user trust, and provide a competitive advantage.
Explore and Educate
- Understand how DNSSEC fits into your cyber security strategy.
- Know the benefits and challenges of implementing DNSSEC.
- Ensure that your IT and customer support staff receive appropriate training about DNSSEC.
Evaluate
- Review and update security policies and procedures to reflect your adoption of DNSSEC.
- Determine what your registrar, ISP, or web host is planning to implement for DNSSEC.
Get Involved
Work within your industry to encourage DNSSEC adoption and help develop DNSSEC best practices and approaches that meet the needs of your organization.