back
The only key that unlocks the power of your domain name

Domain Protect (DNSSEC)

There are unscrupulous people online who may try to intercept visitors to your website and redirect those visitors to a malicious website with the aim of stealing credentials and data from your visitors. One of the ways they may try to do this is by tampering with DNS, the system which matches domain names to actual servers on the Internet.

Domain Protect (DNSSEC) from Easyspace gives you and your users an unbreakable chain of trust from a user typing in your address, to seeing your website.

Think of Domain Protect (DNSSEC) as a key and padlock. The padlock exists on the global domain name network (DNS), and the Domain Protect key with your Easyspace domain name is the ONLY way of opening the lock. This is the only way to guarantee a verified connection to your domain name.

Domain protect (DNSSEC) from Easyspace enables this with the click of a button. We do all the hard-work in the background, so you can sleep soundly knowing you’re domain name is protected.

  • Fully secure your domain - end to end
  • Enterprise level protection - with 1 click
  • Protect your business - protect your brand

DNS Backups

Domain Protect (DNSSEC) now includes DNS backups. In your Easyspace control panel, you can view, download, and restore zone files from the past 60 days. These zone files contain vital details like IP addresses, domain names, MX records, and other service information. Backing up zone files allows you to revert changes if you make a mistake during DNS updates. Remember, zone files are plain text files stored on DNS servers, and they’re essential for DNS functionality. Proper zone file management ensures smooth DNS operation.

What’s the difference between Secure Hosting
or Secure Domain Forwarding and Domain Protect?

Secure Hosting or Secure Domain Forwarding are security certificates on the hosting or forwarding environment. These make sure the content is Secure via SSL (Secure Socket Layer). But Domain Protect (DNSSEC) secures the DNS on your domain.

With normal phishing the bad guys depend on end users clicking on a link using a domain name which may or may not look similar to the real one (ie www.easyspace.com.evilhaxxor.net). Users are getting wiser to that. So they’ve changed tact. The really bad guys will now poison/hack DNS servers instead so that when you click on the real link - www.easyspace.com - you end up on the malicious site without ever knowing about it (until it's too late). Domain Protect (DNSSEC) from Easyspace intercepts this and prevents the site loading on the browser.

What are the advantages of Domain Protect (DNSSEC)?

Domain Protect (DNSSEC) is aimed at strengthening trust in the Internet by protecting users from redirection to fraudulent websites and unintended addresses. Using Domain Protect (DNSSEC) can protect you from malicious activities like cache poisoning, pharming, and man-in-the-middle attacks.

Domain Protect (DNSSEC) authenticates the resolution of IP addresses with a cryptographic signature, so you know any answers provided by the DNS server are valid and authentic. When Domain Protect (DNSSEC) is properly enabled for your domain name, your visitors can rest assured they’re connecting to your actual website corresponding to a particular domain name.

How does Domain Protect (DNSSEC) work?

The original purpose of Domain Protect (DNSSEC) was to protect Internet clients from counterfeit DNS data by verifying digital signatures embedded in the data.

When a visitor enters the domain name in a browser, the resolver verifies the digital signature.

If the digital signatures in the data match those that are stored in the master DNS servers, then the data is allowed to access the client computer making the request.

The Domain Protect (DNSSEC) digital signature ensures that you're communicating with the site or Internet location you wanted to visit.

Domain Protect (DNSSEC) uses a system of public keys and digital signatures to verify data. It simply adds new records to DNS alongside existing records. These new record types, such as RRSIG and DNSKEY, can be retrieved in the same way as common records such as A, CNAME and MX.

These new records are used to digitally "sign" a domain, using a method known as public key cryptography.

A signed nameserver has a public and private key for each zone. When someone makes a request, it sends information signed with its private key, and the recipient then unlocks it with the public key. If a third party tries to send untrustworthy information, it won’t unlock properly with the public key, so the recipient will know the information is bogus.