What is DNSSEC? Learn about DNSSEC security technology

What is DNSSEC?

With the need for data security and the increasing risk of network attacks, DNSSEC was born as a secure solution for the DNS domain name resolution system. Through the process of testing and perfecting, DNSSEC has effectively supported the establishment of a secure connection, helping users feel more secure when using the internet.

So What is DNSSEC? and how does it work? What advantages does DNSSEC technology have over DNS and SSL? Learn about this security technology with Mat Bao in the following article.

See more:

What is DNSSEC?

What is DNSSEC?

1. What is DNSSEC?

DNSSEC (DNS Security Extensions) is a security technology that extends to the DNS domain name system. This technology provides an authentication mechanism between servers and for each data zone to ensure data integrity. DNSSEC will help users access the correct domain name, avoiding the risk of DNS spoofing.

When a user accesses any domain name with a browser, the resolver will verify the digital signature. Only when the digital signature in the data matches the digital signature already stored in the primary DNS server will the request be made. DNSSEC does not include encryption algorithms, so it does not provide data security, it only supports DNS data validation.

How DNSSEC Works

How DNSSEC Works

2. History of DNSSEC

Plans to research and develop a security system began in the 1990s, when a DNS security flaw was discovered. In 1995, DNSSEC was introduced as a solution to secure DNS server systems. In 2005, DNSSEC was officially announced by IEFT as an RFC standard.

In 2010, the technology began to be deployed at the root domain level for addresses using top-level domains with the .org extension. Next, DNSSEC is updated for .net, .com and .edu domains by country. By November 2011, more than 25% of top-level domains had been applied with DNSSEC.

How DNSSEC Works

DNSSEC is updated for each top-level domain

3. Difference between DNSSEC vs DNS

Compared with DNS, DNSSEC has the following differences:

  • Add DNSKEY records to a zone.
  • Add RRSIG records to a zone.
  • Add NSEC records to a zone.
  • Add DS records to a zone.
  • There was a change to the CNAME record.

4. List of 4 new DNSSEC records

DNS Security Extended Technology – DNSSEC has released 4 new records, including:

  • DNSKEY – DNS Public Key (Record Public Key): used to verify the signature in the RRSIG record.
  • RRSIG – Resource Record Signature: helps to store important information for authentication of accompanying data.
4 new records of DNSSEC extension security technology

4 new records of DNSSEC extension security technology

  • DS – Delegation Signer: authenticates the delegated zone and references the DNSKEY in the sub-authorization zone.
  • NSEC – Next Secure: binds to NSEC to authenticate records that do not exist in the zone, contains associated records in the zone, and lists records that do exist.

5. What are the benefits of DNSSEC?

DNSSEC has an impact on the entire internet infrastructure ecosystem. This technology brings important improvements to the security systems of agencies, businesses, hardware and software providers, and ordinary internet users.

DNSSEC helps improve system security

DNSSEC helps improve system security

The benefits of implementing DNSSEC include:

  • Mitigate threats posed by DNS spoofing, malicious resolver, cache poisoning, and falsifying DNS data.
  • Protect customer data and information from hacker attacks.
  • Helping businesses develop secure services on digital technology platforms.
  • Protect and build brand reputation, build trust with customers.
  • Raise influence, contribute to shaping the future of DNSSEC technology.

6. DNSSEC enabled domain name recognition

Not only helps you answer the question “What is DNSSEC??”, Mat Bao also supports you to check domain status.

  • Check DNSSEC activation status of International domains

Step 1: Access the matbao.net address.

Step 2: Enter the domain name, click Check and then click View.

Step 3: Click on the DNSSEC entry in RAW REGISTRAR to see the results.

Display results:

DNSSEC: signed Delegation – Status of DNSSEC activation successful.

DNSSEC: Unsigned – The status is not enabled DNSSEC.

Domain status check results on Mat Bao

Domain status check results on Mat Bao

  • Check DNSSEC activation status of Vietnamese domain names

Method 1: Access by address http://www.vnnic.vn/whois-information, enter the domain name to be checked and click DNSSEC.

Method 2: Access by address http://dnssec-debugger.verisignlabs.com/ and enter the domain name to be checked.

7. Should SSL be used when using DNSSEC or not?

Both DNSSEC and SSL use PKI – the public cryptographic infrastructure platform, but they perform different functions. Specifically, DNSSEC helps locate website addresses, avoiding location errors. Meanwhile, SSL helps authenticate the identity of the website owner and secures visitor information by encrypting data.

Thus, DNSSEC is a common standard to ensure the security of DNS infrastructure. This technology supports SSL, preventing users from connecting to an incorrect server before the connection is secured by SSL. In short, DNSSEC and SSL are complementary, not interchangeable.

Should DNSSEC and SSL be used at the same time?

Should DNSSEC and SSL be used at the same time?

DNSSEC is a secure solution for the DNS domain name resolution system, bringing absolute peace of mind to users in cyberspace. Hope the above article of Mat Bao has helped you answer your questions “What is DNSSEC??” as well as learn more about this technology.

The image and content of the article are compiled by Mat Bao.

If you need more advice on domain name services – HOSTING – BUSINESS EMAIL – do not hesitate to contact us by information:


NORTH CONSULTING: 024 35 123456

Or contact us by the link: https://www.matbao.net/lien-he.html

By Nguyen Manh Cuong

Nguyen Manh Cuong is the author and founder of the nguyendiep blog. With over 14 years of experience in Online Marketing, he now runs a number of successful websites, and occasionally shares his experience & knowledge on this blog.

Leave a comment

Your email address will not be published. Required fields are marked *