Back to tutorials
What is DNSSEC?
DNSSEC (Domain Name System Security Extensions) is a technology that strengthens authentication in the DNS by using digital signatures. It allows a DNS client to verify that the responses it receives from a DNS server are authentic and have not been tampered with. It does not encrypt queries, but it guarantees their integrity.
Why use DNSSEC?
The DNS was designed without security. An attacker can intercept a DNS query and return a fake IP address, redirecting a user to a malicious site. This is known as DNS cache poisoning. DNSSEC prevents this type of attack.
Prerequisites
- A working BIND9 DNS server, acting as master for a zone (e.g. `example.com`).
- Root access or sudo privileges.
- Your domain name registrar must support DNSSEC so you can publish your keys.
Premium Content
This advanced tutorial is reserved for premium members.
9,90€ / month
- All advanced tutorials
- New content every week
- Progress tracking
- Cancel anytime
Comments