fully supports DNSSEC: a single click is required to enable it, keys rollover is completely automated, with no user intervention required.



DNSSEC was designed to protect applications (and caching resolvers serving those applications) from using forged or manipulated DNS data, such as that created by DNS cache poisoning. All answers from protected zones are digitally signed. By checking the digital signature, a DNS resolver is able to check if the information is identical (i.e. unmodified and complete) to the information published by the zone owner and served on an authoritative DNS server. While protecting IP addresses is the immediate concern for many users, DNSSEC can protect any data published in the DNS, including text records (TXT), mail exchange records (MX), and can be used to bootstrap other security systems that publish references to cryptographic certificates stored in the DNS such as CERT records (From Wikipedia). uses the more secure NSEC3 for denial of existence.



Read our howto to discover more and learn how to sign your zones: our technical support team is available to help you.