You’re offline. This is a read only version of the page.
Thank you for your feedback
Please let us know how this article can be improved.
Choose all that apply.*
Report a bad link
Out of date (instructions or screenshots)
Missing detail
Other
DNSSEC is a DNS authentication protocol. It is used to verify that the DNS records returned in a domain query are valid.
When your browser does an address look-up (like for a website), the answer does not normally come straight from the name servers for the destination domain (a.k.a. the authoritative servers). They come from a stored cache on the local DNS servers from your internet provider. This is done to speed up the look-up process. Your provider may not have gotten that address from the authoritative servers either. It may have passed through two or more intermediate DNS servers between the authoritative servers and your provider.
The stored address on the local DNS servers may be correct. However, with the standard protocols, the local servers have no way to validate that the address they have stored is the right one. Some mal-actors on the internet will use this lack of validation for malicious purposes. They do so by stepping into the middle of the chain of look-ups and forging DNS responses targeting the sites they want to attack.
DNSSEC provides each DNS server in a chain of queries a way to validate that the answers they received came from the authoritative servers and were not altered somewhere along the chain.
At this time, Turbify does not support DNSSEC, either as a domain registration reseller or as a hosting provider.
As a domain registration reseller, we do not currently have the option to enable DNSSEC for domains that are registered through us and our domain registration partner, Tucows.
As a hosting provider, we are not set up to provide DNSSEC for domains that are registered elsewhere and pointed to our name servers. For DNSSEC to work correctly, it has to be enabled with both the domain registrar and the hosting provider the name servers are pointed to. if it is not enabled at both and configured correctly, the domain will not resolve correctly on the internet.
Some registrars enable DNSSEC for domains registered through them by default. If that happens, DNSSEC has be disabled before the domain can be pointed to Turbify and resolve correctly.
See Also: