Know if you got DNSSEC enabled now!

Dark screen shows someone editing a WordPress file

Before we dive into technical jargon, I choose to describe what the former technology is about. You can activate DNSSEC to your domain if you want to improve what the DNS currently does. DNS stands for Domain Name System, and it translates a name like banimoshe.com into an IP address where my site is.

As you may know, I don’t own my domain but rent it. As a Registrant I pay on a yearly basis, so the Registrar updates my records with the Registry, currently operated by Verisign (all .com domains). The Registrar as my provider, allows me to update my DNS records, so I get to decide where to send users once they type my domain name.

Having said that, you don’t have to know where my server is. In fact, you can barely remember phone numbers, so you just want to load a page after typing its domain, right? Well, I’m human too, and for the same reason, I love DNS records. Did you know that DNS now includes a superpower?

I know what DNS is, but what is DNSSEC?

As stated above, DNS translates a domain into an IP address like 190.54.110.23. The way it does it is the following:

  • A user types banimoshe.com or any other .com domain name.
  • The browser sends that request over the Internet.
  • The recursive resolver (could be in your Internet Service Provider) sends the request to the proper initial DNS servers.
  • Such DNS servers are the Root Servers, they know where to ask about the Top Level Domains (like .com).
  • The Top Level Domain Name Servers answers with the domain’s name server (banimoshe).
  • The Domain’s Name Server answers the recursive resolver with the correct IP for the full domain (banimoshe.com).
  • The browser receives the correct IP address to ask the hosting company (could also be proxied) and the website gets loaded.

Now, in my WordPress journey, I realized that most site owners do not know the state of the art. Since the 90s, people were discussing what could be done to improve security in the whole process. So, to strengthen authentication, an additional layer was added, using public keys (cryptography). But if you need more details, you may follow this link, and also a brief PDF here, related to DNS & DNSSEC.

How can I know if I have DNSSEC enabled on my domain?

Please use a link to a free DNSSEC Analyzer right here from Verisign. Type in your domain, you might find yourself like most site owners out there. There are lots of aspects I get to check for my customers after they face a threat, or request my services for risk mitigation.

Those organizations that want to foster trust should activate DNSSEC ASAP.

Yeah, I’ve only seen a handful of those ready for the next web. Look, this isn’t for website owners. Instead, it is for our users. In fact, I’ve worked for huge companies, and they still do not pass this verification.

But hey, don’t panic. I can solve this for you, just click on this link to arrange a meeting, or keep on visiting this portfolio to read what the simplest solution is.

I’m having fun, this is the first post. Each one will show you some of my experience, skills, or inputs for a better web.

Did I mention I love WordPress?