At Online Marketing Guru, our mission is to help build a better and secure hosting provider in Shepparton. Part of this effort includes making web sites faster, more reliable and more trustworthy. The obvious first choice in protocols to help make websites more secure is HTTPS.
Online Marketing Guru’s product—Free cPanel SSL—helps all website hosted with us to provide a trustworthy browsing experience for their site visitors by giving their site HTTPS support for free.
DNS (Domain Name Server)
DNS is one of the pillars of authority on the Internet. DNS is used to translate domain names (like www.onlinemarketingguru.com.au) to numeric Internet addresses (like 22.214.171.124)—it’s often referred to as the “phone book of the Internet”.
DNSSEC (DNS Security Extensions)
DNSSEC is a set of security extensions to DNS that provides the means for authenticating DNS records. DNSSEC guarantees a web application’s traffic is safely routed to the correct servers so that a site’s visitors are not intercepted by a hidden “man-in-the-middle” attacker. These attacks usually go unnoticed by sites’ visitors, increasing the risk of phishing, malware infections, and personal data leakage.
Do I really need DNSSEC?
If you are running a standard website, without any kind of DNS record validation, the chances that you are exposed to DNS attacks run pretty high. Anyone could trick you and redirect your DNS records wherever they want.
Whether you have a small business website or a high-traffic portal, you will always be exposed to online attacks — especially to the ones originating from the DNS servers that we all use, day by day.
DNS attacks threaten you with downtime and losing customers or important SEO rankings. The most typical attacks affecting websites without DNSSEC include but are not limited to DNS hijacking and DNS spoofing.
How We Deploy DNSSEC?
There are three places where DNSSEC needs to be enabled and configured for it to protect domains from spoofing and poisoning attacks:
The DNS zone for your domain must serve special DNSSEC records for public keys (DNSKEY), signatures (RRSIG), and non-existence (NSEC, or NSEC3 and NSEC3PARAM) to authenticate your zone’s contents. Online Marketing Guru has enabled DNSSEC feature by using the latest DNS Authoritative Server.
For full DNSSEC protection, we are using a DNS resolver that validates signatures for DNSSEC-signed domains. We enabled our server resolver configuration to use Google Public DNS resolvers that validate DNSSEC.
The registrar must support DNSSEC that you are using. If you cannot add a DS record through your domain registrar to activate DNSSEC, enabling DNSSEC in cPanel DNS has no effect.
Online Marketing Guru is planning to add the DNSSEC to all the domains, which are registered, managed and hosted by us in coming weeks/months.