DNSSEC (DNS Security Extensions) secures your domain and protects your users from threats such as DNS cache poisoning. This article explains what DNSSEC is, how it works at Loopia, and how to enable it for your domain.
What is DNSSEC?
DNSSEC (DNS Security Extensions) is a security extension to the DNS system (which, in simple terms, is used to match a domain to a particular computer on the internet). DNSSEC protects internet users from forged DNS data – for example, data that redirects a visitor to a malicious page or tricks the visitor into giving up sensitive information in the belief that they are visiting their bank’s website. DNS responses secured with DNSSEC are digitally signed, so you can be sure that the DNS data has not been falsified on the way from the DNS server.
Loopia is a pioneer in DNSSEC and was the first registrar in the world to launch support for the technology. Today DNSSEC is supported by only a handful of ccTLDs. Loopia actively works to raise awareness of the need for DNSSEC, and we share our insights, knowledge and experience with several major TLDs.
What is required to enable DNSSEC?
On all .SE and .NU domain names that use our name servers and for which we (Loopia AB) are the registrar, DNSSEC is automatically enabled.
If we are the registrar for your domain name but you use your own or other name servers, you can enable DNSSEC in your Customer zone. Click the domain you want to protect with DNSSEC under the Domain names heading. Then click DNSSEC under the Additional settings for… heading, which is a little further down in the menu.
The values for Key tag, Algorithm, Digest type and Digest are details you need to obtain from your name server provider.
Please note that you can only enable DNSSEC yourself on .se and .nu domains. To enable DNSSEC on another domain type, follow the instructions below:
Send an email to registry@loopia.com including the following information:
- Customer number at Loopia
- Domain name
- keyTag
- alg
- digestType
- digest
More information
For more information about DNSSEC, see the following pages: