DNSSEC

DNS  is a system used to convert domain names into IP addresses. You need the system to surf, send e-mails, but also for telephony, file transfers, etc. DNS is however an unsecured protocol. The exchanged messages are not encrypted and the origin of the reply cannot be clearly traced.

It is possible to infect the cache of the Domain Name Servers with false information, so that a domain name is no longer linked to the right IP address. In concrete terms, this means that at that moment you are not communicating with whom you think you are communicating because there is no verification whether the reply given is authentic and stemming from the right server.  

DNSSEC  (Domain Name System Security Extensions) is a security extension on the DNS to prevent cybercriminals from diverting users to fake sites.  

How can DNSSEC provide protection?  

A digital signature is linked to all DNS data of a domain. When you as a user call up a domain name (e.g. when you visit a website or send an e-mail), the resolver checks the signature with the help of keys.

DNSSEC makes the traffic safer but it is not the ultimate security solution. It does not provide a solution to typosquatting and phishing, for instance. 

How can you set your DNSSEC for your domain name?  

Just like an SSL certificate and the https connection, DNSSEC is an additional link in the security chain of a website.  

Registrants of .be domain names can have their domain name secured with DNSSEC via their registrar.  

DNSSEC policy statement .brussels & .vlaanderen

* This document is not fully accessible to everyone. If you would like more information about this document, send an e-mail to support@dnsbelgium.be. Read more about our accessibility statement.