All domain names managed with Infomaniak can now be secured with DNSSEC. If you manage your domain entirely with Infomaniak, this free protection can be enabled in a few clicks

Understand what DNSSEC is for

Every URL address corresponds to an IP address, and when someone browsing the internet enters your website’s URL address in their web browser, they go through a DNS server whose role is to redirect to the IP address corresponding to the domain entered (technically, we’re talking about DNS resolution).

When DNSSEC is not enabled on your domain name, an unauthorised person could detect a fault in a DNS server and modify the correspondence between your domain name and your website’s IP address through the IP of their choice. In such an event, the internet user entering your website’s URL address would then be sent to another website which would not correspond to your website’s content.

DNSSEC allows the authenticity of the response provided by the DNS server to be secured and thus ensures that internet users go to the websites they actually want to visit. If a hacker tried to modify your domain name’s IP address in a DNS protected by DNSSEC at the time of resolution, the DNSSEC would refuse its requests as they would not be authenticated.

DNSSEC is therefore a security measure which is additional to a site’s SSL certificate. DNSSEC ensures that the internet user arrives at the site corresponding to the URL address entered, and the SSL certificate then intervenes by encrypting the exchanges between the internet user and the web server of the site they are visiting.

Enabling DNSSEC with Infomaniak

Activer DNSSEC chez Infomaniak

DNSSEC is available with most extensions and is easily enabled on domain names which are completely managed with Infomaniak:

  1. Log into your admin console
  2. go to Domain name
  3. click on the relevant domain name
  4. enable DNSSEC

If your domain’s DNS zone is managed with another registrar, technical information supplied by the latter must be provided. It should be noted that if the information given is incorrect, your domain name will no longer be accessible. We therefore recommend that you transfer total management of your domain to Infomaniak before enabling DNSSEC if you are unfamiliar with DNSSEC.

Checking that DNSSEC is correctly enabled for a site

It is easy to check whether DNSSEC is correctly enabled on a domain name. The simplest method is to install the extension DNSSEC/TLSA Validator with the internet browser Mozilla Firefox.

Once the extension is enabled, you just need to go to the domain to check. The extension will then automatically tell you the DNSSEC status.

Il est facile de vérifier si DNSSEC est bien activé sur un domaine.
It is easy to check whether DNSSEC has been correctly enabled on a domain.