About Us

Afilias' specialized technology makes Internet addresses more accessible and useful through a wide range of applications, including Internet domain registry services, Managed DNS and award-winning mobile Web services.

Strengthen Internet Security: Protect Your Customers with DNSSEC

You don’t want traffic to your site hijacked and rerouted, but can you guarantee that will never happen?

When your customers type in your website URL, their browser uses the Domain Name System (DNS) to retrieve the IP address (or the location) of your website. During the DNS communication process, a bad actor could intercept the query, manipulate your site’s DNS data, and redirect your customers to an identical website run by the hijacker. Once there your customers would most likely feel safe to enter their personal information where it could be stolen by the bad actor.

So, how can you ensure your customers are really reaching YOUR site?

DNSSEC is the Key to Domain Name Security

DNS Security Extensions (DNSSEC) provide DNS data authentication – an additional level of security - that’s used to create the DNS chain of trust:

  1. Your DNS hosting provider, together with the registry (e.g., Afilias) and the registrar (authoritative sources for your DNS data), digitally “signs” your DNS data.
  2. When your customers’ Internet Service Provider (ISP), browser, and other applications (e.g. Windows and MacOS) request your DNS data, they must first validate the information in the digital signature.
  3. No DNS information can be altered with DNSSEC in place. If manipulated data is detected, your customers will be taken to an error page – and never to a fake site.

As the security and stability of the Internet’s core infrastructure is becoming ever more critical, DNSSEC plays an important role in the Internet’s natural evolution. For example, to close the security gap seen among TLS/SSL certifications for e-commerce, DNSSEC enables usage of a new protocol: DNS-Based Authentication of Named Entities (DANE). More DNSSEC applications are expected; make sure you stay up-to-date with the latest developments.

Act Now!

As a domain name holder, you should take these steps to ensure you are benefitting from DNSSEC:

  1. Ensure your domain’s registry and registrar have deployed DNSSEC
  2. Ensure your DNS hosting provider supports DNSSEC (this may be your registrar unless you have made separate arrangements) and is able to sign (and re-sign) your DNS zone files
  3. Make this a technical AND marketing win for your organization: Promote to your customers that they can trust your website as it is protected by DNSSEC
  4. Go one step further: Educate your customers to use and to look for other sites using DNSSEC: ensure their Internet service provider offers a validating DNS resolver, seek and deploy DNSSEC extensions for their favorite applications (e.g., your browser).

Afilias Domains Are DNSSEC-Enabled

Afilias is committed to DNSSEC: we have been an active player since 2008. From the heritage TLDs .ORG and .INFO to .ORGANIC, .LGBT, .VOTE, and many other top-level domains (TLDs) that we operate or manage are DNSSEC-enabled . All of our registrars have the option to offer DNSSEC to their domain name holders, i.e., the registrar is able to accept “Delegation Signer (DS)” records and send them to us.