We’re thrilled to announce the open beta of DNSSEC of our authoritative DNS, marking a significant milestone in our commitment to enhancing internet security. DNSSEC is an extension to DNS protocols that provides an additional layer of trust on top of traditional DNS services. This feature is crucial for preventing attacks where malicious actors redirect users to harmful sites despite entering a valid address. Read on to learn how you can enable DNSSEC to protect your site with Gcore.
What Is DNSSEC?
DNSSEC, or Domain Name System Security Extensions, is a set of technologies that add a layer of security to the Domain Name System (DNS). DNS itself is not inherently secure, which means that bad actors could potentially manipulate DNS entries, leading users to malicious websites instead of the intended ones. This is known as DNS cache poisoning, and this manipulation can lead to serious consequences, like data breaches, malware infections, and lost trust for individuals and businesses. Learn all about DNSSEC and why it’s important for every business in our dedicated article.
How to Enable DNSSEC
Activating DNSSEC for your domains is straightforward, and thanks to our user-friendly process available both via the Gcore Customer Portal or API.
Note: If you are transferring your DNS zone from another provider, disable DNSSEC and wait for the duration of the DS record TTL time first. This precaution helps to avoid potential service interruptions, ensuring a smooth transition to DNSSEC activation.
Via the Gcore Customer Portal
To enable DNSSEC via the Gcore Customer Portal: go to DNS, then navigate to All zones, open the existing zone (or create a new one), ensure that the advanced interface mode setting is enabled for it, and enable DNSSEC toggle:
Copy the DS record from the DNSSEC Configuration window, and make sure to incorporate this DS record into your registrar’s configurations.
You can view DNSSEC configuration, including keys and signing data, by clicking the edit (pencil) icon to the right of the DNSSEC toggle.
Via the Gcore DNS API
To get started with DNSSEC via our API, create a domain zone for DNSSEC, create an RRSet, enable DNSSEC for your domain, and obtain the Delegation Signer record data for your registrar’s control panel.
Upon completing these steps, including adding the Delegation Signer record in your domain registrar’s control panel, changes typically take effect within an hour, although it can take up to 24 hours.
Conclusion
The introduction of Gcore DNSSEC is part of our ongoing mission to provide robust, secure, and reliable internet services. By participating in DNSSEC open beta, you’ll secure your domain while contributing to a safer internet ecosystem. Join us in setting a new standard for DNS security and reliability.
We’re here to support you through every step of the process, including with our DNSSEC documentation and customer support. We welcome your feedback during this open beta phase.
