DNSSEC

Back up to the Domains Category
From AAISP Support Site


DNSSEC provides a means for you to sign domains to ensure they are secure.

There is a lot of information on what DNSSEC is and how it works on the internet. It means that authoritative zones can now be signed so they cannot be spoofed, and DNS resolvers can check the signing. The signing delegated from the root down, and some zones can now be signed (notably this includes UK domains now).

For the DNS system itself this simply means some new record types. The impact in the longer term will be more resolvers checking signing, and more zones being signed, so less spoofing and forgery will be possible. It also has the chance to break things in various ways and so is being deployed slowly.

Resolvers

Our resolvers handle DNSSEC based queries, for the relevant records and for checking signed records if you want to trust our resolvers.

Registry

We can lodge DS data records with the registry where available. You can do this on our control pages for .uk domains. For other domains, contact support.

Zone files

Where we manage your domain we do not currently sign the zone, but plan to soon (as an option), signed with our keys.