🛡️

¿Qué es DNSSEC? — Guía de seguridad

Aprenda cómo DNSSEC protege contra la suplantación DNS.

What is DNSSEC?

DNSSEC (Domain Name System Security Extensions) adds cryptographic authentication to DNS responses. Without DNSSEC, attackers can intercept DNS queries and return forged responses (DNS spoofing). DNSSEC adds digital signatures creating a chain of trust from root DNS servers to individual domains.

How DNSSEC Works

DNSSEC uses public-key cryptography: DNSKEY records contain public keys, RRSIG records contain signatures, DS records link child zones to parents, and NSEC/NSEC3 records prove non-existence.

Why You Need DNSSEC

Without DNSSEC, attackers can:
  • Redirect users to phishing sites
  • Intercept email by poisoning MX records
  • Steal login credentials
  • Distribute malware

How to Enable DNSSEC

Two steps:
  1. Enable DNSSEC signing at your DNS host (Cloudflare, Route 53 offer one-click setup)
  2. Add the DS record at your registrar
Use DNS Visor DNSSEC Validator to verify your configuration.

Pruébalo ahora

Usa nuestro Validador DNSSEC gratuito para poner en práctica estos conocimientos.

Abrir Validador DNSSEC