🛡️

Qu'est-ce que DNSSEC? — Guide de sécurité

Découvrez comment DNSSEC protège contre le spoofing DNS.

What is DNSSEC?

DNSSEC (Domain Name System Security Extensions) adds cryptographic authentication to DNS responses. Without DNSSEC, attackers can intercept DNS queries and return forged responses (DNS spoofing). DNSSEC adds digital signatures creating a chain of trust from root DNS servers to individual domains.

How DNSSEC Works

DNSSEC uses public-key cryptography: DNSKEY records contain public keys, RRSIG records contain signatures, DS records link child zones to parents, and NSEC/NSEC3 records prove non-existence.

Why You Need DNSSEC

Without DNSSEC, attackers can:
  • Redirect users to phishing sites
  • Intercept email by poisoning MX records
  • Steal login credentials
  • Distribute malware

How to Enable DNSSEC

Two steps:
  1. Enable DNSSEC signing at your DNS host (Cloudflare, Route 53 offer one-click setup)
  2. Add the DS record at your registrar
Use DNS Visor DNSSEC Validator to verify your configuration.

Essayez maintenant

Utilisez notre Validateur DNSSEC gratuit pour mettre ces connaissances en pratique.

Ouvrir Validateur DNSSEC