DNSSEC verified ( term DNSSEC stands for Domain Name System Security Extensions and takes care of verifying domain names. In short it checks that you are connected the the website that is mentioned in your address bar. DNS is the last system on the internet which is not secured. DNSSEC is a extension on the current DNS system to make it more secure. Malicious people could use DNS spoofing to redirect you to a different website than the original. This often is a fake website which looks like the original. When you enter your credit card number on that site the malicious people have your credit card number which they can use to purchase things. DNSSEC makes it very hard to manipulate the data.


I manage some 11 domain names, which 10 have DNSSEC enabled (the last domain isn't yet supported by the domain registrar). This means that you can say with great certainty that you are connected to my webserver. I'll admit that my websites don't contain very sensitive information, but I still enabled it. Why? Because I'm a nerd (ahum) and I like to try out the latest and greatest. Besides that, it's always a good idea to be up-to-date on the latest technology. At my work we keep getting more questions about DNSSEC. Yesterday, for instance, I received a question from a customer asking if it would be a good idea to enable DNSSEC.

Does a site support DNSSEC?

At home and at work I mostly use Mozilla Firefox. There is an add-on in the shape of a icon that tells you if a domain is secured with DNSSEC or not (see image above). If it's green, everything is okay. But when it's read or orange you should be carefull. And with a questionmark, there is something wrong (often no DNSSEC support). If you are a fan of Google Chrome, don't worry. The add-on is also available for that browser.

Are you also interested in DNSSEC? You can follow the DNSSEC-course from SIDN. In one hour the guide you through the basics. Do you use DNSSEC yourself? Let me know in the comments if you like it.