What DNSSEC cannot do
DNSSEC:
- cannot protect against packet sniffing (listening in on DNS traffic)
- cannot stop some forms of phishing, and pharming, such as typo-squatting (typosquatting
means using domain names that look a lot like real domain names but
actually contain other characters.)
- cannot protect against DDoS attacks
What DNSSEC can do
Domain Name Security Extensions (DNSSEC) add a layer of security to your domain names
by attaching digital signatures to their Domain Name System (DNS) information. The
DNSSEC extensions are used to verify data by means of cryptographically secured
signatures.
DNSSEC offers:
- Reliability: the DNS data that you are using is reliable (the DNSSEC data received by
user has not been compromised in transit)
- Seal of quality: everyone see that your Registry takes security seriously
- Keep your clients because some clients want to deal with a service provider that
supports DNSSEC
- Future-proof and service-oriented ~ DNSSEC might ultimately become compulsory
dot-ca-registry.ca is pleased to announce that they have successfully completed certification by CIRA to process your DNSSEC requirements for all .ca domains