What is DNSSEC?

DNSSEC is an extension to the DNS (domain name system), increasing the domain name service security. DNSSEC assures users that the information they obtain from DNS came from the correct source, was complete and its integrity was not compromised during the transfer. DNSSEC ensures that the DNS data can be trusted, preventing abusive attacks such as phishing and many more.

DNSSEC eliminates the risk of:
- abuse of your e-mail account
- cracking of anti-spamming protection for DNS verification
- theft of personal data (login and password, credit card details, etc.)
- attack on your web page

Detailed information and technical specification of DNSSEC can be found on: http://www.nic.cz/dnssec/

Where and how to set up DNSSEC?

Activation of DNSSEC can be done only on the domain names .cz (ccTLD .cz).

FORPSI can activate DNSSEC only for domain names registered by INTERNET CZ, a.s. which use the FORPSI DNS servers. DNSSEC protection is activated for free.
You can activate DNSSEC in your administration account - on the domain detail card - "Turn on DNSSEC" .

When you use your own DNS servers for your .cz domain (registered with INTERNET CZ, a.s.), first ask your DNS administrator to create a domain "keyset". This can be done here; then link this keyset with your domain in the Domain name update form (Authorization of the change is done with the domain password, which can be sent to the domain owner´s email or administration contact´s email after pressing "Password unknown").

Activation of DNSSEC will be immediately visible in the CZ.NIC Whois database. The DNSSEC protection will be applied to your domain within few hours.