What is DNSSEC?
DNSSEC is an extension to the DNS
(domain name system), increasing the domain name service security.
DNSSEC assures users that the information they obtain from DNS came from
the correct source, was complete and its integrity was not compromised
during the transfer. DNSSEC ensures that the DNS data can be trusted, preventing abusive attacks such as phishing and many more.
DNSSEC eliminates the risk of:
- abuse of your e-mail account
- cracking of anti-spamming protection for DNS verification
- theft of personal data (login and password, credit card details, etc.)
- attack on your web page
Detailed information and technical specification of DNSSEC can be found on: http://www.nic.cz/dnssec/
Where and how to set up DNSSEC?
Activation of DNSSEC can be done only on the domain names .cz (ccTLD .cz).
FORPSI can activate DNSSEC only for domain names registered by INTERNET CZ, a.s. which use the FORPSI DNS servers.
DNSSEC protection is activated for free.
You can activate DNSSEC in your administration account - on the domain detail card - "Turn on DNSSEC" .
When you use your own DNS servers for your .cz domain (registered
with INTERNET CZ, a.s.), first ask your DNS administrator to create a
domain "keyset". This can be done here; then link this keyset with your domain in the Domain name update form (Authorization
of the change is done with the domain password, which can be sent to
the domain owner´s email or administration contact´s email after
pressing "Password unknown").
Activation of DNSSEC will be immediately visible in the CZ.NIC Whois
database. The DNSSEC protection will be applied to your domain within