What is DNS Template?

  • Is a predefined format of a DNS zone. Templates can be used to create a specific record configuration and apply it to multiple domains within your account profiles. This saves you the trouble of configuring the same record set across all your domains manually. Any changes made to the template will simultaneously affect all the domains that the template has been applied to.
  • Please note that. If you need a slightly different configuration, you can elect to import the records from the template and alter them on a per record or domain basis without affecting the rest of the domains the template is applied to

What is DNSSEC?

It stands for Domain Name System Security Extensions. DNSSEC are a set of protocols that add a layer of security to the domain name system (DNS) lookup and exchange processes, which have become integral in accessing websites through the Internet.

Why do we need DNSSEC?

Because only DNS (Domain Name System) itself is not secure. DNS was designed in the 1980s when the Internet was much smaller, and security was not a primary consideration in its design. As a result, when a recursive resolver sends a query to an authoritative name server, the resolver has no way to verify the authenticity of the response. The resolver can only check that a response appears to come from the same IP address where the resolver sent the original query. But relying on the source IP address of a response is not a strong authentication mechanism, since the source IP address of a DNS response packet can be easily forged, or spoofed. Therefore, an attacker can easily masquerade as the authoritative server that a resolver originally queried by spoofing a response that appears to come from that authoritative server. In other words an attacker can redirect a user to a potentially malicious site without the user realizing it.

The Pros and Cons of DNSSEC

The Pros

  • Help protect registrants’ brand and customers

  • Adding protection layer against MITM attacks, DNS spoofing, cache poisoning, …etc

  • Increasing trust for online activities such as ecommerce, VoiP, …etc

The Cons

  • Added complexity both on the client and server side

  • Limited support from TLD and DNS servers

  • Additional costs in the event that you move from managing your own DNS to managed DNS provider to reduce complexity

Summary

Unlike HTTPS, which actually encrypted web traffic, DNSSEC simply allows DNS servers to identify and turn away potential malefactors.