DNSSEC

Also known as: DNS Security Extensions

A tamper-proof seal on your domain's address lookups, so visitors can't be quietly redirected to a fake copy of your site.

What it is

Every time someone types your web address, their device asks the internet’s phone book (the “DNS”) for the right answer — which server to connect to. Normally that answer arrives with no proof it’s genuine. DNSSEC adds a digital signature to the answer, like a wax seal on a letter. The visitor’s device can check the seal and confirm the answer really came from you and wasn’t swapped along the way.

Why it matters to your business

Without that seal, an attacker who tampers with a lookup can silently send your customers to a counterfeit version of your website — one that looks identical but steals logins, card details, or payments. Your real site is untouched, so you may never know it’s happening; the damage lands on your customers and your reputation. Turning on DNSSEC closes that door. It’s a one-time setup that runs quietly in the background forever.

How to tell / what to do

Run the free check on your domain — it tells you in plain language whether DNSSEC is switched on. If it isn’t, our DNSSEC fix guide walks you (or whoever manages your domain) through enabling it, usually with a few clicks at your domain provider. There’s no cost, and it doesn’t change how your site works for visitors.

Want to fix this on your own domain? See the free guide →