DNSSEC is awesome!

Whether you think DNS is just one of those boring things you’ve heard IT nerds talking about, or something you’d like to understand, you should know that DNS is very important for the security of your website and emails.

DNS in a nutshell
DNS or domain name system is the internet “telephone directory” that connects your domain name (ie https://xyzulu.hosting ) to the webserver where the actual website is stored. It’s also the system that directs the emails that are sent to you.

At your domain registrar (where you register and renew your domain) a record is kept of the Domain Name Server that holds the records of where your domain and email is hosted. These records point names, ie xyzulu.hosting to numbers (IP addresses) that correspond to the address of the server that hosts your website or accepts your emails.

What you need to know
It’s a very old system, but it works. It does however rely on a measure of trust between ISP’s and other main providers of the internet infrastructure.

If someone gains access to your domain name or DNS record, they can easily hijack your emails and redirect all visitors away from your website to a fake page. You probably know some of this, which is why you secure the logins to your domain name registrar and store that login securely. (For security tips see our previous articles: Overwhelmed with passwords? and Why do I need 2FA? )

How can you make your DNS more secure?
The best way you can secure your DNS is by implementing DNSSEC.

What is DNSSEC?
DNSSEC creates a secure domain name system by adding cryptographic signatures to existing DNS records. These digital signatures are stored at your domain registrar, and at your authoritative domain name server. By checking its associated signature, you can verify that a requested DNS record comes from its authoritative name server and wasn’t altered.

When a potential customer attempts to visit your website or send you an email, DNSSEC (if enabled) will protect your traffic from being hijacked.

To enforce or implement this system, a record needs to exist at your domain name registrar and your domain name server. These cryptographic records “match” one another and ensure another server cannot pretend to host the correct records and redirect your traffic and emails elsewhere.

The technical explanation is here. An easier to understand explanation is here.

How do I enable DNSSEC?
Transfer your domain names to us and submit a request via our Customer Portal. If you are an exiting customer, simply request this be setup for your domain via a support request and we’ll make it happen for you. Your security is important to us, we offer this service at no additional charge.

This is how a successful DNSSEC test should look <– feel free to test your own domain using the same tool.

xyzulu.hosting DNSSEC test

We hope this has helped you understand more about how to secure your domain and remember, we’re ready to help.

Not all web hosts are equal xyzulu.hosting take the blah blah out of technical information and empower our customers with knowledge, this can protect and increase productivity for your business.

Your security is so important to us, we are constantly striving to serve you better.

XYZulu now supporting PayID for Australian customers

XYZulu now supports instant bank transfers via PayID for Australian customers. For more details, see: PayID

All our invoices now list our PayID. You’ll be able to pay any invoice instantly by using our PayID as the recipient from your participating financial institution. There are a number of  others benefits with PayID, for more details please check the official PayID website here: https://payid.com.au/#what

If you have any other questions, please get in touch with us via our support system at my.xyzulu.hosting

Google’s strongest security, do you need it?

Do you want the reassurance of knowing your Google account is properly secured? Have you had your Google account compromised before and never want to have to go through that mess again?

Previously we have written articles on important steps for all Google users (this means anyone that has a Gmail or GSuite account). Here are the most important ones:

If you don’t have 2FA (two factor authentication) enabled yet, you should probably do that first and then come back and read on. Sadly, only 10% of Google users have enabled 2FA  although it has been available for over 7 years and is dead simple to use. Don’t be in that 10%!

Google has recently released an even stronger form of authentication utilizing a physical device instead of a 2 factor code you receive via SMS or an app on your device. This may not be for everyone, but if you want the strongest protection for your Google account make sure you read all about it on their site here: Google Advanced Protection Program

So in review, if you don’t have 2FA enabled yet, you should that now. If you want even stronger protection, maybe this new Google device is for you.

Don’t wait until it’s too late before securing your online accounts.