How do I disable DNSSEC?
Through DNSSEC, you can additionally secure your domain name. You can easily set up this extra security through My Hosting once the domain name also points to Hosting.NL’s nameservers. Have you previously enabled DNSSEC and are you switching to a different provider that requires you to change the nameservers? Then make sure you disable DNSSEC first, before changing the nameservers. If you do not do this, then your domain name “breaks down,” so to speak, and the DNS becomes inaccessible.
Here’s how to disable DNSSEC
Follow the steps below to disable DNSSEC.
- Log in to My Hosting
- Click on Domain Names
- In the overview, click on the three horizontal dots next to your domain name and then on DNS Management
- In the menu under the Actions heading, click DNSSEC
- Click the button to disable DNSSEC
You now see the confirmation DNSSEC disabled
Depending on the TLD, a change is made immediately (e.g. .com) or takes several hours (.nl). Once DNSSEC is disabled, you can change nameservers without any problems. Whether DNSSEC is disabled can be checked here: https://dnssec-analyzer.verisignlabs.com/
What is DNSSEC?
DNSSEC is an extension to the existing DNS protocol and an extension to the security of a domain name. With DNSSEC, it is no longer possible to influence traffic to a domain name via spoofing (sending incorrect data back over the nameservers) or Man-in-the-middle (an attack in which the attacker secretly alters the communication between the two parties so that they think they are in direct communication with each other).
How does DNSSEC prevent these attacks?
Through a digital signature, DNSSEC links the correct response to a DNS query. The signature allows verification that the records sent by a DNS server are valid. Hosting.NL’s DNS servers are equipped with an asymmetric cryptography system. All DNS information is thereby signed with a private key. Users can use a public key to verify that the information sent is correct and has not been altered during this process.