By Harry Wang, Product Manager
Today, we’re excited to announce that Google is adding DNSSEC support (beta) to our fully managed Google Cloud DNS service. Now you and your users can take advantage of the protection provided by DNSSEC without having to maintain it once it’s set up.
Domain Name System Security Extensions (DNSSEC) adds security to the Domain Name System (DNS) protocol by enabling DNS responses to be validated. Having a trustworthy Domain Name System (DNS) that translates a domain name like www.example.com into its associated IP address is an increasingly important building block of today’s web-based applications. Attackers can hijack this process of domain/IP lookup and redirect users to a malicious site through DNS hijacking and man-in-the-middle attacks. DNSSEC helps mitigate the risk of such attacks by cryptographically signing DNS records. As a result, it prevents attackers from issuing fake DNS responses that may misdirect browsers to nefarious websites.
Cloud DNS is a fast, reliable and cost-effective Domain Name System that powers millions of domains on the internet. DNSSEC in Cloud DNS enables domain owners to take easy steps to protect their domains against DNS hijacking and man-in-the-middle attacks. Advanced users may choose to use different signing algorithms and denial-of-existence types. We support several sizes of RSA and ECDSA keys, as well as both NSEC and NSEC3. Enabling support for DNSSEC brings no additional charges or changes to the terms of service.
|To start using DNSSEC, simply turn the feature to “on” within your DNS zone.|
|DNSSEC will be automatically enabled for that zone.|
To learn more about getting started with DNSSEC for Cloud DNS, please refer to the documentation page.