If DNS is the phone book of the Internet, DNSSEC is the Internet’s unspoofable caller ID. It guarantees a web application’s traffic is safely routed to the correct servers so that a site’s visitors are not intercepted by a hidden “man-in-the-middle” attacker. These attacks usually go unnoticed by sites’ visitors, increasing the risk of phishing, malware infections, and personal data leakage. Learn about Universal DNSSEC
How Does DNSSEC Work?
DNSSEC is a complicated topic. This comprehensive guide explains the technical details of the DNSSEC protocol with friendly diagrams. Keep reading
Root-Signing Ceremony
The root-signing ceremony occurs four times every year, and it forms the trust anchor for the global DNSSEC infrastructure. Keep reading
ECDSA and DNSSEC
Elliptic curve cryptography solves many of the final hurdles for widespread DNSSEC adoption. Keep reading
DNSSEC Complexities
DNSSEC is fraught with technological barriers: zone enumeration, key management, and the threat of DNS amplification attacks to name a few. Keep reading
DNSSEC for Registrars
Join us in our push to make DNSSEC more accessible by allowing DNS operators to communicate directly with registrars and registries. Keep reading
Automatically Provision and Maintain DNSSEC
Provision and manage DNSSEC from within the Cloudflare dashboard for supported registrars. Keep reading
Set up a domain in less than 5 minutes. Keep your hosting provider. No code changes required.
Everyone’s Internet application can benefit from using Cloudflare.
Pick a plan that fits your needs.