Alpha Computer and Web Services Nameservers now uses DNSSEC - DNS Security


Mostly governments and big corporations use DNSSEC, vulnerabilities in regular DNS were recenly discovered. Now Alpha Computer and Web Services offers DNSSEC for all web hosting clients. If you use your web hosting DNS nameservers for branding purposes, instead of using our nameservers, tell me and I'll enable DNSSEC for your domain name, if your domain is not registered with Alpha Computer and Web Services I'll have to give you the "DS records found for YourDomain.com in the com zone, or which ever zone to give to your domain registrar, DNSSEC is new so most registrars you have to email or call them to get DNSSEC activated in your domain registrar side. " The place you registered your domain name"

If you want me to DNSSEC sign your zone, even if you're not using your nameservers for branding purposes, I can still sign your DNS and give you the DS Key to give to your domain registrar, if Alpha Computer and Web Services is your domain registrar just contact me and I'll sign the DNS and sign the top level domain for you.

I can use DNSSEC as follows.

Sign/Un-sign/Re-sign a single zone.
Sign/Un-sign/Re-sign multiple zones.
Automatically resigns zones when changes are detected.
Automatically Re-sign every zones periodically before it expires.
Each time you make a DNS change, the secondary nameservers will update your records from the master.

Can contact me by Submit Ticket, Ticket System, Business Phone 941-539-9680 or Email lee.claxton@acshostings.com



Alpha Computer and Web Services Nameservers:

  plesk.acshostings.com  = 108.33.151.138  - Master DNS        - Sarasota, FL
 plesk1.acshostings.com = 108.33.151.137  - Secondary DNS  - Sarasota FL
        ns2.acshostings.com     = 66.164.207.210  - Secondary DNS  - Los Angeles, CA
ns3.acshostings.com     = 178.79.148.169  - Secondary DNS  - London, UK

If your domain is registered from another domain registrar, it would be wise to check your domain registrars nameservers to make sure they match above, unless you're using branded nameservers.


If you want branded secondary nameservers as well, contact me or follow steps below.

Secondary nameservers to choose from:

192.237.164.47 - Chicago, IL
162.209.99.90 - Reston, VA
69.164.207.210 - Dallas, TX
66.175.221.62 - Los Angeles, CA
178.79.148.169 - London, UK

For your branded secondary nameservers you can use any hostname for a nameserver, such as ns.yourdomain.com, ns6.yourdomain.com, coolsecondarynameserver.yourdomain.com or anything.
You don't need to have DNSSEC enabled on your domain to get branded secondary nameservers. Just login to Plesk Panel and change your DNS settings to point an A record, such as ns2.yourdomain.com A 66.175.221.62 for the nameserver in Los Angeles, California and then create an NS record such as yourdomain.com NS ns2.yourdomain.com to add branded secondary nameservers. This only applies to customers that use my DNS for their hosting.

Below is more information about DNSSEC and a list of major websites hacked because of no DNSSEC.



 About DNSSEC

Without DNSSEC DNS is exposed to this:
"Recently vulnerabilities in the DNS were discovered that allow an attacker to hijack this process of looking some one up or looking a site up on the Internet using their name. The purpose of the attack is to take control of the session to, for example, send the user to the hijacker's own deceptive web site for account and password collection.
These vulnerabilities have increased interest in introducing a technology called DNS Security Extensions (DNSSEC) to secure this part of the Internet's infrastructure."

 "In germany all domains have a DNSSEC enabled since 2010 managed by denic.de so all german domains could be changed to DNSSEC but to do it manually it's again many reading and testing, this cost men power and time. DNSSEC would stop most of all spam and DNS spoofing, last year Google was attacked in Europe with 40 giga bytes per second over DNS spoofing so it is a real problem, Google can handle it but not every Company has the money, equipment and men power to handle this and it could every day hit a other company. So DNSSEC would be a very very very big security upgrade.

    What is DNSSEC?

"Vulnerabilities were discovered in the DNS that allow a hacker to hijack this process of looking a site up on the Internet using the domain name. The purpose of such an attack is to take control of the user session to, for example, send the user to the hijacker's own deceptive web site for sensitive data collection. This lead to the introduction of Domain Name System Security Extensions (DNSSEC).
Domain Name System Security Extensions (DNSSEC) is a technology developed to protect against malicious activities like cache poisoning, pharming, and man-in-the-middle attacks. It adds digital signatures to a domain name's DNS to determine the authenticity of the source domain name. DNSSEC is a set of extensions to DNS that provides to DNS clients (resolvers):
    Origin authentication of DNS data,
    Authenticated denial of existence,
    and
    Data integrity.
DNSSEC uses a digital signature to create a chain of authority. Then, it uses the chain to verify that the source domain name, which the DNS resolver returns, matches the DNS record stored at the authoritative DNS. If it cannot validate the source, it discards the response. This ensures that the user is connecting to the actual address for a domain name."
- from http://manage.resellerclub.com/kb/answer/1908



         Small List of Published Major Hacked Sites Related to DNS:

Cache-poisoning attack snares top Brazilian bank
DNS takeover redirects thousands of websites to malware
Hackers exploiting Router vulnerabilities to hack Bank accounts through DNS Hijacking


Friday, April 3, 2015







« Back