Go to Content

We are the flag of Portugal on the internet


DNSSEC (Domain Name System Security Extensions) is the name given to security extensions to the DNS (Domain Name System) protocol conceived to protect and authenticate DNS traffic.

These extensions validate the data through digital signatures, making use of asymmetric cryptology technology to ensure the authenticity and integrity of information exchanged between DNS servers and between these and the user's applications.

The security mechanisms provided in DNSSEC are complementary and transparent for the user, and therefore do not interfere with the normal functioning of the DNS protocol.

The DNSSEC extensions aim to improve user trust in the services provided, namely:

  • Suppressing the DNS protocol's fragilities;
  • Preventing man-in-the middle and cache poisoning type attacks;
  • Reducing the risk of information manipulation;
  • Reinforcing the system's reliability.

Security threats and awareness of this have been a prime concern of the entities responsible for this matter and so specialists worldwide are concerned with searching for solutions that ensure a safer service and network environment.

Following international developments, monitored closely by the .pt, the conditions for adopting this security mechanism within the DNS community have been gradually created and there is already a considerable number of TLDs (Top Level Domains) that make this mechanism available (.se, .pr, .cz, .bg, .br, .museum, .gov, .org) to their users, .pt being among the first and many followed on, principally after the Root (or root server) was assigned in July 2010, which then enabled the DNSSEC chain of trust to be propagated throughout the entire DNS hierarchical structure, simplifying the entire process.

In order to gain full benefit from this service, it must be implemented by ISPs (Internet Service Providers) so that this service reaches the end client.