Registrar's Information Space
Table of contents All topics
DNSSEC (Domain Name System Security Extensions) is a security key system that guarantees that the user will be directed to the webpage he or she entered into the browser. For example, DNSSEC will guarantee that after entering the URL of an Internet banking environment, a user will not be directed to a webpage with a similar look that has been set up by fraud organisers for stealing data and passwords.

What is the difference between providing a DNSSEC service and providing a Full DNSSEC service?

All accredited registrars of the .ee domain are obliged by the Domain Regulation to provide the DNSSEC service, i.e. if the customer wants to forward their DNSSEC keys to the domain registry, to remove, add or edit them, the registrar is obliged to provide this possibility.

See also:

DNSKEY Record Administration.

Full DNSSEC service means that the registrar is able not only to forward the key, but also to create and manage DNSSEC keys for the customers. In this case, the service provider is responsible for managing the DNSSEC infrastructure, creating the keys and protecting the private keys.

Best practice requires the service provider to publish the DPS (DNSSEC Practice Statement) of its DNSSEC solution, where the DNSSEC-related procedures and rules of the company are described.

If a registrar offers Full DNSSEC service to its customers, it can have the corresponding notification added to its name in the registrars’ comparison table on the home page of