Question: The Url for our website is one number in Cloudflare and a different number in Networksolutions, our email service provider. Why and should they be the same at each location?
What steps have you taken to resolve the issue?
I spoke with Networksolutions. They say the domain must be transferred to Networksolutions to set up a DNSSEC record in Networksolutions. I was under the impression that the DNSSEC record confirms the ownership of a domain, increases security, and makes spoofing more difficult, if not eliminates spoofing.
What feature, service or problem is this related to?
DNSSEC
What are the steps to reproduce the issue?
Made calls before making changes in the DNS Records.
In order for Network Solutions to be able to maintain the DNSSEC material for your domain, they must be your domain registrar.
As the current registrar for the mentioned domain is GoDaddy, you would need to maintain the DNSSEC material for that domain through GoDaddy.
DNSSEC has nothing to do with the actual ownership of a domain.
Once the DNSSEC material, which you can retrieve from your authoritative DNS provider (in this case, Cloudflare), has been added to the domain registry, through your domain registrar, then that will allow DNS resolvers (such as e.g. 1.1.1.1, 8.8.8.8, or even your ISP’s resolver) the opportunity to cryptographically verify that the DNS replies hasn’t been tampered with in transition.
But that will require that the DNS resolver being used is actually validating DNSSEC.
I wouldn’t completely say eliminate though, as I would say that would require every single DNS resolver out there, to be validating DNSSEC.
If we’re looking at Bob, and Bob is running through a DNS resolver (e.g. 8.8.8.8) that is validating DNSSEC, however, Alice is running through her ISP’s DNS resolver, that isn’t validating DNSSEC, then it would only be raising the security for Bob, but not for Alice.
That said, -
I will however still suggest taking all of the steps required, in order to enable DNSSEC for your domain(s).