For .lu accredited registrars, implementing the DNSSEC protocol is essential to make .lu domain names secure.

Programmed into the EPP server made available by the .lu registry, the DNSSEC protocol concerns domain name creations and modifications, with several features:

  • Technical reference document: RFC 5910 ‘Domain Name System (DNS) Security Extensions Mapping for the Extensible Provisioning Protocol (EPP)’ 

  • DS tag supported: <dsData>.

  • Additional DS tag: (<keyData>); information on the DNSKEY public key within the <dsData> tag may be provided (for later validation purposes), but will be ignored.

  • Accepted algorithms: Cryptographic and hashing performed by the software LDNS.

  • Visibility of registered data: Web interfaces of the registrar and domain name owner, at the DNS data level.

  • Warning: If the DNS servers are transferred or changed, make sure you do not provide a secure domain that cannot be validated

Info! DNSECC support is optional, but highly recommended for all users.