message disclaimer

title

body
Việt Nam
  • Tên & bảo vệ
  • Xây dựng & phát triển
  • Xem thêm
  • Miền
  • Tìm kiếm tên miền
  • Chuyển nhượng tên miền
  • Bảo vệ tên miền
  • Khám phá Phần mở rộng miền
  • Đấu giá tên miền
  • Tạo tên miền & tên doanh nghiệp
  • Đầu tư vào tên miền
  • Tìm chủ sở hữu miền (WHOIS)
  • Bảo vệ & bảo mật
  • Bảo vệ chống phần mềm độc hại & các cuộc tấn công
  • Bảo mật website của bạn (Chứng nhận SSL)
  • Sao lưu website của bạn
Variant B Domain Tìm hiểu thêm về miền Variant B Protect Tìm hiểu về bảo mật
  • Website & cửa hàng
  • Trình dựng Website
  • Trình dựng cửa hàng trực tuyến
  • Tất cả tùy chọn dịch vụ lưu trữ
  • Lưu trữ web
  • Dịch vụ lưu trữ WordPress
  • Quản lý khách hàng & trang của họ
  • Kết nối & phát triển
  • Email & Microsoft 365
  • Bộ tiếp thị Kỹ thuật số
Variant A Website Options Xem sự lựa chọn website Variant B Grow Tìm hiểu cách phát triển doanh nghiệp của bạn
Liên hệ với chúng tôi

Gọi cho chúng tôi

TPHCM: Hỗ trợ bằng tiếng Anh 24/7
(0284) 458 1371

Hoa Kỳ: Hỗ trợ bằng tiếng Anh 24/7
+1 480 463 8702

Danh mục toàn cầu
Số điện thoại và giờ làm việc

Trung tâm trợ giúp

Khám phá các tài nguyên trợ giúp trực tuyến của chúng tôi

Tìm sự trợ giúp

Trợ giúp

Thông báo

  • Bạn không có thông báo nào.
    Thông báo sẽ hiển thị ở đây, nếu có.

Đăng nhập
Liên kết nhanh
  • Đường dẫn liên kết đến bảng điều khiển:
  • Quản lý miền
  • Quản lý trình dựng website
  • Quản lý dịch vụ lưu trữ
  • Quản lý chứng nhận SSL
  • Quản lý email
  • Đường dẫn liên kết hộp thư đến:
  • Đăng nhập Email Office 365
  • Đăng nhập Webmail GoDaddy
Người dùng đã đăng ký

Bạn có tài khoản? Đăng nhập ngay.

Đăng nhập
Khách hàng mới

Bạn mới sử dụng GoDaddy? Tạo một tài khoản để bắt đầu ngay hôm nay.

Tạo tài khoản của tôi
{{displayName}}
Số khách hàng:{{shopperid}} | Mã PIN: Xem
  • GoDaddy Pro
  • Sản phẩm của tôi
  • Cài đặt tài khoản
  • Gia hạn & thanh toán
Truy cập tài khoản của tôi Đăng xuất
Thanh toán ngay

Bản dịch của chính sách và thỏa thuận pháp lý được cung cấp chỉ nhằm hỗ trợ để đọc và hiểu phiên bản tiếng Anh. Mục tiêu của việc cung cấp bản dịch cho chính sách và thỏa thuận pháp lý không phải là để tạo thêm thỏa thuận ràng buộc về mặt pháp lý và không nhằm để thay thế tính hiệu lực về mặt pháp lý của phiên bản tiếng Anh. Trong tường hợp có tranh chấp hoặc mâu thuẫn, trong mọi trường hợp, phiên bản tiếng Anh của chính sách và thỏa thuận pháp lý này sẽ chi phối mối quan hệ của chúng tôi và sẽ phủ quyết các điều khoản ở ngôn ngữ khác.

.GODADDY - DNSSEC Policy

This is the DNSSEC policy of Afilias, the Back End Service Provider for the .GODADDY TLD.

1. INTRODUCTION

1.1. Overview

This document was created using the template provided under the current practicing documentation. This document comprises the practices utilized by Afilias to operate DNS zones as it relates to the DNS Security Extensions. Unless stated otherwise within this document, these statements pertain to all TLD zones under Afilias auspice that have been signed.

1.2. Document name and identification

Afilias DNSSEC Practice Statement (DPS)

Version 1.04

1.3. Community and Applicability

This section describes the various “stakeholders” of the functionality provided by DNSSEC and a signed TLD.

1.3.1. The TLD Registry

Afilias operates in two distinct modes: (1) As a Registry Operator (RO), where the TLD has been directly delegated to Afilias by ICANN, and (2) as a Back End Service Provider (BESP), where Afilias operates and performs the functions of maintaining the zone, on behalf of another entity (which acts as the RO). In the case where Afilias is the RO for a zone, Afilias is also acting as the BESP.

The Registry is expected to perform the following functions:

Generate the Key Signing Keys (KSK) for the zone.

Generate the Zone Signing Keys (ZSK) for the zone.

Sign the ZSK using the KSK.

Sign the relevant Resource Records of the zone using the ZSK.

Update the ZSK and KSK as needed.

Send Delegation Signer (DS) Resource records to ICANN for inclusion into the root zone.

Receive DS Resource Records from accredited registrars, and update the zone accordingly.

Update the WHOIS information accordingly.

1.3.2. Accredited Registrars

Registrars that are accredited by a given TLD RO are required to make changes to the zone using one of two mechanisms: (1) via EPP, or (2) via a Web Administration Tool. The Web Administration Tool is an Afilias provided front end to EPP, so, in effect, all changes to the registry are made via EPP. For DNSSEC, registrars are expected to maintain Delegation Signer (DS) records with Afilias on behalf of their customer, the registrant.

1.3.3. Registrants

Registrants are responsible for ensuring that their second level zones are properly signed and maintained. They must also generate and upload DS records for their signed zones to their registrar (who, in turn, sends these into Afilias).

1.4. Specification Administration

1.4.1. Specification administration organization

Afilias maintains this specification.

1.4.2. Contact Information

Questions or concerns regarding this DPS, or the operation of a signed TLD should be sent to the Afilias Customer Support Center. They can be reached via:

Phone: +1 416.646.3306

Email: support@afilias.info

1.4.3. Specification change procedures

The DPS is reviewed periodically and updated as appropriate.

All changes are reviewed by operations and security teams and submitted to executive management for approval. Once accepted, procedures are updated, and appropriate personnel are trained on any new or changed practice. Once all preparatory work has been completed, the DPS is published and becomes effective as of its publication.

2. PUBLICATION AND REPOSITORIES

2.1. Repositories

This DPS can be found at http://www.afilias.info/dps

Only the Afilias Operations department has the ability to update the contents of the website. ACLs on the file are Read-Only.

2.2. Publication of key signing keys

The “chain of trust” is maintained for Afilias TLD zones by sending DS records to ICANN for inclusion in the root zone delegation of the TLD. These DS records correspond to at least one active KSK in the zone. As such, no publication of an additional trust anchor is required.

3. OPERATIONAL REQUIREMENTS

3.1. Meaning of domain names

Policies regarding restrictions on domain names within a given zone are specified by the registry operator, and vary from TLD to TLD.

3.2. Identification and authentication of child zone manager

Registry Operators must first give express permission to Afilias to permit DNSSEC for child zones in a given TLD. Only registrars (on behalf of their registrants) are permitted to activate DNSSEC for a child zone. To activate DNSSEC, a registrar must submit a Delegation Signer (DS) record either via the Web Administration Tool, or via EPP (according to RFC 5910).

For EPP, each registrar has unique credentials to access the TLD registry, which are verified before EPP transactions of any kind can be conducted. For the Web Administration Tool, certificates are used to uniquely identify each registrar.

3.3. Registration of delegation signer (DS) resource records

DS records are sent to the registry by the registrar via EPP (specifically, according to RFC 5910). Once submitted to the TLD registry, the WHOIS data is changed, and the zone changes are automatically propagated out to the DNS infrastructure.

3.4. Method to prove possession of private key

It is the responsibility of the accredited registrar to ensure the integrity of the data submitted to Afilias. There is no requirement that a corresponding DNSKEY already be published in a zone before a DS record is submitted to the parent. This makes proof of possession of a private key unpredictable.

Afilias therefore does not perform any tests to prove possession of a private key.

3.5. Removal of DS record

3.5.1. Who can request removal

Only the sponsoring registrar for a domain name can add, change, or delete DS records for that domain name. Registrars must provide an Auth-Info code to verify any change for this domain name.

3.5.2. Procedure for removal request

DS records are removed using the appropriate EPP command, as specified by RFC 5910. Only the Sponsoring Registrar can request a DS record be removed, and then only if they include the correct Auth-Info code.

3.5.3. Emergency removal request

Because this is facilitated via EPP, and the system is updated continuously, there is no additional procedure required for an emergency removal request.

4. FACILITY, MANAGEMENT AND OPERATIONAL CONTROLS

4.1. Physical Controls

Afilias uses two geographically separate sites located in different countries that are not part of our offices. Both sites are physically protected environments that deter, prevent, and detect unauthorized use of, access to, and disclosure of sensitive information and systems. Both facilities limit access to authorized personnel. Visitors are only permitted by escort from Authorized personnel, and for a specific purpose (such as hardware repair by a technician).

Both facilities provide redundant and backup power, air conditioning, and fire suppression and protection services. The sites provide redundant and backup DNSSEC services for each other. Reasonable precautions have been taken to minimize the impact of water exposure to Afilias systems.

Media with sensitive information is stored within Afilias facilities with appropriate physical and logical access controls designed to limit access to authorized personnel.

Sensitive documents, materials, and media are shredded or rendered unreadable before disposal.

Afilias performs routine backups of critical system data and maintains an off-site backup with a bonded third party storage facility.

4.2. Procedural Controls

There are at least two operational teams with access to and responsibility for the signer systems. Each team member holds a part of the password necessary to grant access to the signer systems. Any task performed on a signer system requires an authorized representative from each team to be present.

4.3. Personnel Controls

Afilias requires that all personnel taking part in a trusted role have to have been working for Afilias for at least one year and must have the qualifications necessary for the job role.

Afilias provides training to all personnel upon hire as well as requisite training needed to perform job responsibilities. Refresher training and updates are provided as needed. Personnel and rotated and replaced as needed.

In limited circumstances, contractors may be permitted to occupy a trusted role. Any such contractor is required to meet the same criteria applied to an Afilias employee in a comparable position.

Afilias provides all employees with the materials and documentation necessary to perform their job responsibilities.

4.4. Audit Logging Procedures

All key life cycle events, including but not limited to generation, activation, rollover, destruction, and use, whether successful or unsuccessful, are logged with a system that includes mechanisms to protect the log files from unauthorized viewing, modification, deletion, or other tampering.

Access to physical facilities is logged by the facility and the log is only accessible to authorized personnel.

Afilias monitors all log entries for alerts based on irregularities and incidents. The Afilias security team reviews all audit logs at least weekly for suspicious or unusual activity.

4.5. Compromise and Disaster Recovery

In the event of a key compromise or disaster, Afilias’ incident response team would be notified. The response team has documented procedures for investigation, escalation, and response. The team is responsible for assessing the situation, developing an action plan, and implementing the action plan with approval from executive management.

Afilias maintains redundant facilities to ensure immediate availability of a disaster recovery site should one site become unavailable. Key data is cloned, encrypted, and sent to a hot spare in the same facility, and to two spares in the redundant facility. The ability to encrypt and decrypt the key data resides entirely within each system's High Security Module, and exists nowhere external to the signing systems.

4.6. Entity termination

Afilias has adopted a DNSSEC termination plan in the event that the roles and responsibilities of the signing services must transition to other entities. Afilias will coordinate with all required parties in order to execute the transition in a secure and transparent manner.

5. TECHNICAL SECURITY CONTROLS

5.1. Key Pair Generation and Installation

All key pairs are generated on the signer systems according to parameters set by the operational team. The signer systems meet the requirements of FIPS 140-2 level 3. The public key is automatically inserted in the TLD zone file as a DNSKEY resource record as part of the signing process. A DS record is made available for submission to the parent (root) zone.

The signer system maintains the separation of the KSK from the ZSK and manages the use of each key pair as appropriate. Each key is used for only one zone.

5.2. Private key protection and Cryptographic Module

Engineering Controls

All signing systems are FIPS 140-2 level 3 certified. No unencrypted access to the private key is permitted. Access to the signer system is specified in the Procedural and Personnel Control sections.

Multiple redundant signing systems are maintained. The systems include a mechanism to backup key pairs and other operational parameters to each other in a secure manner. Private keys are not

otherwise backed up, escrowed, or archived. When a private key is deactivated it is destroyed by the signing system.

A trusted team has the authority to create, activate, and deactivate key pairs, and executes the responsibility according to documented policies and procedures.

5.3. Computer Security Controls

Afilias ensures that the systems maintaining key software and data files are trustworthy systems secure from unauthorized access. In addition, Afilias limits access to production servers to those individuals with a valid business reason for such access. General application users do not have accounts on production servers.

5.4. Network Security Controls

The signing systems are placed in Afilias’ production systems, which are logically separated from all other systems. Use of normal network security mechanisms such as firewalls mitigate intrusion threats; only restricted role users are allowed access to production systems, and their work is logged.

5.5. Timestamping

The signer systems securely synchronize their system clocks with a trusted time source inside the Afilias network.

5.6. Life Cycle Technical Controls

Applications developed and implemented by Afilias conform to its development and change management procedures. All software is traceable using version control systems. Software updates in production are part of a package update mechanism, controlled via restricted role access and updated via automated recipes. All updates and patches are subject to complete verification prior to deployment.

Afilias uses a third-party solution on its signer systems, where updates are tested in a secure lab environment prior to deployment.

6. ZONE SIGNING

6.1. Key lengths and algorithms

Key Signing Key

Afilias uses a key length of 2048 bits with RSA as the generation algorithm.

Zone Signing Key

Afilias uses a key length of 1024 bits with RSA as the generation algorithm.

6.2. Authenticated denial of existence

Authenticated denial of existence will be provided through the use of NSEC3 records as specified in RFC 5155 [RFC5155].

6.3. Signature format

SHA1, using RSA

6.4. Zone signing key roll-over

Afilias will roll the ZSK with a pre-publishing scheme as described in RFC 4641, section 4.2.1.1. ZSK roll-over is carried out once a month.

6.5. Key signing key roll-over

Afilias will roll the KSK with a double-signing scheme as described in RFC 4641, section 4.2.1.2. There are no planned KSK rollover frequencies defined at this time.

6.6. Signature life-time and re-signing frequency

Zones are signed once every 8 or 9 days (4 times a month), with a signature life-time of 20 days. Jitter is introduced to avoid presumptive attacks during signing.

6.7. Verification of zone signing key set

Verification of the zone signing key set is performed by validating the public key data contained in the Key Signing Record.

6.8. Verification of resource records

All RRset signatures are verified prior to publication.

6.9. Resource records time-to-live

DNSKey 15 minutes

NSEC3 SOA minimum (24 hours)

Delegation Signer (DS) 24 hours

RRSIG varies depending on the RR covered

7. COMPLIANCE AUDIT

7.1. Frequency of entity compliance audit

Compliance Audits are intended to be conducted at least biennially.

7.2. Identity/qualifications of auditor

The auditor will be an entity who is proficient in the technologies they are auditing, and are independent from Afilias.

7.3. Auditor's relationship to audited party

Auditors must be independent to Afilias.

7.4. Topics covered by audit

Environmental, network and software controls, operations, key management practices and operations.

7.5. Actions taken as a result of deficiency

Any gaps identified in the audit will result in the creation of an action map, which lists what actions are necessary for the resolution of each gap. Management will design and implement mitigating steps to close the gaps identified.

7.6. Communication of results

Afilias will publish results at http://www.afilias.info/dps.

8. LEGAL MATTERS

This DPS is to be construed in accordance with and governed by the internal laws of Ireland without giving effect to any choice of law rule that would cause the application of the laws of any jurisdiction other than the internal laws of Ireland.

The following material shall be considered confidential:

Private keys

Information necessary to retrieve/recover private keys

Disaster recovery plans (DRPs)

Any operational details relevant to the management and administration of DNS keys, including but not limited to network, software, hardware details.

Afilias does not implicitly or explicitly provide any warranty, and has no legal responsibility for any procedure or function within this DPS. Afilias shall not be liable for any financial damages or losses arising from the use of keys, or any other liabilities. All legal questions or concerns should be sent to legal@afilias.info.

Bạn cần được trợ giúp? Hãy gọi cho nhóm hỗ trợ đạt giải thưởng của chúng tôi theo số (0284) 458 1371

Chúng tôi luôn sẵn sàng tiếp nhận cuộc gọi của bạn.

GoDaddy guides GoDaddy guides

Giá bao gồm thuế áp dụng và phí ICANN.

  • Giới thiệu về GoDaddy
    • Giới thiệu về chúng tôi
    • Liên hệ với chúng tôi
    • Trung tâm tin cậy
    • Pháp lý
  • Hỗ trợ
    • Hỗ trợ sản phẩm
    • Báo cáo lạm dụng
  • Tài nguyên
    • Webmail
    • WHOIS
    • Danh mục sản phẩm
    • Bản đồ trang
  • Chương trình đối tác
    • Đơn vị liên kết
    • Chương trình cho đại lý
  • Tài khoản
    • Sản phẩm của tôi
    • Gia hạn & thanh toán
    • Tạo tài khoản
  • Mua sắm
    • Miền
    • Websites
    • WordPress
    • Dịch vụ lưu trữ
    • Bảo mật web
    • Email & Office
    • Khuyến mại

Việt Nam - Tiếng Việt
Chọn Quốc gia/Vùng
  • Argentina - Español
  • Australia - English
  • België - Nederlands
  • Belgique - Français
  • Brasil - Português
  • Canada - English
  • Canada - Français
  • Chile - Español
  • Colombia - Español
  • Danmark - Dansk
  • Deutschland - Deutsch
  • España - Español
  • Estados Unidos - Español
  • France - Français
  • Hong Kong - English
  • India - English
  • India - हिंदी
  • Indonesia - Bahasa Indonesia
  • Ireland - English
  • Israel - English
  • Italia - Italiano
  • Malaysia - English
  • México - Español
  • Nederland - Nederlands
  • New Zealand - English
  • Norge - Bokmål
  • Österreich - Deutsch
  • Pakistan - English
  • Perú - Español
  • Philippines - English
  • Polska - Polski
  • Portugal - Português
  • Schweiz - Deutsch
  • Singapore - English
  • South Africa - English
  • Suisse - Français
  • Suomi - Suomi
  • Sverige - Svenska
  • Svizzera - Italiano
  • Türkiye - Türkçe
  • United Arab Emirates - English
  • United Kingdom - English
  • United States - English
  • Venezuela - Español
  • Việt Nam - Tiếng Việt
  • Ελλάδα - Ελληνικά
  • Россия - Русский
  • Україна - Українська
  • الإمارات العربية المتحدة - اللغة العربية
  • ไทย - ไทย
  • 대한민국 - 한국어
  • 台灣 - 繁體中文
  • 新加坡 - 简体中文
  • 日本 - 日本語
  • 香港 - 繁體中文
VND
  • Pháp lý
  • Chính sách về quyền riêng tư
  • Tùy chọn quảng cáo
  • Cookie
Bản quyền © 1999 - 2020 GoDaddy Operating Company, LLC. Mọi quyền được bảo lưu. Cụm từ GoDaddy là nhãn hiệu đã đăng ký của GoDaddy Operating Company, LLC tại Hoa Kỳ và các quốc gia khác. Logo “GO” là nhãn hiệu đã đăng ký của GoDaddy.com, LLC tại Hoa Kỳ.
Việc sử dụng Trang này phải tuân theo các điều khoản sử dụng rõ ràng. Bằng việc sử dụng trang này, bạn xác nhận đã đồng ý chịu ràng buộc bởi các Điều khoản dịch vụ chung.