Skip to main content


Domain Name System Security Extensions (DNSSEC) is a protocol for securing DNS traffic. By implementing DNSSEC Virtru is protected from DNS attacks such as cache poisoning, DNS spoofing, or a man-in-the-middle attacks allowing attackers to gain unauthorized access to customer and system information.

Each DNS record in Virtru's hosted zones are cryptographically signed with a key-signing key (KSK) and KMS customer master key (CMK) managed by Virtru. Virtru also manages Delegation Signer (DS) records for each zone, establishing a chain of trust between hosted zones.