We're pleased to announce that all PayPal owned and operated DNS domains are now secured using DNSSEC. They are all signed, and DS records uploaded to their respective TLD's.
This announcement is the culmination of months of work by PayPal's Site Operations teams, along with our domainname administrator. Congratulations to them for their hard work on making this fully operational.
If you'd like to see a small visualization of the "trust chain" involved for paypal.com, you can see it here: http://dnsviz.net/d/paypal.com/dnssec/
Note: Be aware that in cases where a domain name is a pointer (CNAME) to another domain that does not yet use DNSSEC, the full DNS lookup path will not be protected. If you're curious to learn more, please read the Technical Note section below.
- Andy Steingruebl
Technical Note
PayPal has DNSSEC signed all of our zones. However, the technically-oriented observer will notice that some PayPal domains are actually served by a Content-Delivery-Network (CDN) and the DNS records of that CDN are not yet secured using DNSSEC.
Comments