/ domain-security

Search in FAQ

Domain security  Open all

The Security Lock is an additional security service that provides added protection for your .at domain. If the security lock is activated, every change made to the domain has to be additionally authorized by the domain holder directly at nic.at. This means that while third parties, such as your Internet service provider, may be authorized to delegate changes, such changes are only made following your telephone confirmation with the password chosen during application. 

The Security Lock service costs EUR 250 (excl. VAT) per year and domain. If the annual fee is not paid on time, the Security Lock will be deactivated automatically. 

The service shall be billed annually to the invoice recipient indicated at application. If someone other than the domain holder is the invoice recipient, the invoice recipient indicated must confirm in writing that he will assume payment. Just like for the domain fee, the domain holder is ultimately responsible for ensuring that the Security Lock is paid.

We recommend the Security Lock to domain holders in particular whose business is based on unlimited availability on the web. Equally, we recommend it to companies to whom domain problems could pose a threat in terms of loss of reputation or uncertainty among customers. Security Lock makes your domain even safer.

Setting up the Security Lock service requires the domain holder to submit a written order in which he transmits a password and additional proof of identity documents to us. The Security Lock is activated and invoiced immediately and shall remain active indefinitely. If needed, the password can be changed using the respective form.

Security Lock forms:

Please note that the Security Lock service is operated by nic.at and can be implemented for your domain regardless of your Internet service provider. If you wish to have the service billed to you together with your domain fees by your Internet service provider, please let us know in the order form. Your Internet service provider must, however, agree with the transfer of the invoice and confirm such agreement.

Find out more about this in the contractual provisions for the Security Lock service.

Changes to a domain with Security Lock are made just like they are to a domain without Security Lock: Depending on whether your domain is administrated by an Internet service provider or directly at nic.at, you can request the change as usual. The only difference is that the transaction cannot be carried out immediately, as your telephone confirmation is required first.

The Security Lock will be deactivated automatically by cancellation of the domain or change of domain holder. Of course it is also possible to cancel just the Security Lock – this has no repercussions for the functionality of your domain. If you fail to pay the annual fee on time, the Security Lock will also be deactivated automatically.

Security Lock forms:

Find out more about this in the contractual provisions for the Security Lock service.

The domain holder can change his Security Lock password at any time using the "Change the Security Lock Password" form. As soon as the nic.at form is received, the new password is provided and is valid immediately. Keep your password safe – most appropriately in an encrypted password manager – and change it immediately if you have doubts about whether it may have fallen into the wrong hands.

Security Lock forms:

DNSSec (Domain Name Security Extensions) is a security extension for the Domain Name System and guarantees the authenticity and data integrity of DNS responses. Simply put: DNSSec ensures that you reach the domain in the Internet that you are aiming to reach and prevents the malicious corruption of DNS data (from entry of the domain to display of the website).

For questions relating to DNSSec offers, please contact your Internet service provider. You can also search specifically for a .at partner who offers DNSSec. Use our .at-Partnerfinder for this purpose.

If you possess the necessary DNSSec technology for your name servers yourself and if your domain is administrated at nic.at, you can carry out these settings (DS record) directly in the login area

Actually, the user doesn’t notice anything when surfing the Internet. Domains with a DNSSEC signature can be recognized through additional information in the Whois: a DNSSEC entry with key information that includes the key, key tag, algorithm type and hash type. Additionally, users can check on www.dnsviz.net whether a domain has a DNSSEC signature or not. The entire chain of signatures from the root zone to the domain can be seen, including the visualization of any validation gaps.

Your first contact is your Internet service provider or registrar. At www.at-partner.at you can find out if the registrar offers DNSSEC. If you possess the required DNSSEC technology for your nameservers yourself, just specify the DS-record of your domain in the login area.

These details must be specified in the online application when adding a DNSSEC signature, and they are also shown as special Whois entries.
key = hash of the used Key Signing Key
key tag = identification number of the Key Signing Key
algorithm = used algorithm of the referenced key
hash type = used hash algorithm

If the gaining registrar/ISP supports DNSSEC, your domain remains signed. If he doesn’t support DNSSEC, the DS-records are automatically removed as soon as the domain is transferred to the new registrar/ISP. This means that your domain no longer has a DNSSEC signature. nic.at will inform you by e-mail if this is the case.

In a DNSSEC Policy & Practice Statement each registry defines how they handle DNSSEC issues, which safety measures are relevant for the key administration, how transactions are logged, and which algorithms and time limits are to be applied. The nic.at DNSSEC policy is available as a PDF-document here.

We ask our customers to support us in continuously improving the security of our website and systems. If you have identified a possible vulnerability or something suspicious, please contact our ISM team immediately via e-mail.


If you could not find an answer to your question, please feel free to contact our customer service department : +43 662 46 69 -850.