DNSSEC
DNSSEC adds cryptographic signatures to DNS records for stronger integrity guarantees. This page explains when to enable it and how to validate DS records with your registrar. It walks through the core settings, common workflows, and the checks to run after changes so you can confirm everything is working. Use it when setting up, updating, or troubleshooting dNSSEC.
What it does
- Signs DNS zones with cryptographic keys
- Lets resolvers validate responses
- Reduces risk of DNS spoofing
Setup flow
- Enable DNSSEC for a domain
- Copy the DS record from the panel
- Add the DS record at the registrar
- Wait for propagation
Management tips
- Rotate keys only when necessary
- Keep DS records in sync with the panel
- Monitor for DNSSEC validation errors