DNSSEC is your domain’s DNS cryptographic defense technology.
By using DNSSEC, it is possible to verify, that the information returned from DNS is correct and originates from the right place.
When DNSSEC is active, you can not change your domain’s nameservers.
Deactivating DNSSEC
You can deactivate DNSSEC through My Zone
control panel by clicking on your domain name from Services overview
window.
In the next window, click on DNSSEC
either from the menu on the left, or from domain overview.
Now click Deactivate
Activating DNSSEC
If your domain is in Zone registrar and uses Zone nameservers, you can activate DNSSEC through My Zone control panel by clicking the domain name from Services overview
menu. Then click on DNSSEC
and from the next window Activate
.
Activation of DNSSEC will take 1-2h.
Activating DNSSEC for CloudFlare nameservers
Once your domain is using Cloudflare nameservers and DNSSEC activation is initiated from their environment, Cloudflare will give you DC record data, that needs to be added to the domain’s DNSSEC settings through My Zone
control panel.
In DNSSEC settings window, you can add the DS record. Simply open Advanced settings and click on the + icon
Insert Cloudflare DNS record as follows:
- Fill the Key Tag value
- Choose Key type according to Flags value (usually it is KSK)
- Choose Algorithm according to Digest type – if Digest Type is SHA256, choose ECDSA-P256-SHA256 (13)
- Insert Public key value
You don’t need to add Private key.