DNSSEC is your domain’s DNS cryptographic defence technology.
By using DNSSEC, it is possible to verify, that the information returned from DNS is correct and originates from the right place.
When DNSSEC is active, you can not change your domain’s nameservers.
If your domain is in Zone registrar and uses Zone nameservers, you can activate DNSSEC through My Zone control panel by clicking the domain name from Services overview menu. Then click on DNSSEC and from the next window Activate.
Activation of DNSSEC will take 1-2h.
Activating DNSSEC for CloudFlare nameservers
Once your domain is using Cloudflare nameservers and DNSSEC activation is initiated from their environment, Cloudflare will give you DC record data, that needs to be added to the domain’s DNSSEC settings through “My Zone” control panel.
In DNSSEC settings window, you can add the DS record. Simply open Advanced settings and click on the + icon
Insert Cloudflare DNS record as follows:
- Fill the Key Tag value
- Choose Key type according to Flags value (usually it is KSK)
- Choose Algorithm according to Digest type – if Digest Type is SHA256, choose ECDSA-P256-SHA256 (13)
- Insert Public key value
You don’t need to add Private key.