After deploying Cloudflare name servers and starting activation of DNSSEC in the Cloudflare environment Cloudflare will issue the DS record information to be added to the domain in My Zone control panel.
To do this, log in to My Zone, select the domain from the Domains menu, click on it and from the left menu click on DNSSEC.
In this window you can add a DS record. To do this, open Advanced Settings Advanced Settings and click plus icon button to add a DS record.
Enter the data from the Cloudflare DS record page as follows:
- In the Key Tag text box, enter the Key Tag value;
- Select Key Type according to the value in the Flags text box (in most cases it is KSK);
- select Algorithm according to the Digest Type value – if Digest Type is SHA256, select ECDSA-P256-SHA256 (13);
- enter Public Key value in the Public text box.
It is not necessary to add a Private Key.
Save the addition of the DS record by pressing Confirm the change button and DNSSEC will be activated.