At the moment, DNSSEC is not automatic: right now it needs to be specifically enabled by network operators at their recursive resolvers and also by domain name owners at their zone's authoritative servers.

Just as you can make other changes to a zone, such as the list of the zone's authoritative name servers, you can also update the zone's public key material to complete the implementation of DNSSEC for your zone.

On this page, we have listed some of the commonest domain registrars that some of our customers often have to deal with.

If yours is not listed, please contact your domain registrar support team for help.

 

WARNING

Once you enable DNSSEC for your domain, do not change your name servers while DNSSEC is enabled.

If you do, your domain may not resolve.

Before changing name-servers, disable DNSSEC and wait for at least 72 hours before making such changes.

If you change a web host (or need to transfer a domain) and need to move the account/domain to a new server, remove the Domain Server (DS) records from the registrar before you transfer the domain.

Once you have done that, wait for the changes to propagate before initializing the transfer.

If you do not remove the old DS records from the registrar, the domains may produce DNS resolution issues due to invalid DNSSEC responses.

 

Registrar

Instructions

123 Reg

Contact your registrar's customer support and provide the DS record data you generated at Web Hosting Magic cPanel.

DNSimple

Using Web Hosting Magic cPanel DNSSEC with DNSimple

domaindiscount24

DNSSEC

dotster

Contact your registrar's customer support and provide the DS record data you generated at Web Hosting Magic cPanel.

DreamHost

DNSSEC overview

In DreamHost, use 2 as the Digest Type instead of SHA256.

dynadot

How do I set up DNSSEC?

enom

Adding a DNSSEC to a Domain Name

gandi

DNSSEC

In gandi, make sure you select Algorithm 13 for the Algorithm dropdown.

GoDaddy

To configure a DS record with GoDaddy, perform the following steps:

  • Click Manage.
  • In the upper-right corner of the interface, select the list view.
  • Select the domain for which to create a DS record.
  • In the DS Records section of the Settings interface, click Manage.
  • Click Add DS Record.
  • Enter the DNSSEC key’s information in the text boxes and click Next. The system will validate the DS record information that you added.
  • Click Next, and then click OK.

Add a DS record

godzone

Contact your registrar's customer support and provide the DS record data you generated at Web Hosting Magic cPanel.

In the godzone web control panel, you might be able to add a DS record under the Domains tab.

Google Domains

If you’re using Google Domains name servers, you can turn on DNSSEC with one click. Follow these instructions:

  1. Sign in to Google Domains.
  2. Select the name of your domain.
  3. Open the menu
  4. Click DNS.
  5. Scroll to "DNSSEC".
  6. Click Enable DNSSEC or Disable DNSSEC to change the domain’s setting.

When you turn on DNSSEC, it takes roughly 2 hours for DNSSEC to activate completely. When you turn it off, there’s a delay of up to 2 days before deactivation.

If you have custom name servers, you may need a third-party DNS provider to configure DNSSEC for your domain. Additionally, you must activate DNSSEC on Google Domains. Follow the instructions below:

  1. Identify the one or more DNSKEY records you have created in Web Hosting Magic cPanel for your domain.
  2. Obtain the following values:
    • Key tag: Numeric value that refers to an existing DNSKEY record.
    • Algorithm: Encryption algorithm that created the security key in the DNSKEY record. Usually paired with a hash function, as in RSA/SHA1.
    • Digest type: Algorithm used to create the digest of DNSKEY record. Also called “digest algorithm,” “digest hash,” or “digest hash function."
    • Digest: Hashed value of the DNSKEY record that uniquely identifies it without exposing the value of the key. Depending on the digest type, the length is:
      1. SHA1 - 40 hexadecimal digits
      2. SHA256 - 64 hexadecimal digits
      3. SHA384 - 96 hexadecimal digits
  3. For each DNSKEY record, create at least one delegation of signing (DS) resource record. Follow these steps:
    1. Sign in to Google Domains.
    2. Select the name of your domain.
    3. Open the menu.
    4. Click DNS.
    5. Scroll to "DNSSEC".
    6. Create an entry using the values from previous steps. 

Google Cloud DNS & DNSSEC

If DNSSEC was enabled during the DNS zone creation, select the DNSSEC to On and click save.

Google Cloud DNS will create DNSSEC records for public keys (DNSKEY), signatures (RRSIG), and non-existence (NSEC, or NSEC3 and NSEC3PARAM) to authenticate your zone’s contents and manage them automatically.

Once this action has been performed, it is time to deal with the Registrar part.

Click on the Zone name, then Registrar Setup at the top right to view the DNSSEC resource records to update in your domain.

You will get these values which you will need to secure the domain name at your registrar to.

  • Key tag: Numeric value that refers to an existing DNSKEY record or integer value that identifies the domain’s DNSSEC record.
  • Algorithm: Encryption algorithm that created the security key in the DNSKEY record.
  • Digest type: Algorithm used to create the digest of DNSKEY record.
  • Digest: Hashed value of the DNSKEY record that uniquely identifies it without exposing the value of the key.

hover

Understanding and managing DNSSEC

internet.bs

Contact your registrar's customer support and provide the DS record data you generated at Web Hosting Magic cPanel.

You might be able to add a DS record:

  • My Domains > Update DNS List > Manage DNSSEC > Enable DNSSEC

Joker.com

DNSSEC Support

In Joker.com, use 2 as the Digest Type instead of SHA256.

MarkMonitor

MarkMonitor supports verification Algorithm 13 and automatically implements the Extensive Provisioning Protocol (EPP) to pass DS records to the registry for the following TLDs:

.com, .biz, .net, .org, .us, .eu, .fr, .de, .co, .lu, .ch, .be, .li, .co.uk, .wf, .tf, .pm, .yt, .se, .af, .cx, .gs, .hn, .ki, .nf, .sb, .tl, .re

To add a DS record, enter the DS data in the DNSSEC Details panel of the MarkMonitor management portal.

Moniker

Contact your registrar's customer support and provide the DS record data you generated at Web Hosting Magic cPanel.

You might be able to add a DS record:

  • My Domains >Advanced Settings > DNSSEC > DSData

name.com

Managing DNSSEC

namecheap

To configure a DS record with NameCheap, perform the following steps:

  • Click Domain List in the left menu.
  • Select the domain for which to configure a DS record and click Manage.
  • Click Advanced DNS.
  • Set the DNSSEC toggle to on. The DS records menu will appear.
  • Click ADD NEW DS.
  • Enter the DNSSEC key’s information in the text boxes.
  • Click SAVE ALL CHANGES.

Managing DNSSEC for domains pointed to Custom DNS
OpenSRS

To configure a DS record with OpenSRS, perform the following steps:

  • Click Domains.
  • Locate the domain for which to configure a DS record and click the domain’s name.
  • Scroll down to the DNSSEC section and click Edit. The DS records menu will appear.
  • Enter the DNSSEC key’s information in the text boxes.
  • Click Save.

nameISP

How do I enable DNSSEC for my domain?

Enabling DNSSEC in nameISP does not require you to copy and paste the DS record data from your Web Hosting Magic cPanel account.

namesilo

DS Records (DNSSEC)

OVH

OVH supports DNSSEC with Algorithm 13 through their API. See the documentation.

OVH also supports adding the DS record via their DNS Manager.

Public Domain Registry

Contact your registrar's customer support and provide the DS record data you generated at Web Hosting Magic cPanel.

This registrar might have limited TLDs.

See Adding Delegation Signer (DS) Records.

register.com

Contact your registrar's customer support and provide the DS record data you generated at Web Hosting Magic cPanel.

registro.br

DNS e DNSSEC Tutoriais (in Portuguese)

Tsohost

Contact your registrar's customer support and provide the DS record data you generated at Web Hosting Magic cPanel.
Was this answer helpful? 0 Users Found This Useful (1 Votes)

Most Popular Articles

How To View Your CPU Usage & Concurrent Connection In cPanel

When a customer hits limits, appropriate faults along with server processes snapshot are...
How To Manage Your File In cPanel With SFTP

First, ensure that you have installed an FTP client on your local machine before you download and...
How To Use SCP For cPanel File Management

SCP (Secure copy protocol) is a means based on the Secure Shell (SSH) protocol that you can use...
How To Locate Your cPanel Username & Password

In cPanel, cPanel users can access the cPanel interface via port:2083 or using a service domain...
What To Know About Changing Your cPanel Username

Can I change cPanel Username? We sometimes do get this question from some customers. Yes. You...