DNSSEC protection for your domain name: how to enable within cPanel

What is DNSSEC?

DNSSEC strengthens authentication in DNS using digital signatures based on public key cryptography. With DNSSEC, it's not DNS queries and responses themselves that are cryptographically signed, but rather DNS data itself is signed by the owner of the data. Every DNS zone has a public/private key pair.

DNSSEC adds a layer of security to your domains’ DNS records.

Why should I use DNSSEC?

To prevent SPOOFING or man-in-middle attacks against DNS.

Great, I want to secure my domain name now!

Warning: if you don't understand what is DNSSEC and DNS records in general, you should NOT create DNSSEC records. You domain name will go down or become unreachable for up to 48 hours if you add invalid DNSSEC keys at domain registrar!

OK, I am not so sure about DNSSEC, can you assist me?

Sorry, we do not have access to your domain control panel. Only domain administrator can update DNSSEC. You must create DS keys at cPanel then add DNSSEC records by yourself at domain registrar control panel.

How do I check my DNSSEC and other DNS records?

To validate your DNSSEC and other DNS data, please visit following website: https://dnssec-debugger.verisignlabs.com/ (Verisign). You must pass all tests. If you see red dots, your domain was not configured correctly with DNSSEC. As a result, it may become unreachable on the internet.

How to enable DNSSEC on a specific domain:

1. Navigate to the cPanel interface for the domain;

2. Under "Domains" please select "Zone Editor";

3. Click on the DNSSEC button in the row of the domain you wish to enable DNSSEC on;

4. On the righthand side, there is a "Create Key" button. A pop-up will appear.

5. Click Create on the pop-up box.  It will be dismissed and you will see an interface with your DS records.

6. Copy those records (all records) to the proper interface in your domain's registrar. Every registrar is a little different, so we can't provide step-by-step instructions for this process.