DNSSEC is your domain’s DNS cryptographic defence technology.
By using DNSSEC, it is possible to verify, that the information returned from DNS is correct and originates from the right place.
When DNSSEC is active, you can not change your domain’s nameservers.
Deactivating DNSSEC will take 24h by default. This ensures the correct DNS records propagation and prevents your domain’s downtime. If you would like to deactivate DNSSEC as quickly as possible, please contact our customer support.
Deactivating DNSSEC
You can deactivate DNSSEC through “My Zone” control panel by clicking on your domain name from Services overview window.
In the next window, click on “DNSSEC” either from the menu on the left, or from domain overview.
Now click “Deactivate”
Activating DNSSEC
If your domain is in Zone registrar and uses Zone nameservers, you can activate DNSSEC through My Zone control panel by clicking the domain name from Services overview menu. Then click on DNSSEC and from the next window Activate.
Activation of DNSSEC will take 1-2h.
Activating DNSSEC for CloudFlare nameservers
Once your domain is using Cloudflare nameservers and DNSSEC activation is initiated from their environment, Cloudflare will give you DC record data, that needs to be added to the domain’s DNSSEC settings through “My Zone” control panel.
In DNSSEC settings window, you can add the DS record. Simply open Advanced settings and click on the + icon
Insert Cloudflare DNS record as follows:
- Fill the Key Tag value
- Choose Key type according to Flags value (usually it is KSK)
- Choose Algorithm according to Digest type – if Digest Type is SHA256, choose ECDSA-P256-SHA256 (13)
- Insert Public key value
You don’t need to add Private key.